Since 2017, an upwards trend of vulnerabilities has been observed, reported to, and analyzed by the National Institute of Standards and Technology (NIST). According to the National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022, making it another record-breaking year, with an increase of 25% compared to 2021. That’s a five-time increase over the past decade.
It’s crystal clear now that if tools alone were enough to solve the problem, they would have. Unfortunately, most organizations aren’t properly staffed or trained to make use of the tools they already have, which means vulnerabilities can end up going ignored.
In fact, the 2023 Arctic Wolf Labs report found that four of the top five external software exploits utilized by threat actors in 2022 leveraged vulnerabilities that were published in 2021.
Here we are again, then. The rate of vulnerabilities continues to rise. Delaying or outright ignoring patching and remediation continues to plague organizations, leaving them open to cyber attacks they should be protected against. So far, so unsurprising, right?
However, the 2023 Arctic Wolf Labs report has a bigger story waiting inside its pages. It paints a full picture of the 2022 threat landscape and reveals the biggest predictions and recommendations our team of seasoned security experts have for 2023. The insights found within the report can help organizations understand the way the cybersecurity landscape changed in 2022, and the ramifications those shifts will have in 2023.
Five Ways Vulnerabilities May Shift in 2023
1. Remote Access is Rising
Vulnerabilities in remote access tools, such as ConnectWise, have become a favorite for threat actors seeking initial access, and we don’t see that slowing down in 2023. We saw, in recent research, incidents where threat actors were able to leverage built-in features to ConnectWise to then social engineer a target and get them to accept a legitimate looking remote access prompt from the threat actor.
We expect threat actors to get more creative in remote monitoring and management tool (RMM) abuse in 2023. This allows them to blend into normal enterprise network traffic, and it’s been working well for them so far. It’s also challenging for organizations to restrict RMM tool traffic unless they are very well tuned into what RMM tool uses are expected in their networks, furthering threat actors’ success.
2. Criticality is Falling, But Hold the Celebration
Critical and high-severity vulnerabilities comprised only 13% of all vulnerabilities in 2022, down 7% from the previous year. While this is a rare bright spot in a challenging cybersecurity environment, it’s important to see this for what it is. The drop can be attributed to several factors, none of which necessarily point to a safer, less risky environment.
As stated above, there were more overall vulnerabilities in 2022. But, when we examine the data more closely, we see that the rise in total vulnerabilities be attributed exclusively to the lowest severity category as defined by the Common Vulnerability Scoring System (CVSS), those with a ranking of 0-1. This category saw vulnerabilities jump from 139 in 2021 to 11,982 in 2022, an increase of over 8,500%. This massive influx of low severity vulnerabilities impacted the overall number of vulnerabilities, as well as each category’s share of the whole.
It’s important to note that severity score alone does not serve as a definitive measure of how attractive an exploit is to threat actors. A large unpatched base may be more lucrative than a singular critical vulnerability.
Additionally, as you’ll see below, threat actors don’t need a huge influx of new severe vulnerabilities — not when there’s so many existing vulnerabilities still open to exploit.
3. Threat Actors Are Happy to Play the Hits
Arctic Wolf Labs reports that four of the top five external software exploits utilized by threat actors in 2022 were published in 2021. This points toward a shift in threat actor behavior; one where they’re less focused on learning to exploit new vulnerabilities, and more willing to gamble on IT teams having not done enough to mitigate existing ones.
In 2022, 0.17% of the known vulnerabilities were responsible for large proportions of initial access methods used in ransomware attacks. In 2023, these high-impact vulnerabilities like Log4Shell (CVE-2021-44228), Exchange (CVE-2021-34473), and others will continue to be exploited in attacks, with their damaging effects continuing to be felt across the industry.
Also, while the volume of vulnerabilities is contributing to the overall increase in exploitation, threat actors still have their favorite exploits they keep coming back to. Approximately 75% of all exploited 2022 CVEs were attributed to three vulnerability types: Remote code execution, privilege escalation, and authentication bypass. Based on vulnerabilities reported and added to CISA’s Known Exploited Vulnerabilities Catalog, threat actors preferred Remote Code Execution vulnerabilities over all other types, accounting for 48%, followed by Privilege Escalation (19%) and Authentication bypass (7%) vulnerabilities.
We believe the 2023 vulnerability landscape will be nearly identical, as these vulnerability types provide threat actors with the best bang for their buck, as evidenced by the top ten below.
4. Increasing Attack Surface
The pandemic spurred a shift to remote and hybrid work models, a change that seems to be sticking around for the foreseeable future. Paired with the world’s race to embrace the cloud, and a flood of Internet of Things (IOT) devices and new software offerings, this means the attack surface has grown exponentially. Now, in addition to struggling to stay on top patching vulnerabilities in on-premises software, devices and endpoints, there are now endpoints in many employee’s homes, and treasure troves of software and data hosted in the cloud.
According to Arctic Wolf’s “The State of Cybersecurity: 2023 Trends,” only 38% of respondents believe they are effectively securing their cloud resources. In addition, 42% of respondents stated that cloud security gaps were their primary area of worry.
Organizations cannot let down their guard when it comes to cloud security. Between misconfigurations and the rise of cybercriminals targeting the cloud specifically, we expect this gap to lead to damaging breaches in the future.
5. Geopolitical Conflict Has Impacts on Cybersecurity
Of special note was the way the Russia-Ukraine war impacted the world of cybersecurity in 2022. While Arctic Wolf Labs hasn’t identified sufficient data to draw iron-clad conclusions, our research has revealed enough information to allow us to make suppositions.
Many of the most high-profile and prolific ransomware gangs working in 2022 have ties to Russia. The leaks of Conti internal documents and communication revealed their ties to the country, while the Russian government took credit for the dismantling of REvil and arresting the cybercriminals living and working within their borders. The October arrest of Lockbit operator and dual Canadian and Russian citizen Mikhail Vasiliev proved links between that ransomware gang and Russia, and BlackCat (ALPHV) is reported to include Russian members of now-shuttered gangs REvil and BlackMatter.
Given these connections to Russia, Arctic Wolf Labs finds it reasonable to hypothesize that the conflict in Ukraine has played a role in the 26% reduction in ransomware attacks we observed in 2022. Whether that is due to gang members being recruited to execute nation-state attacks or being enlisted to serve on the battleground is unclear, but the correlation is there, even if the causation remains — for now —unproven. But, with potentially fewer cybercriminals at work, it would be unsurprising to see a corresponding reduction in attacks.
Organizations should keep a close eye on the global geopolitical climate in 2023. Conflicts half a world away can still have powerful impacts on how secure an organization is from cyber attack.
Get the whole story: Download the 2023 Arctic Wolf Labs Threat Report
Dive even deeper and register for our webinar, “Arctic Wolf Labs Presents: 2023 Predictions and 2022 Threat Landscape”
