At the same time, in Russia, it is precisely unpatched vulnerabilities

[tanjimajuha20]

In 2023, Group-IB expects the groups of attackers behind ransomware to grow larger. A number of new trends will also develop, such as the use of ransomware to destroy the victim's infrastructure rather than to collect a ransom. However, in 2022, the OldGremlin group demanded a record ransom of 1 billion rubles from a Russian company it attacked.

Director of the Positive Technologies Security Expert Center Alexey Novikov points out that more than half of the attacks on Russian companies in 2022 were carried out by skilled attackers, and 20% of cases were supply chain and trusted relationship attacks, which are difficult to investigate. Among the groups, APT31, Cloud Atlas, and Space Pirates stand out. Positive Technologies also notes that the most effective attack tools were infostealers, ransomware, and wipers. They allow attackers to quickly gain access to the victim's infrastructure without wasting time searching for vulnerabilities and steal data.

primarily in foreignhong kong cell phone number list solutions that will continue to be exploited, that may become one of the main problems. "Almost 70 vulnerabilities per day is a lot. In Russia, this figure is aggravated by the fact that foreign IT companies have left the country and stopped supplying new versions and updates of their software, leaving domestic enterprises defenseless, which, in turn, raises the issue of building an effective vulnerability management strategy both in proprietary software and in the open source components used, and not only in web applications, but also in programs of our own development," warns Vadim Solovyov, head of the Positive Technologies information security threat analysis group.

The growing disconnect between software developers and researchers will also have an impact. Well-known vulnerabilities such as Log4Shell, Spring4Shell or in Microsoft Exchange will continue to be a threat. According to Positive Technologies, vulnerabilities in browsers and popular frameworks, primarily those used in the infrastructure of large companies, will be of greatest value for mass attacks.

Alexey Novikov also believes that in 2023 we should expect the development of politically motivated attacks against Russian organizations, both from well-known groups and from new ones, the process of their emergence has noticeably intensified. The number of so-called sleeping incidents will also grow, when, having gained access to the company's resources, the attackers do not develop the attack, waiting for a convenient moment.

Similar conclusions are made by Group-IB. According to analysts of this company, the duration of the incubation period will depend on the type of group and its motives: "If we are talking about crime and their goal is to steal money, then speed and security are important for them: infection, consolidation, advancement in the network, theft and withdrawal of money take from a couple of weeks to a month. For encryptors, the average time is three weeks. The term "sleeping incidents" includes attacks by pro-government hacker groups for the purpose of espionage. Their goal is to remain unnoticed for as long as possible. In our practice, there was a case when cyber spies were in the company's network for several years."