Cybercriminals Alert: There was 74% increase in password attacks and 921 attacks per second in 2022 – Microsoft’s Digital Defense Report
The cybercriminals are persistent, frequently highly skilled, and unrelenting. Attacks are predicted to rise significantly in the upcoming year in a threat environment that is always changing, where cloud use is continuing to rise and passwords are highly sought after by malicious actors. Carey van Vlaanderen, CEO of ESET South Africa, argues that the cybersecurity industry is responding to this with amazing innovation and improvement.
According to Microsoft’s Digital Defense Report for 2022, there will be an increase in password attacks of 74%, or about 921 attacks per second. Threat actors continue to have an easy time defeating passwords, but this is frequently because users are providing them with this attack vector for free. Van Vlaanderen argues that attackers craftily compromise company networks before their phishing efforts in order to look legitimate, and even when victims think they are conducting due diligence on a website, they can still be tricked into thinking they are in communication with the genuine deal.
Even though almost 1,000 attacks per second is a staggering rate, there is still much that individuals and companies can do to lower it. People’s continued difficulty with passwords is frequently caused by their ignorance of or lack of confidence in the available free security measures. Password managers can assist enforce unique, secure passwords for all relevant accounts on personal and professional devices. Most crucially, she says, enabling two-factor authentication across all accounts will significantly lessen the impact of phishing attacks.
Businesses and consumers have embraced cloud computing much more over the past year, and in 2023, cybercriminals will once again turn their attention to this market. According to Van Vlaanderen, the seismic switch from traditional on-premise to cloud hosting infrastructure and apps increases cybersecurity risk.
Even if cloud services have great advantages, it’s critical to give the following consideration and attention in order to reduce risks:
- Utilizing a trustworthy cloud service provider is a crucial first step.
- • Best practices optimization and configuration
- • Using the best cybersecurity software available
- • Multi-factor identification (which should be standard)
- The use of encryption (which should be employed wherever possible)
- • Strict password guidelines
- • Giving access privileges and credentials only to those who need them
Ransomware and spoof emails dominated 2022 and are destined to continue being a top concern for individuals, organizations, and cybersecurity teams in 2023. “Emails sent by hackers that convincingly appear to be from someone within an organization create real and significant damage. These kinds of fraud frequently use fear tactics or an appearance of urgency to persuade the victim to comply with the attacker’s demands. Emails asking for speedy payment should be handled carefully since they can be faked to look like valid invoices but include malicious financial information, advises van Vlaanderen.
Despite the fact that ransomware has reached record levels this year, van Vlaanderen claims that many organizations still do not know where their most important systems and data are located, leaving them with insufficient data and protection. To construct a clear plan based on the data that is gathered and kept, a smart place to start is to get a thorough understanding of all the data points that are present in your company. No matter the size of your business, data protection is essential. It can take the shape of staff training, adhering to compliance regulations, using the right software, as well as ensuring that data storage is safe, backed up, and that a disaster recovery plan is in place.
In 2023, according to Van Vlaanderen, new attack vectors for hackers will emerge as a result of the continuous innovation and use of smart technologies, IOT devices, car connection, and infotainment. Regardless of where the infrastructure is located or what device it is on, people and organizations cannot afford to be without some sort of defensive solution in place given the reality that assaults are growing more sophisticated and individualized.