Kaspersky’s experts share their predictions for challenges in Security Operation Centers (SOCs). In 2022, the number of incidents in government and mass media segments grew, and the trend will continue this year.
SOCs from these – and other industries – are likely to face more reoccurring targeted attacks, as will supply chain attacks via telecommunication providers.
Another threat awaiting SOCs is more initial compromises through public-facing applications. Organisations that are threatened by ransomware attacks might also encounter data destruction. From an internal point of view, SOC teams face personnel shortages and increasing demand for efficiencies.
As the role of cybersecurity in large businesses increases remarkably year-on-year, SOCs are of paramount importance as effectively organised teams can secure their business from rapidly evolving malware and attacks methods.
This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs.
More reoccurring targeted attacks by state-sponsored actors
In 2022, Kaspersky’s experts saw the average number of incidents in the mass media sector double, growing from 263 in 2021, to 561 in 2022.
During the last year a number of high-profile cases occurred, including when Iranian state TV broadcasting was interrupted by hackers during protests in the country. Media outlets were also subject to DDoS attacks, for example, such as those in Czech Republic.
Alongside the government sector, where the average number of incidents increased by 36% in 2022, mass media became the prime target for cybercriminals among the 13 other analysed segments including industrial, food, development, financial, and others.
The growth will continue in 2023, with reoccurring targeted attacks by state-sponsored actors likely to be often observed.
While this is normally relevant for government organisations, the mass media segment has been increasingly targeted during international conflicts that are traditionally accompanied by information warfare where mass media inevitably play an important role.
“Large businesses and government agencies have always been targets of cybercriminals and state-sponsored actors, but geopolitical turbulence increased attackers’ motivations and enlivened hacktivism, which cybersecurity specialists have not regularly encountered until 2022. The new wave of politically-motivated attacks is especially relevant for the government and mass media sectors. To effectively protect a company, it’s necessary to implement a comprehensive threat detection and remediation provided through Managed Detection and Response services,” said Sergey Soldatov, Head of Security Operation Center (SOC) at Kaspersky.
Supply chain attacks via telecommunication providers
In 2023, perpetrators may strike supply chains by attacking telecommunication companies more. This is a further attempt to hit customers, so the growing threat looms larger this year.
In 2021, the telecom industry saw – for the first time – a prevalence of high severity incidents throughout the year. Although in 2022, the average share of high severity incidents was lower – 79 in 2021 per 10k systems monitored, versus roughly 12 in 2022 – these companies remain attractive targets for cybercriminals.
Ransomware destroyers; initial compromises via public-facing applications
Throughout 2022, Kasperksy observed a new ransomware trend that will continue in 2023 – ransomware actors will not only encrypt companies’ data but also destroy it. This is relevant for organisations which are subject to politically-driven attacks.
Another threat awaiting SOCs is more initial compromises through public-facing applications. Penetration from the perimeter requires less preparation than phishing and old vulnerabilities are still exposed.
What SOCs will face internally? Processes and efficiency
In 2023, the value every team member (even not highly skilled ones) brings to SOC is increasing. Developing the skills of the team is the proven way to counter the increasing number of threats. That means IR-related training and any form of SOC exercises, such as TTX, purple teaming, and advisory attack emulations, will be of vital importance.
The growing threat landscape leads to increasing budgets and demand for more efficiencies. Increasing numbers of incidents and threats transforms into a need to predict attacks and techniques, raising the value of threat intelligence and hunting.