2023 in Review
2023 in review from Kevin Mandia from Mandiant at this year's RSA Conference:
The session was a review of the year 2023 in the field of cybersecurity. It highlighted the significant financial impacts due to cyber incidents, such as $1.1 billion in ransomware payments, a $100 million cost to MGM, and a $872 million cost to United Healthcare.
Kevin also discussed zero-day vulnerabilities, with 48 related to cyber espionage, 30 associated with mobile or browser exploits, and 12 linked to China. The initial attack vector has evolved from spear phishing (1998-2019) to exploiting vulnerabilities (2020-2023).
The tactics, techniques, and procedures (TTP) used by threat actors were discussed, including the trend of “living off the land” (LOTL), where attackers use the tools available on the compromised system to hide their activity. The session also highlighted the shift in social engineering tactics, moving beyond email to other communication channels.
Kevin addressed the challenges with multi-factor authentication (MFA), including push notification fatigue and threat actors convincing help desks to give out a one-time password to circumvent MFA or using SIM swapping.
The top TTPs used by threat actors were identified as PowerShell, web protocols, remote desktop protocols, service execution, and file deletion. The trend on dwell time, or the duration a threat actor remains undetected within a network, was discussed, with the average downtime reduced to 10 days, primarily due to ransomware.
Kevin noted that the percentage of responses to incidents increased from 18% in 2022 to 23% in 2023, and that TTPs are evolving, indicating an escalation in cyber warfare.
Kevin concluded with recommendations to modernize treaties, adopt an assumed breach posture, and increase board awareness due to legislation and liability. It was noted that 2023 was the best year for public-private collaboration, with specifics on such collaboration mentioned by CISA. The session also highlighted the Secure by Design pledge and the Cyber Safety Review Board’s recommendations. Links to these resources were provided in the notes.
Please note that this is a high-level summary and may not include all details from the session.
Secure by Design pledge https://www.cisa.gov/securebydesign
CISA's Secure By Design Pledge Launch Event at RSA Conference: https://www.youtube.com/live/aT1I8GcD4Y0?si=99MJ0uQBdySGSomH
Cyber Safety Review Board recommendations https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Comments