It’s Business as Usual for Cybercriminals Post-Pandemic

After two years of pandemic-induced disruption, last year was a return to business as usual for the world’s cybercriminals. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a living by honing their social engineering skills, commoditizing once-sophisticated attack techniques and creatively searching for new opportunities in unexpected places. From scaling brute-force and targeted attacks on cloud tenants to the surge in conversational smishing attacks and proliferation of multifactor authentication (MFA) bypasses, the cyber-attack landscape witnessed significant developments on several fronts in 2022.

After almost three decades as a popular malware distribution method, Microsoft Office macro use collapsed after Microsoft rolled out controls to block them. The change set off a flurry of experimentation by threat actors to seek alternative techniques to compromise targets. Conversational smishing and pig butchering threats, which start with attackers sending seemingly harmless messages, surged last year. MFA-bypass frameworks accounted for more than a million phishing messages per month. Most organizations faced threats that originated from Microsoft and Amazon’s infrastructures, hosting countless legitimate business services that organizations rely upon. Cloud threats have become ubiquitous as 94 percent of cloud tenants are targeted every month by either a precision or brute-force cloud attack. The number of brute-force attacks (notably password spraying) increased from a monthly average of 40 million in 2022 to nearly 200 million in early 2023.