It’s Business as Usual for Cybercriminals Post-Pandemic
July 13, 2023

After two years of pandemic-induced disruption, last year was a return to business as usual for the world’s cybercriminals. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a living by honing their social engineering skills, commoditizing once-sophisticated attack techniques and creatively searching for new opportunities in unexpected places. From scaling brute-force and targeted attacks on cloud tenants to the surge in conversational smishing attacks and proliferation of multifactor authentication (MFA) bypasses, the cyber-attack landscape witnessed significant developments on several fronts in 2022.
After almost three decades as a popular malware distribution method, Microsoft Office macro use collapsed after Microsoft rolled out controls to block them. The change set off a flurry of experimentation by threat actors to seek alternative techniques to compromise targets. Conversational smishing and pig butchering threats, which start with attackers sending seemingly harmless messages, surged last year. MFA-bypass frameworks accounted for more than a million phishing messages per month. Most organizations faced threats that originated from Microsoft and Amazon’s infrastructures, hosting countless legitimate business services that organizations rely upon. Cloud threats have become ubiquitous as 94 percent of cloud tenants are targeted every month by either a precision or brute-force cloud attack. The number of brute-force attacks (notably password spraying) increased from a monthly average of 40 million in 2022 to nearly 200 million in early 2023.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.