Lessons of 2023 to arm us for 2024

By: Manoj Reddy M.V, Raghav Kapoor, Shyava Tripathi, Pham Duy Phuc, Max Kersten & Adithya Chandra at the Trellix Advanced Research Center

We often treat the transition to a new year as an opportunity to consign the past to the dustbin of history and usher in some imagined future idyll. But some of us notice that the more things change, the more they stay the same.

The new year is no time for defeatism. Let us learn the lessons of 2023 to arm us for 2024. Come with me as we take a dive into a list compiled by Trellix experts of the most dangerous attack vectors threatening our digital economy right now.

Unmasking The Silent Surge in Insider Threats

In recent years, insider threats have posed a multifaceted risk that affects both public and private organizations globally. An insider threat refers to any person, — whether an employee, contractor, partner, or someone with rogue access, who had or currently has access to critical organizational assets including facilities, information, networks, and systems. Based on recent industry analysis, insider threats have increased by 47% over the last two years, incurring a totals loss of $15.38 million for the containment of these incidents.

This threat undermines the confidentiality and integrity of the organization while aiding adversaries in gathering intelligence, carrying out sabotage operations, and using subterfuge methods to achieve their nefarious objectives. As connected devices continue to proliferate, and hybrid and remote workforces persist, insider threats will only continue to grow.

The Growing Battle of the (QR) Codes

The rise of QR code-based phishing campaigns represents an alarming trend. As our daily lives become increasingly reliant on digital interactions, attackers are adapting their tactics to exploit new vulnerabilities. QR codes, originally designed for their convenience and efficiency, have become an enticing tool for cybercriminals to use as an attack vector.

One of the primary reasons behind the expected increase in QR code-focused phishing campaigns is their inherent trustworthiness. QR codes become essential in various aspects of daily life during the COVID-19 pandemic, from contactless payments to restaurant menus. As a result, people have grown accustomed to scanning QR codes without much thought, assuming they are safe. This sense of trust can be exploited by cybercriminals who embed malicious links or redirect victims to fake websites. We expect that QR codes will also be used to distribute widely recognized malware families.

The Stealthy Assault on Edge Devices

There is a somewhat stealthy shift in the threat landscape underway, centering on the often-overlooked realm of edge devices. These unassuming components, including firewalls, routers, VPNs, switches, multiplexers, and gateways are becoming the new frontier for Advanced Persistent Threat (APT) groups. What sets this apart from normal is the subtlety of the threat; it’s not about the easily foreseen IoT vulnerabilities, but rather the less conspicuous challenges posed by edge devices themselves.

Edge devices have their unique complexities. However, the issue lies in their inherent inability to detect intrusions.

Python in Excel Creates a Potential New Vector for Attacks

With Microsoft implementing default defensive measures to block internet Macros in Excel, Macro usage by threat actors has seen an expected drop. Instead, they are exploring alternative attack vectors for their latest attacks, including lesser known or underutilized ones such as OneNote documents. However, with the recent creation and release of Python in Excel, we expect this to be a potential new vector for cybercriminals.

As both attackers and defenders continue to explore the functionality of Python in Excel, it is guaranteed that bad actors will start to leverage this new technology as part of cyberattacks. As the Python code is executed in containers on Azure, it can access local files with the help of Power Query.

Turn the tables

When you know what your adversary is doing, their mask slips. They become less scary. Threat intelligence is one of the greatest weapons we have right now and will also be so in the coming year. A sense of doom can be crippling and prevent positive action. Hence, it can hasten doom. We have the knowledge and we have the tools to bring about change. Let 2024 be the year that threat actors finally taste their own medicine. And let the 2024-2025 New Year be the one where threat actors finally become the pessimists.