Knowledge Jan 31, 2024 New Year, New Me, New Security Pt.1

KDDI America

During this month and the next, we will address cybersecurity measures that must be earnestly confronted for business continuity. Taking appropriate measures against cybersecurity incidents is now an unavoidable necessity for the continuity of business. As the scale of the impact of cyber incidents is increasing, business leaders are required to take the necessary precautions before they occur.

However, haphazardly taking action without covering essential points can result in ineffective measures or unnecessary expenses. It is crucial for business leaders to understand the current trends thoroughly and review them to ensure that appropriate measures are taken. Let's revisit and reinforce our understanding to be able to implement the right cybersecurity measures.

In this month's issue, we will organize recent trends in cybersecurity incidents as a retrospective for the year 2023. In the next issue, we will compile measures that should be undertaken in 2024 to address these trends.

1）Incident Numbers and Impact Scale: Trends Over the Past 5 Years

2）Continued Increase in Ransomware Incidents: Ransomware incidents continue to rise, with the primary infection vectors being phishing emails, exploitation of Remote Desktop Protocol (RDP), and the abuse of software vulnerabilities.

3）Trends in 2023:
① Increase in Business Email Compromise (BEC)
② Targeted Areas of Attack: Rise in Supply Chain Attacks
③ Rise in Incidents Due to Cloud Services and Web Applications

I. Incident Numbers and Impact Scale: Trends Over the Past 5 Years

In the United States, the economic losses due to cyberattacks have been on a consistent rise over the past few years. According to the annual report from the Internet Crime Complaint Center (IC3), a government agency established in collaboration with entities such as the Federal Bureau of Investigation (FBI), the potential total losses increased from $6.9 billion in 2021 to over $10.2 billion in 2022. This highlights the escalating financial impact of cyber incidents on the U.S. economy.

Reference: 2022_IC3 Report

II. Continued Increase in Ransomware Incidents: Ransomware incidents continue to rise, with the primary infection vectors being phishing emails, exploitation of Remote Desktop Protocol (RDP), and the abuse of software vulnerabilities.

Among these, ransomware accounted for 2,385 reported incidents in 2022, resulting in losses exceeding $34.3 million. Cybercriminals employ various tactics to infect victims with ransomware. However, the primary initial infection vectors for ransomware incidents continue to be phishing emails, exploitation of Remote Desktop Protocol (RDP), and the abuse of software vulnerabilities.

Inquiries submitted to IC3 reveal that reports of damages caused by phishing emails are the most prevalent. This underscores the importance of providing training for employees to recognize and avoid falling victim to phishing attempts.

Reference: 2022_IC3 Report

In Japan, while the overall number of publicly disclosed security incidents in 2023 decreased compared to 2022, the damages caused by ransomware increased and reached the highest number since 2018. This situation underscores the need for robust measures on the part of companies to address the growing threat posed by ransomware.

III. Trends in 2023:

① Increase in Business Email Compromise (BEC)

The method of malicious third parties causing money to be leaked through false emails has been significantly increasing. This involves targeting personnel in subsidiary companies, deceiving them by impersonating the name of the parent company's representative, and skillfully exploiting real individuals and relationships. Damages caused by Business Email Compromise (BEC) consistently rank high in cybercrime in the United States.

On the other hand, detecting cyber-attacks such as phishing and BEC is becoming increasingly challenging from a technical standpoint. To prevent these, it is necessary to repeatedly conduct employee security awareness training and phishing simulations to elevate the overall security level of the organization.

➁ Targeted Areas of Attack: Rise in Supply Chain Attacks

A prominent trend in 2023 has been the succession of attacks targeting security risks in the supply chain. Supply chain attacks aim at relationships between organizations connected in business, such as business partners, launching cyberattacks on vulnerable organizations or points within the supply chain.

Specific tactics include:

• Intruding into affiliated organizations, subsidiaries, or business partners to attempt an attack on the target organization.
• Compromising service providers such as cloud services and using these services to extend cyber-attacks to their customers.
• Injecting malicious code into software itself to infiltrate the target organization.

As a result of supply chain attacks, even Japanese companies based in the United States suffered damages.

③ Rise in Incidents Due to Cloud Services and Web Applications

In 2023, there has been an increase in security incidents attributed to the cloud. According to a survey by a major security vendor, incidents related to the cloud have reported an approximately 130% increase compared to 2022. One contributing factor is attacks targeting vulnerabilities in cloud services and web applications.

For instance, there was an attack on a cloud phone service provider with a large user base, infecting its users. The attackers exploited vulnerabilities in the service provider's web server, injecting malicious code during a software update.

Additionally, there have been reports of attacks targeting and exploiting cloud service and system accounts in 2023.

As the adoption of cloud services and digital transformation (DX) advances, there is an increasing introduction of new services and devices. However, within this trend, there is a possibility of inadequately secured services and an increase in configuration errors for new services.

To mitigate incidents arising from these issues, regular audits of user account management and periodic security assessments are necessary.

Thank you for your subscription this month!

KDDI America is fully committed to supporting you in safeguarding your systems from cyber-attacks.

For detailed information on KDDI America's security services, please click HERE

KDDI America, Inc.

KDDI America is the US subsidiary of KDDI Corporation, a Fortune Global 500 company and is growing communications carrier with a proven track record in Japan and a longstanding reputation for quality and reliability. KDDI America provides a wide range of High Quality Services such as Communications, Data Centers and Solution Services throughout the world.

Please consult a KDDI consultant.

Writer / Interviewer

KDDI America

Kota Nagase
Marketing Associate

Joined KDDI America, Inc. in January 2023 right after graduating from the University of Houston with a Master's in Marketing. Loves working out, tennis, and fashion. Won a third place in Texas Tennis State Tournament back when he was in a highschool. Always on a look out for his favorite fashion pieces.