Highlights:

  • The report describes how various well-known ransomware groups are now sharing tactics, techniques, and procedures at a detailed level on the attack side.
  • The report also highlights a concerning issue within Microsoft Teams: external accounts can send potentially harmful files directly to an organization’s staff, raising significant security concerns.

Cybersecurity firm Critical Start Inc. recently published a report stating that, despite having conventional threat-based security measures, two-thirds of organizations encountered breaches demanding attention in the last two years.

Utilizing research from their Cyber Threat Intelligence team, the biannual Critical Start Cyber Threat Intelligence Report spotlights major cyber threats in the latter half of 2023 and emerging cybersecurity patterns impacting crucial sectors like finance, education, manufacturing, and state and local governments.

Key insights from the report reveal an alarming increase in phishing attacks utilizing Quick Response codes. Cybercriminals are adopting tactics, impersonating Microsoft security notifications and employing QR codes hidden within PNG images or PDF attachments.

The education industry has been identified as highly vulnerable to cyberattacks; nonetheless, experts have observed a growing range of threats specifically targeting this sector. In 2023, vulnerability exploitation comprised 29% of attacks, whereas phishing campaigns accounted for 30% of cyber incidents in primary and secondary schools.

The report describes how various well-known ransomware groups are now sharing tactics, techniques, and procedures at a detailed level on the attack side. In doing so, the report indicates that threat actors are becoming significantly more reliant on affiliates than previously believed, highlighting the dynamic and complex nature of the cybercrime economy.

The report highlights a concerning issue within Microsoft Teams: external accounts can send potentially harmful files directly to an organization’s staff, raising significant security concerns. This ability significantly elevates the risk of successful attacks by circumventing established security measures and rendering anti-phishing training less effective.

Finally, the report explores the emergence of Volt Typhoon, an alleged Chinese state-sponsored threat actor that surfaced in May. The report emphasizes the persistence of the Volt Typhoon in conducting cyber espionage campaigns, aligning with an alleged Chinese government agenda aimed at U.S. critical infrastructure.

Before the report’s release, Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, stated, “The volume and sophistication of cyberattacks are continuously growing and evolving, making it impossible for organizations to feel on top of internal vulnerabilities and remain cognizant of every external threat. In an effort to democratize cyber threat intelligence, this report highlights the most prominent security-related issues plaguing business and how they can proactively reduce cyber risk.”

Critical Start is backed by venture capital, having raised USD 215 million in April 2022. The company’s investors include Vista Equity Partners LLC and Bregal Sagemount LP.