Highlights:

  • It was discovered that operational technology was the focus of most persistent attacks, indicating that infrastructure crucial to public welfare and national security may be strategically targeted.
  • In 2023, web apps and remote management protocols were the most frequently attacked service types.

According to a new analysis released by Forescout Technologies Inc., out of 164 nations attacked by malicious actors in 2023, the United States remained the primary target for threat actors.

According to the Forescout Research Vedere Labs 2023 Global Threat Roundup Report, 168 threat actors attacked the United States in 2023, followed by the U.K. being attacked by 88, Germany 77, India 72, and Japan 66. China had the largest concentration of threat actors (155), followed by Russia (88) and Iran (45). Together, the three nations represent about half of all danger groups that have been detected.

It was discovered that operational technology was the focus of most persistent attacks, indicating that infrastructure crucial to public welfare and national security may be strategically targeted. The Modbus communication protocol for industrial devices was the target of one-third of the attacks, with the other targets (each at about 18%) being Ethernet/IP, Step7, DNP3, and IEC10X, which accounted for ten percent of the attacks. Most attacks target protocols used in the electricity and industrial automation industries.

The Agent Tesla Remote Access Trojan topped the malware list utilized in these attacks, accounting for 16% of all reported harmful activity. With a dominating 46% share, Cobalt Strike was the clear leader among command-and-control servers. Several servers, or 40% of the total, were located in the United States, followed by China and Russia at ten and eight percent, respectively.

In 2023, web apps and remote management protocols were the most frequently attacked service types. According to the report, web apps were often targeted with vulnerability exploits, but remote management services were frequently targeted with specific usernames connected to Internet of Things (IoT) devices.

The study revealed some interesting findings: attackers stay around longer and use different post-exploitation strategies. It was discovered that persistence strategies have grown by 50% from three percent in 2022. This indicates that threat actors plan to stay longer in vulnerable systems and that incidents are becoming more challenging to contain and eliminate following an initial breach.

The three main cybersecurity pillars of network security, threat and detection response, and risk and exposure management were also underlined in the research. It is recommended that organizations begin with thorough risk and exposure management, which entails identifying all network assets and their security posture. Subsequently, risks should be mitigated through a strategy encompassing information, operational technology, and IoT settings.

The report suggests segmenting networks for network security to segregate various device kinds and stop data exfiltration and lateral movement. Finally, to successfully detect and respond to harmful actions, it is advised that IoT- and OT-aware monitoring solutions and extended detection and response systems be used in threat detection and response. The main point is that a comprehensive, coordinated strategy for cybersecurity is desperately needed.