2023 Key Cybersecurity Takeaways

Throughout 2023, cyberattacks affected organizations, governments, businesses, and private residents in New Jersey, resulting in monetary loss, degradation and interruption of services and resources, reputational damage, exposure of sensitive information, emotional distress, and more. In an era dominated by digital connectivity, the importance of cybersecurity cannot be overstated. Reflecting on the evolving threat landscape is crucial as we approach the end of the year.

Geopolitical Tensions

2023 has been marked by heightened geopolitical unrest. Nation-state threat actors carry out cyberattacks to advance their political and economic interests and influence, threatening critical information, services, and information systems, as well as public health and safety. This year, the Russia-Ukraine war entered its second year and hacktivist groups in support of Russia’s invasion of Ukraine launched distributed denial-of-service (DDOS) attacks across the United States. In the fall, armed conflict broke out between Israel and the Hamas militant group. These events triggered an uptick in cyberattacks against critical infrastructure sectors globally, including the United States, as nation-states sought to destabilize their adversaries.

In November, water and wastewater utilities nationwide were targeted in a series of cyberattacks attributed to CyberAv3ngers, an Iranian-backed advanced persistent threat (APT) group. In these incidents, the threat actors compromised Unitronics programmable logic controllers (PLCs) used mainly in the Water and Wastewater sector but also implemented in other industries, including energy, food and beverage manufacturing, and healthcare. CyberAv3ngers claimed responsibility for over a dozen cyberattacks launched since October 30, stating that they targeted Unitronics as it is Israeli-made and “Every equipment ‘made in Israel” is CyberAv3ngers legal target.’”

The Energy and Defense sectors were also recently impacted when IntelBroker, an initial access broker known for targeting US government agencies,  launched a cyberattack against General Electric (GE), which has divisions in power, renewable energy, and aerospace industries. The threat actors exfiltrated sensitive Defense Advanced Research Projects Agency (DARPA) data comprised of classified information, including weapons programs and artificial intelligence (AI) research.

As geopolitical tensions intensify, a notable shift in cyber threat tactics occurs, and cyberattacks attributed to state-aligned APT groups have surged. APT 28, a Russian threat group with ties to the General Staff Main Intelligence Directorate (GRU), leveraged a Microsoft Outlook zero-day identified as CVE-2023-23397 to target critical infrastructure in NATO countries. Additionally, nearly two dozen critical infrastructure organizations across the United States were compromised by threat actors affiliated with the Chinese People’s Liberation Army (PLA) within the past 12 months. Notably, military and communications networks on Guam were targeted in  a string of attacks attributed to Volt Typhoon, a Chinese State-sponsored APT group.

Ransomware Evolution

Ransomware attacks underwent a notable evolution in 2023, demonstrating a higher level of sophistication and a more calculated approach by cybercriminals. The current ransomware landscape is characterized by highly organized criminal groups that employ sophisticated techniques and tactics. Rather than indiscriminate attacks, threat actors focused on strategic targets, including critical infrastructure networks and high-profile organizations.

The Healthcare and Public Health (HPH) sector has been heavily targeted with ransomware throughout the year. Most recently, Hackensack Meridian Health and Mountainside Hospital in Montclair, both in New Jersey, were impacted after Ardent, a healthcare services provider based in Tennessee, suffered a ransomware attack. Ardent operates roughly 30 hospitals and over 200 facilities across six US states.

Ransomware groups are increasingly leveraging vulnerabilities to gain initial access to targeted networks. Nearly a third of ransomware attacks in the first half of 2023 were launched by exploiting vulnerabilities, and zero-day exploitation has increased globally. The NJCCIC observed patterns in which APT groups rapidly developed and deployed exploits for vulnerabilities, such as Citrix Bleed, to target public and private NJ organizations effectively. Tracked as CVE-2023-4966, the Citrix Bleed vulnerability allows threat actors to obtain valid session tokens from the memory of internet-facing NetScaler devices, which can be used to hijack active sessions and bypass authentication – even multi-factor authentication (MFA) – to gain unauthorized access, steal data, and launch ransomware attacks. Researchers determined that the vulnerability has been exploited since at least August 2023 and by at least six cyber threat groups.

Earlier this year, the Cl0p ransomware group exploited a SQL injection vulnerability, CVE-2023-34362, found in Progress Software’s MOVEit Transfer file transfer solution, which allowed them to access the underlying database. Organizations impacted by the attacks include governments, financial institutions, educational organizations, medical facilities, and more. The number of victims affected by the MOVEit vulnerability has surged to an estimated 2,120 organizations, which equates to an impact of roughly 62 million individuals as of September.

AI and Machine Learning

While neither are new concepts, artificial intelligence (AI) and machine learning (ML) have become household conversation starters in 2023. The introduction of ChatGPT in November 2022 ignited the public’s interest in generative AI tools and AI and ML as a whole. As with many technological advancements, there is the potential for significant benefits to society and the risk of misuse by adversaries.

Regarding cybersecurity, AI and ML offer both offensive and defensive capabilities. Cyber attackers have increasingly harnessed AI and ML techniques to enhance attacks by automating tasks, adapting to evolving defenses, and launching more sophisticated and targeted attacks. Additionally, AI-powered tools can identify vulnerabilities to exploit, automate phishing attacks, and optimize social engineering tactics. However, AI can also be used to better defend and safeguard networks. AI and ML play a vital role in identifying and mitigating cyber threats by detecting anomalous behavior, automatically responding to attacks in real-time, reducing false positives and negatives, and offering greater scalability and cost savings. Generative AI can also assist network defenders in writing rules for security tools to effectively identify and block malicious network traffic. On a broader scale, generative AI can offset resources needed for more mundane tasks, freeing up valuable time for staff to focus on more complex responsibilities.

Nation-states are more likely to widely adopt AI technology to support the advancement of the country’s economic status and influence. Malicious use of AI, such as deep fake technology, will be increasingly embraced by nation-states and non-governmental groups alike. Notable improvements to deep fake technology have increased its believability, making it more difficult for the general public to accurately identify real and synthetic images and videos. This technology will be used in disinformation campaigns by adversaries to sow unrest and undermine governments and organizations.

Looking Ahead

The NJCCIC assesses with high confidence that New Jersey’s public and private institutions, critical infrastructure assets, and residents will continue to face an array of cyberattacks that have the potential to adversely impact public health, the welfare and safety of its residents, the economy and public interest of the State, and national security. Individuals and organizations can fortify their defenses by analyzing evolving trends and implementing proactive security measures. As we look toward 2024, staying informed, collaborating, and prioritizing cybersecurity will be paramount in navigating these challenges.

Resources

• Cybersecurity for Critical Infrastructure
• Cybersecurity for Small & Medium-Sized Businesses
• Cybersecurity Best Practices
• Ransomware: Risk Mitigation Strategies
• Increase in State-Sponsored and State-Aligned Cyberattacks
• Seeing AI to AI: Artificial Intelligence and its Impact on Cybersecurity
• ChatGPT and Its Impact on Cybersecurity
• Is Seeing Believing? A Look into Deepfakes