What your SOC will be facing in 2023
Secure List – Sergey Soldatov, Roman Nazarov (Kaspersky)
he first part of this report is devoted to the most current threats any SOC is likely to face in 2023. Based on our extensive Managed Detection and Response (MDR) experience and the dynamics we have seen over the years, we provide insights into the trends set to shape the threat landscape for enterprises this year. The second part is devoted to SOC trends from an internal point of view. Part 1. What threats security operations centers will face in 2023 Ransomware will increasingly destroy data instead of encrypting it The most common attack scenarios here are: attacks on employees (social engineering), attacks on IT infrastructure (DDoS), as well as attacks on critical infrastructure. Another interesting trend that started in 2022 and will continue in 2023 is that ransomware now not only encrypts companiesâ data, but destroys it in certain cases. Public-facing applications will continue to be exploited for initial access Penetration from the perimeter requires less preparation than phishing, and rather old vulnerabilities are still exposed; we expect this tendency to continue in 2023. More supply chain attacks via telecom According to the Kaspersky MDR report, in 2021 the telecom industry for the first time saw a prevalence of high severity incidents over medium and low in terms of expected number: on average 79 incidents per 10k systems monitored versus 42 incidents of medium severity and 28 of low severity (see this report for more details). In 2023 we expect an increase in the number of supply chain attacks via telecom providers, which usually offer additional managed services. More reoccurring targeted attacks by state-sponsored actors if a company was compromised once, with the attack successfully remediated, attackers are highly likely to try hacking this organization again. Part 2. What challenges will SOCs face internally: processes and efficiency SOCs will be forced to raise requirements, while experiencing staff shortages Developing the skills of the SOC team is a proven way to counter the increasing amount of threats every SOC will be facing in 2023. That means incident response training, and all forms of SOC exercises, such as TTX, purple teaming, and adversary attack simulations, should be a significant part of 2023 SOC strategy. Bigger budgets alongside efficiency as the cornerstone of SOC processes With a mature approach, this circumstance should lead SOCs to implement âSOC efficiency management. Building full-scale threat intelligence and threat hunting Current trends already have shifted to establish full-scale CTI capabilities within companies, and in most SOCs have a dedicated CTI unit. That trend will grow and mature in 2023.
Link: https://securelist.com/soc-socc-predictions-2023/108512/