Hackfest 2023 - Back to the Future

The 2022 cyber threat landscape was defined by persistence, increased target
scope and relentless determination. As businesses began to ease pandemic-driven
operating environments and adjust to geopolitical shifts and growing economic
hardships, adversaries supporting nation-state, eCrime and hacktivist motivations started
2022 with a relentless show of effort that endured throughout the year.
Nation-state adversaries engaged in relentless computer network operations throughout
2022, emphasizing the integral role these operations play in supporting state goals.
Russian state-nexus adversaries combined destructive, espionage and information
operations (IO) attacks in constant support of the Ukraine war, and China statenexus adversaries dominated the cyber threat landscape with a significant increase
in espionage operation volume and target scope. Iran continued to focus on regional
espionage campaigns and their now-signature destructive “lock-and-leak” operations
leveraging ransomware, and Democratic People’s Republic of Korea (DPRK) state-nexus
adversaries persisted in cryptocurrency theft campaigns to supplement state funds in the
wake of the COVID-19 pandemic and the nation’s long-standing economic hardship.
Over the course of 2022, eCrime adversaries continued to prove their ability to adapt,
splinter, regroup and flourish in the face of defensive measures. After some of the biggest
and most notorious ransomware enterprise shutdowns, ransomware affiliates moved to new
ransomware-as-a-service (RaaS) operations. Additionally, more than 2,500 advertisements
for access were identified across the criminal underground, representing a 112% increase
compared to 2021 and demonstrating a clear demand for access broker services.