New Report Outlines Regional Perspective on Incident Trends
The annual report titled “The state of information and cyber security” published on a yearly basis by Diverto (5th time now), a regional provider of cybersecurity services, is a useful snapshot into the current state of cybersecurity here in the Adriatics. The report offers a unique regional perspective, as it covers Bosnia and Herzegovina, Slovenia, and Croatia.
In its latest iteration (2023), the report brings some relevant insights we’d like to point out:
most cybersecurity incidents still go unreported, with the hope transparency requirements in the upcoming regulations (NIS2) will change this. However, the report notes that ransomware operators are moving to multiple extorsion tactics (not just encrypting data), threatening to report exfiltrated data to competent regulatory authorities. This is in line with already known attempts at weaponizing cybersecurity regulation.
Although phishing remains the primary infiltration technique, Diverto's SOC telemetry sees zero-day vulnerabilities are actively being exploited, especially if featured in public facing apps and services. In fact, it's significant the majority of incidents during 2023 were attributable to this "public facing" category. 2024 does not look good so far, as it offers more opportunities for attackers to exploit public-facing VPN gateways (see here).
Older vulnerabilities are still featuring prominently in attempts to compromise public facing apps: Log4Shell (affecting most enterprise software, primarily Java based web application frontends which rely on the Log4j library), followed by ProxyNotShell, a vulnerability in Exchange web services, indicating many organizations in the region are still using the legacy Exchange on-premise infrastructure. It’s worth remembering here that Exchange zero-days can be particularly disastrous, as evidenced by the 2022 incident with Rackspace’s managed offering, which was brought down precisely by the ProxyNotShell vulnerability.
Interestingly, it appears there was a drop (at least in Croatia) of successful ransomware attempts during 2023, contrary to global trends. This is probably a result of security awareness campaigns now being implemented more rigorously across organizations. It appears employees are adapting to the most obvious phishing techniques.
However, it’s certain that phishing attempts are growing fast and threat actor innovations are likely to disrupt the existing employee “immunity”: generative AI is bound to increase the effectiveness of phishing campaigns, making it easier to deliver highly customized local language phishing campaigns at scale.
Successful ransomware attacks featured prominently in the media, from Slovenia to Croatia and Serbia, and the report offers a good summary and hard won lessons learned (see some more recent attacks overview here and here).
Operational technology (OT) security is still a somewhat neglected topic: Diverto finds that the manufacturing sector is particularly vulnerable in terms of cybersecurity maturity level. The energy sector seems to be better prepared. In any case, it appears staff working with OT technology is less aware about cyber threats, which means a larger than acceptable attack surface is still present in OT (see example here).
The report is a useful wrap-up of information on incidents across the region. It's worth tracking the findings in the following years, especially as cybersecurity regulations such as NIS2 get implemented.
Get the full report here (Croatian language):
