One cybersecurity firm shares its May 2023 threat landscape findings, including evolving cybercrime TTPs; Microsoft software risks, and APTs’ new focus.

According to a Proofpoint threat update for May, three threat areas stood out in the firm’s user base.

Firstly, the cybercriminal ecosystem has been evolving in a way not previously observed by threat researchers. Instead of using static, predictable attack chains, attackers have been employing dynamic, rapidly changing techniques.   

The more sophisticated threat actors (who have more time and resources than other threat actors) are testing various tactics, techniques and procedures to determine the most effective method of gaining initial access via email. Then one or a group of threat actors may adopt the new technique.

Secondly, some functionalities in Microsoft Teams (e.g., the Default Tabs mechanism), have become exploited by cybercriminals to enable phishing and malware delivery:

    • 450m malicious sessions detected by the cybersecurity firm throughout the second half of 2022 were targeted at Microsoft 365 cloud tenants.
    • Microsoft Teams is one of the 10 most targeted sign-in applications, and approximately 60% of Proofpoint’s Microsoft 365 tenants suffered at least one successful account takeover incident in 2022.
    • Some of the methods used to execute Office 365 credentials phishing and malware delivery include weaponizing meeting invites or messages by replacing URLs with malicious links that allow malicious actors to effectively execute Office 365 credentials phishing, deliver malicious executables, and expand their foothold within a compromised cloud environment.

Thirdly, account compromise, financial theft, and supply chain attacks were noted to be increasingly targeted at small- and medium- sized enterprises (SMEs) by advanced persistent threat actors (APTs) worldwide. Three pertinent trends in the types of attacks and tactics being used were:

    • Use of compromised SME infrastructure in phishing campaigns
    • Targeting state-aligned financially motivated attacks against SME financial services
    • Targeting SMEs to initiate supply chain attacks

Readers whose organization could be affected by the three threat areas are advised to step up vigilance and mitigation measures.