Deepwatch Releases 2023 Adversary Tactics and Intelligence (ATI) Annual Threat Report

Finding a 59% Increase in CVEs Reported by CISA Since 2021

TAMPA, Fla. – April 19, 2023 – Deepwatch, the leader in advanced managed detection and response (MDR), today announced the release of its 2023 Annual Threat Report created by the Deepwatch Adversary Tactics and Intelligence (ATI) team. The report highlights a collection of data on the leading cybersecurity threats that security operation centers (SOC) analysts faced in 2022 and predicts what teams will likely face in 2023.

Top Threats for 2022 revealed

  • Ransomware operators conducted frequent attacks and demanded more ransom than ever, brazenly publicizing victims and stoking an ecosystem of access brokers, ransomware service providers, insurance providers, and ransom negotiators. 
  • The war between Ukraine and Russia unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure. 
  • A record 26,448 software security flaws were reported by CISA, with the number of critical vulnerabilities (CVEs) up 59% from 2021, a total of 4,135. 
  • Information stealing malware, active exploitation of internet-facing vulnerabilities, and infected open-source code present new threats requiring increased vigilance.

“In 2022, Security Operations teams were forced to contend with the dual sided challenge of a rapidly expanding attack surface and increasingly complex threats,” said Jerrod Barton, Senior Director of ATI at Deepwatch. “As we move forward in 2023, data extortion and attacks of opportunity will continue to evolve, employing different extortion tactics and techniques to force victims to pay the ransom. With threats evolving quickly, security organizations must operationalize threat intelligence by gathering data from every possible source, then effectively processing, correlating, and incorporating that information into day to day security operations to reduce risk.”

Cybercriminals Read OSINT Reports

Just as criminals in the physical world are known to insert themselves into criminal investigations, cybercriminals read publicly available Open Source Intelligence (OSINT) and analyst reports. Whether this is to learn what security researchers are reporting about them, a new technique, or discover the technical details of a new vulnerability, we expect this trend to continue in 2023.

A downside of this trend is that researchers may only publish some known details or refrain from making assessments for fear of being wrong and save the essential elements for private distribution, which reduces the overall value of the intelligence the cybersecurity community can gain from open-source reporting.

Information Stealing Malware on the Rise

As cybercriminals look for new ways to access sensitive information for financial gain, information stealing malware will continue to grow in popularity in 2023. As the amount of personal and financial data stored and transmitted online increases, cybercriminals will have more opportunities to steal this information. In addition, as more businesses and individuals work remotely and use devices to access sensitive internet-facing systems, the attack surface increases, giving cybercriminals more attack vectors. 

As a result, we expect a continued increase in the development and use of information stealing malware for cybercriminals to steal sensitive information and sell it on cybercriminal marketplaces.

Source Code Repositories Will Continue to be Targeted

Source code repositories contain an organization’s proprietary and valuable intellectual property and may collect sensitive information such as credentials and access keys. Additionally, many organizations use these platforms to collaborate and share code, increasing the attack surface. As the remote work trend has accelerated, many companies rely more heavily on cloud-based platforms such as GitHub for their development and deployment needs. These factors make source code repositories an attractive target for cybercriminals, and organizations must be vigilant to protect themselves.

Vulnerability Exploitation Will Remain the Top Access Vector

With the increasing complexity of software systems and the growing number of devices connected to the internet, the attack surface for cybercriminals continues to expand. As more sensitive information is stored and processed online, the incentives for attackers to find and exploit vulnerabilities in software systems will continue to grow. Furthermore, many companies and organizations do not have sound vulnerability management programs to identify and fix vulnerabilities in their software systems, making them attractive targets for cybercriminals, highlighting the need for a vulnerability management service to identify and prioritize vulnerabilities to protect against these threats.

To learn more about the ATI 2023 Annual Report, please visit:

About Deepwatch
Deepwatch is the leader in managed detection and response, protecting organizations from ever-increasing cyber threats. Powered by Deepwatch’s cloud security platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats and tailored guidance from dedicated experts 24/7/365 to reduce risk and improve security posture. The world’s leading companies, from the Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. Visit to learn more.

[email protected]

Subscribe to the Deepwatch Insights Blog