The National Cyber Security Center (NCSC) has released a comprehensive report detailing the cybersecurity landscape in the fourth quarter of 2023, revealing a staggering 915 cyber incidents targeting critical government networks, ministries, and key institutions. The report outlines the meticulous response efforts undertaken by the NCSC, including 30 operations executed by the cyber incident response team and 31 digital analysis endeavors to investigate evidence linked to these incidents.
Incidents varied in severity, with low-level incidents accounting for 21 percent, medium-level for 77 percent, and serious incidents for 2 percent. Among the notable threats identified, ransomware, hacking attempts, and various forms of malware remained prevalent, posing significant challenges to cybersecurity efforts.
Examinations of government servers and institutions uncovered a concerning rise in security vulnerabilities, reaching 124,901—a 51 percent increase compared to the previous quarter. Additionally, 810 vulnerabilities were discovered across 113 government websites, indicating a 14 percent uptick. Penetration tests surged to 72, detecting 87 vulnerabilities, with medium, high, serious, and low-risk vulnerabilities accounting for varying proportions.
Critical national cyber risks identified in the report include the use of unlicensed or outdated software, insecure network protocol configurations, and exposed internal services. Of particular concern were the escalating attacks orchestrated by advanced threat groups, exploiting vulnerabilities in outdated systems and software.
Noteworthy incidents highlighted in the report include targeted attacks on government institutions, ransomware assaults on vital national entities, and instances of website content tampering across Jordanian institutions. The report underscores the gravity of cybersecurity challenges and the urgent need for enhanced cybersecurity practices across organizations.
The significant increase in cyber incidents compared to the previous quarter is attributed to enhanced threat detection capabilities, expanded monitoring scope, and increased digitalization efforts across institutions. The surge in malware incidents and indicators of policy non-compliance underscore systemic weaknesses in cybersecurity practices, necessitating proactive measures to mitigate risks and strengthen defenses.
