Cyber Threats for the year 2023
- Cybersecurity Trends Table of Contents
As the year 2022 reached its end and after a full year of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, we want to know what would be in store for us in 2023. Several predictions are being made by security researchers, vendors and experts about how the threat landscape is expected to evolve in 2023. The cybersecurity predictions for the year 2023 are as follows:
1. Social Media Scams Give Rise to A New Social Engineering Battleground
Adversaries and state-sponsored attackers are leveraging on social engineering techniques as a first step in large-scale campaigns aimed at breaking into systems, spreading ransomware or stealing sensitive information. With ever-growing social media commerce and marketplaces, people are increasingly relying on indicators of trust, such as how many connections or followers a person or company account has, whether the account is verified and how long the account has been active, making them susceptible to scams and cyber-attacks. It is expected that in 2023, social engineering threats will adapt to the new technologies being implemented by enterprises for hybrid workers; they will also target a population that increasingly makes financial purchases and investments online.
It is also predicted that Business Email Compromise (BEC) scams will develop, further harassing global enterprises with increasingly targeted schemes. For ordinary individuals, romance schemes will be a focus in 2023. Deepfakes will also be a bigger issue after seeing underground forum users planning to use deepfakes to fool financial institutions in 2022. Social engineering is versatile, cheap, and available even to scammers with limited knowledge of technology.
2. More Attacks on Critical Infrastructure
Critical infrastructure has always been a major target for cybercriminals and state-sponsored attackers. Given the Russia-Ukraine war, cyber-attacks and threats have grown exponentially. According to security researchers, critical sectors are going to be more targeted in 2023 due to the rise in threat actors associated with nation states. It has also been predicted that healthcare and education will be among the sectors most targeted in 2023. As per security reports, there was an increase in ransomware attacks targeting healthcare sector around the world. It is also speculated that due to the increase footprint of Internet of Things in these sectors, they will be more susceptible to digital attacks.
3. Increase in Ransomware attacks and Wipers
As per security researchers, ransomware attacks will continue to rise and will become more sophisticated. Research has found that attackers are now adding the wiper malware to their ransomware attacks. Wiper malware, which was initially discovered a decade ago, gives cybercriminals the ability to delete data and cripple critical system availability, such as manufacturing equipment and servers, unless a ransom demand is met. Given the level of convergence between various attack methods and advanced persistent threats (APTs), it is anticipated that an increasing number of ransomware attacks would be combined with more destructive capabilities like wiper malware. Moreover, the war in Ukraine fuelled a substantial increase in disk wiping malware among threat actors primarily targeting critical infrastructure.
Wiper malware trends reveal a disturbing evolution of more destructive and sophisticated attack techniques. The rising prevalence of wiper malware is an indicator that these weaponized payloads are not limited to one target or region and will likely be used in combination with other cybercrime playbooks in the future. Combining wiper malware with ransomware represents a vicious new combination that cybercriminals will adopt to increase their extortion amount.
4. New Crime-as-a-Service Offerings
Given cybercriminals’ success with Ransomware as a Service (RaaS), security experts predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service (MaaS) offerings, new criminal solutions will be adopted and there will be an increase in the sale of access to pre-compromised targets. Cloud as a Service could be an attractive business model for threat actors. It is expected to see more turnkey, subscription-based offerings being made available to threat actors. This emerging model would allow cybercriminals of all skill levels to deploy more sophisticated attacks without investing the time and resources up front to craft their own unique plan. For seasoned cybercriminals, creating and selling “as a service” attack portfolios offer a simple, quick, and repeatable payday.
It is also anticipated that threat actors will begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings and related algorithms more broadly for purchase. Beyond targeting high-profile celebrities and public officials, it is expected that threat actors to expand their purview to include influencers, particularly those with a strong digital presence. Casting a wider net like this offers cybercriminals more opportunities to impersonate others and lure unsuspecting fans into taking an action, such as “purchasing” a product that does not actually exist.
In addition to deepfakes, it is predicted that Reconnaissance-as-a-Service will increase in popularity. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching the attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization’s security schema, key security personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, and more to help a cybercriminal carry out a highly targeted and effective attack.
5. Artificial Intelligence Will Boost Both Attackers and Defenders
Artificial Intelligence (AI) technology has leaped in recent years, showcasing a capability to bring benefits and risks to various industries. Cybersecurity is no exception, as experts believe both defenders and attackers will utilise this technology to get an edge. As per security researchers, social engineering-based attacks will be strengthened by AI and machine learning. It is simpler and faster to gather data on businesses and employees using these capabilities. On the other hand, AI can also strengthen cybersecurity–powered systems such as SIEM (security information and event management) capabilities allowing security teams to detect threats faster and respond to incidents quicker.
There is also evidence that deepfakes which use AI to create fake images and videos of real people are being used to infiltrate organisations. Security experts believes cyberattacks will use this technology for more social engineering attacks and impersonation, which can be difficult to prevent. They have also predicted that those in the security business should choose biometric authentication methods with care and with the understanding that as deepfakes become more sophisticated, those biometric authentication methods may be rendered much less useful.
6. ChatGPT
The development and deployment of ChatGPT is likely to have a significant impact on the field of cybersecurity. While ChatGPT and other AI technologies hold great promise for improving the ability of organizations and individuals to defend against cyber threats, it is important to carefully consider the potential risks and challenges they may pose and to take appropriate measures to mitigate these risks. This may include implementing strict security protocols and safeguards to prevent unauthorized access to ChatGPT and other AI systems. It may also involve ongoing monitoring and evaluation to ensure that these technologies are being used in a safe and responsible manner.
7. The Wild West of Web3
Web3, a new, block chain-based iteration of the internet that aims to decentralize ownership of the digital economy, is quickly becoming mainstream, with an increasing number of corporations beginning to experiment with Web3 tools. Web3 offers organizations many potential benefits, such as making it easier for development teams to deploy applications without managing and maintaining new infrastructure to support that process. But just like any new technology, Web3 is not without security risks. Web3 is about the user controlling their own data. From past security incidents, security experts have learnt that users are often the weakest link. Although the irreversible aspect of block chain offers some benefits, it introduces challenges as well. For example, Web3 wallets today do not use Multi Factor Authentication and rely only on passwords. Thus, it becomes difficult to recover if lost.
8. The Hybrid Work Model Will Attract More Cybercriminals
Many employees are already used to the hybrid work model – a situation where some days they work from home and other days they work in the office. This involves work devices constantly moving between zones of security, from a secured office space to a shared home network. To combat the security issues that arise with this, enterprises will turn to zero trust models. It is expected that threat actors will further target home devices, knowing that home office equipment is connected to enterprise resources. There will be a gradual rise, followed by an explosion, of attackers that will pivot into home networks connected over VPN and try to move laterally into the enterprise from there. Using this method, attackers can compromise the network they are currently targeting, and also line up several other networks compromised to follow up on later.
9. Attacks Against Software Supply Chain Will Increase
2022 also saw a significant increase in critical software supply chain vulnerabilities as companies scrambled to respond to multiple zero-day vulnerabilities in enterprise productivity tools, popular browsers, and open-source software and libraries such as Log4J, NodeJS packages, and Python packages.
All companies rely on 3rd party software, and this dependency will continue to be a significant security concern into 2023. Organizations need to actively track which software they rely on and be more discerning in defining what a “trusted source” of software really means. Going forward, it will be more critical than ever to ingest CTI to ensure any applicable emergency mitigations and security patches are applied.
The threat of software supply chain vulnerabilities should also prompt all companies to evaluate the cybersecurity posture of their existing and potential partners, driving more awareness, compliance, and disclosure of cybersecurity practices. Mobile app stores and open-source software platforms such as Github, NPM, RubyGems, and PyPI will hopefully do more to provide better security reviews of software offered through their platforms. Organizations can also take action by conducting Cyber Security Assessment and Cloud Penetration Testing to ensure that their control centre is safe from infiltration by a hacker through their software supply chain.