Top Cybersecurity Threats to Be Prepared to Fend Off in 2023
Cybersecurity attacks are not going away, and if anything they are predicted to increase, in scale, creativity, and damage. In fact, Cybersecurity Ventures predicts “the global annual cost of cyber crime is predicted to top $8 trillion.”
Companies, governments, individuals, and organizations should all be looking to thwart the challenges- new and old- that cyberattacks present this year. As Andy Thompson, a cybersecurity expert, noted for Cyberark when reviewing the major cybersecurity breaches of 2022, “Identity compromise was a familiar theme across major 2022 breaches – from a high-profile incident involving a leading identity provider, to the rise in deceptive “MFA fatigue” phishing, to a teenager’s headline-grabbing attack on a major ride sharing service.” Thus, governments began enacting stronger cybersecurity regulations to protect sensitive data and critical infrastructure while private sectors increased supply chain scrutiny to identify areas of weakness, such as embedded credentials and unmanaged secrets. Overall, 2022 was an eventful year for the cybersecurity industry as a whole due to challenges of unfilled cybersecurity jobs, depleted IT security staffs, and increased risk exposure to ransomware threats and vulnerabilities across the software supply chain.
So, as we move into 2023, the sophistication level of cyber criminals and their attack vectors is expected to increase. Cybercrime has become a business, and the assailants are more advanced in both their targets and methods. Dirk Schrader, VP of Security Research, and Michael Paye, VP of Research and Development, at data security company, both agree that the business of cybercrime will be further professionalized in 2023. Schrader notes that the return of malware strains like Emotet, Conti, and Trickbot indicates an expansion of cybercrime for hire. In particular, the growth of ransomware-as-a-service is enabling criminals without deep technical skills to make money, either by extorting a ransom for decryption keys or selling stolen data on the dark web or to a victim's competitors.
To protect against these threats, organizations should expect an increase in phishing campaigns and take vital defense strategies such as timely patching and updating of software, as well as locking down network access with multifactor authentication (MFA) and privileged access management (PAM) solutions. Paye foresees an intensification in supply chain attacks, ranging from complex enterprise organizations to small and medium-sized businesses and managed service providers. Adversaries will increasingly target these suppliers, knowing that they provide a path into multiple partners and customers. To address this threat, organizations of all sizes need to consider the vulnerabilities of all their suppliers and partners and take steps to secure their supply chains.
Security Info Watch has highlighted a number of specific new trends and challenges that organizations need to be aware of in order to protect their networks and data. One of the most significant challenges is the increased use of AI and machine learning by cybercriminals to power more sophisticated phishing campaigns. According to Noel-Tagoe, a cybersecurity expert, "Cybercriminals will have access to an ever-growing treasure trove of data, from open-source data such as job postings to personal information leaked in data breaches, with which to craft highly targeted spear phishing lures." Researchers have already shown how next-generation language models such as OpenAI's GPT-3 can be used to generate phishing content that "outperformed those that were manually created." With GPT-4, the next evolution of the language model, rumored for release in 2023, the threat of AI-powered phishing becomes more severe.
Another area of potential vulnerability is the rapidly emerging technology of quantum computing. According to Jon France, Chief Information Security Officer of (ISC)², "As adoption increases, so do the security challenges." He warns that making infrastructures quantum-resilient is going to be more difficult than imagined, both for the public and private sectors. For the private sector, trade secrets, intellectual property, financial data, and more are at risk if a bad actor gets their hands on quantum computing capabilities and breaks the encryption keeping critical assets under lock and key. He predicts that in 2023, both the private and public sectors will experience increased awareness around the challenges associated with quantum resilience, and efforts will begin to take hold more significantly to prepare for quantum computing.
Another lesser-known cyber threat is wiperware attacks. According to France, while most organizations are not as familiar with wiperware attacks as its cousin ransomware, it has been a latent problem for almost a decade, with a dramatic increase in the number of attacks in 2022. He warns that "we can anticipate a rise in nation-state-motivated wiperware attacks in 2023 as the Russia/Ukraine conflict continues, and we can expect to see other nations utilize these attacks in future conflicts now that they've become more prevalent on the global scene." Additionally, with the rise in wiperware, there's likely to be a rise in phishing attacks, given that it's the most common vector for delivering wiperware malware.
The Types of Cyberattacks to Be Most Aware of Going into 2023:
Web application weaknesses: Cybercriminals will exploit web application weaknesses such as logic flaws, injection flaws, or access control weaknesses that are easy to exploit by hackers and easy mistakes to make when writing code.
Misconfiguration mistakes: Cloud environments can be complicated, and misconfigurations can be difficult to detect and remediate. Gartner estimates that these cause 80% of all data security breaches and that until 2025, up to 99% of cloud environment failures will be attributed to human errors.
Vulnerable software and patching: Organizations need to ensure that the operating system and library security patches are applied as they are released.
Weak internal security policies and practices: Many SaaS companies are small and growing, and their security posture can be poor, leaving them exposed to attack.
Business Email Attacks: Scammers often use spoofed emails that look like they're coming from a trusted source, such as a company executive, employee or vendor. These types of attacks, known as Business Email Compromise (BEC), can have attractive payouts for cybercriminals. To combat this threat, companies can implement email security solutions such as spam filters and multi-factor authentication to protect against phishing and other types of email attacks.
Security experts like Chip Gibbons, the CISO at Thrive, predict “Business Email Compromise (BEC) will continue to be a top attack method from cyber attackers and the easiest way into an organization. With the increase in zero-day attacks, people are going to be looking at reducing their externally available footprint. Multi-Factor Authentication (MFA) will be ubiquitous, and nothing should be externally available without it. Most companies have embraced some form of work-from-home policy and there was a large scramble to get people secure and situated at the beginning of the pandemic. Companies should continue to evaluate their end-user workstation security and work on securing with DNS filtering, EDR, and email filtering.”
Malware and Ransomware Threats: According to Forbes, "We’ll likely see more of this type of activity, particularly related to the conflict in Ukraine and the associated sanctions. Russian state-sponsored organized crime teams that excel at ransomware will help sustain the war efforts."
Innovation in the Cybercrime Cash-Out Process: Threat actors are becoming more creative in how they cash out their illegal proceeds, as law enforcement is able to more easily track suspicious activity once transfers surpass $10,000 for standard bank accounts.
Cybercrime and Scamming as a Service: Underground virtual marketplaces are becoming more prevalent, offering low-skill threat actors a one-stop shop for tools and services to carry out bank fraud, phishing, and other cybercrime.
A survey conducted by Institute of Electrical and Electronics Engineers, IEEE, “the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity,” polled 350 chief technology officers, chief information officers and IT directors. They identify the biggest concerns as falling into these categories:
Cloud Vulnerability: As more and more companies move their operations to the cloud, the potential vulnerabilities of these systems become a major concern. According to the survey, 51% of respondents mentioned cloud vulnerability as a top concern, up from 35% in 2022. To combat this threat, companies can implement cloud security solutions such as encryption, access controls, and multi-factor authentication to secure sensitive data stored in the cloud.
“There is risk for companies if they are not doing their configuration management and tracking their regulatory compliance they are required to follow,” said Kayne McGladrey, field CISO for Hyperproof and a senior member of the IEEE. He explained that modern cybersecurity and associated regulatory frameworks require data encryption at rest and in transit. “If companies are encrypting, it’s an easy day, and there’s no problem,” he said. “The real risk I’m starting to see in such vendor negotiations as B-to-B purchasing agreements is that companies want an attestation that the [vendor] is monitoring encryption of all their cloud storage. Companies are asking one another: Can you verify, and do you regularly check that your cloud storage is encrypted? Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Mcgladrey.
Data Center Vulnerability: 43% of respondents in the survey mentioned data center vulnerability as a top concern, up from 27% in 2022. This highlights the importance of securing data centers and the sensitive information stored within them. Implementing robust security measures such as firewalls, intrusion detection systems, and regular security audits can help to protect data centers from potential threats.
Coordinated Attacks on an Organization’s Network: 30% of respondents in the survey mentioned coordinated attacks on an organization's network as a top concern. These types of attacks involve multiple techniques and tactics aimed at compromising a target's network. To combat this threat, companies can implement network security solutions such as firewalls, intrusion detection systems, and incident response plans to detect and respond to potential attacks.
Lack of Investment in Security Solutions: 26% of respondents in the survey mentioned lack of investment in security solutions as a top concern. This highlights the importance of investing in cybersecurity solutions to protect against potential threats. Companies can also consider hiring a dedicated cybersecurity team or contracting a managed security service provider to help identify and mitigate potential threats.
Crypto Scams and ‘Pig Butchering’: Crypto scams, also known as ‘pig butchering’ scams, are on the rise. Fraudsters use translation programs to communicate with global victims, luring them onto a sham website where they can steal their personal information or crypto assets. To combat this threat, companies and individuals can educate themselves on how to recognize and avoid crypto scams, and use reputable crypto exchanges and wallets to protect their assets.
In conclusion, the cybersecurity is continuously changing, and even though our measures to counter cyberattacks have improved, organizations need to stay informed and proactive in protecting their networks and data since cyberattack strategies have evolved as well. As Thompson notes, "Under extreme pressure, cyber insurance providers continued to ramp up requirements, making it even harder for organizations to purchase or renew policies. And several landmark legal cases placed breach responsibility and disclosure obligations on individuals, suggesting major changes ahead." Organizations need to be aware of the latest trends in cybersecurity attacks and take steps to arm their company and employees to spot cybersecurity issues, and best protect against them.