Cyber threats: what trends in 2023?
Here are ten trends that will shape the cybersecurity landscape in 2023.
Our world has never been more digitally dependent. IT environments are increasingly complex. Resilience capacity only needs to be slightly out of balance to prevent the continuation of operations of a company facing security incidents or compromises. Let’s take a look at the top cybersecurity trends for 2023.
1. Validation. Is that you?
It is likely that attacks on authentication mechanisms and IAM (Identity Access Management) access and identity management solutions will increase and succeed more often. There have been many attempts to steal or evade multi-factor authentication (MFA) tokens. The desire to saturate targets with requests, in the case of so-called MFA fatigue attacks, can also lead to connections being established without even having any prior vulnerability. Recent attacks on Okta and Twilio have also shown that external services can be compromised. These situations are in addition to the old problems with weak and used passwords. Therefore, it is very important to understand how the authentication mechanisms in place work and who has access to what data.
2. Ransomware is still out there
The threat of falling victim to a ransomware attack is ongoing and changing. However, they tend to exfiltrate data with the strong desire of cybercriminals to professionalize their operations. Most are open to MacOS and Linux operating systems as well as cloud environments. New programming languages like Go and Rust are becoming more popular and require analysis tools to be organized. The number of attacks continues to increase, knowing that they remain profitable especially when cyber insurance policies partially cover losses. Whenever possible, attackers will want to uninstall security tools, delete backups, and disable disaster recovery plans. To do this, they will gladly use the methods of “living on the land”.
3. Large Scale Data Breaches
Malware used to steal data, such as Racoon and Redline, is becoming common. Often, credentials are stolen and sold to carry out new attacks through the first attack brokers. Multiple streams of data along with the complexity of interconnected cloud services make it difficult for businesses to keep track of their data. And as more and more parties need to have access to data, it becomes difficult to guarantee that it will always be encrypted and protected. A simple access key to an API, on GitHub or a mobile app, can be enough to steal data. The issue of respect for privacy will be central to computer advances in this direction.
4. Expanding Phishing Attacks Beyond Emails
Malicious emails and phishing attacks are still in the millions. Attackers will use illegally obtained data to personalize attacks and automate them. Social engineering scams, such as BEC (Business Email Compromise) attacks, will spread to other messaging services, text messages, Slack, Team chats, etc. to fool filtering and detection mechanisms. As for phishing attacks, they will continue to use proxies to obtain session tokens, steal MFA tokens and obfuscate with masked QR codes to advance.
5. Not so smart contracts
Attacks by crypto exchanges and smart contracts on various blockchains are not going away anytime soon. There are even attempts by states to steal hundreds of millions in digital currency. More sophisticated attacks of smart contracts, algorithmic trading and DeFi solutions will continue in addition to more traditional phishing and malware attacks against their users.
6. Risks of infrastructure operation
Service providers are increasingly attacked and compromised. Attackers hijack installed tools, such as PSA, RMM, or other deployment tools, to use as their base. The threat comes from managed IT service providers, but also from consulting companies, first-line support providers and other partners who have also gone online. These outside insiders are often seen as the weakest link in a company’s defense, easier to abuse than to carry out sophisticated attacks from software vendors.
7. Attacks from the browser
Attacks from or through the browser will multiply to span sessions. There are fraudulent browser extensions that change recipients of transactions or steal passwords in the background. Some hack the source code of these tools to add backdoors via GitHub repositories. Websites will also continue to track users using JavaScript tracking scripts and share HTTP session IDs with marketing services. Also common are formjacking/Magecart techniques of adding small snippets designed to siphon all the information from the original website. In the context of serverless computing, the analysis of such attacks becomes more complex.
8. Cloud automation through APIs
So much data, processes and infrastructure have been moved to the cloud. This trend will continue with automation between departments. Many IoT objects will be part of this vast cloud of hyperconnected services. This will result in the accessibility of many APIs from the Internet and the increase of attacks as a result. The context of automation can give rise to massive attacks.
9. Business Process Attacks
Cybercriminals have no lack of initiative to change business processes in their interest and for their benefit. They don’t hesitate, for example, to change the recipient’s bank details in the company’s invoice management system template or to add their cloud bucket as a destination for email server backups. Often, these attacks stem more from a sophisticated analysis of user behavior than from malware, such as the increasing number of insider attacks.
10. Omnipresence of AI
AI and ML processes will soon be used by companies of all sizes and in all industries. Advanced synthetic data production techniques will encourage identity fraud and disinformation campaigns based on falsely credible content. Of greater concern are direct attacks from AI and ML models that seek to exploit model weaknesses, intentionally bias data, or use trigger alerts to overwhelm IT operations.
