The 2023 Cyberthreat Landscape: 10 Trends to Look Out For
Our world is more digitally dependent than ever before. And as IT environments become more complex, even the smallest vulnerabilities can give cybercriminals an opening into organizations’ inner workings — one that ultimately leads to catastrophic data loss, service interruptions and reputational harm.
Here are 10 trends that are likely to shape cybersecurity in 2023:
1) Cybercriminals will take aim at authentication systems
Expect more frequent attacks on authentication and Identity Access Management (IAM) tools. Cybercriminals have taken active steps to steal MFA tokens or to otherwise bypass authentication systems, including overwhelming targets with token requests and waiting for fatigue to set in. Recent attacks against Okta and Twilio showed that external services are at risk too. Ensure MFA is properly configured for clients and employees alike, and that you follow principles of least privilege by giving users only the minimum required levels of access to internal systems.
2) Ransomware attacks will be more devastating than ever
One of the most headline-grabbing forms of cyberattack, ransomware continues to evolve. We’re seeing a shift further towards data exfiltration as the primary threat actors continue to professionalize their operations. Most of the larger players have expanded their reach to macOS and Linux, and are now taking aim at the cloud environment. Malware written in languages like Go and Rust is becoming more common, forcing a change in how threats are analyzed. These threats remain as profitable as ever, so expect the number of incidents to increase.
3) Data breaches will affect the masses
Info-stealing malware, like Raccoon and RedLine, is becoming the norm. Stolen data often includes user credentials, which are then sold via initial access brokers and can enable further attacks down the road. The growing number of blobs of data, combined with the complexity of interconnected cloud services, will make it harder for organizations to keep track of (and protect) sensitive information. One saving grace? This trend will inevitably lead to advances in privacy-friendly computing.
4) Phishing will expand beyond email
Phishing remains one of the most significant attack vectors, with malicious messages sent by the millions. As attackers continue to automate their attacks — and to personalize them using previously leaked data — we can expect these campaigns to spread across other messaging services to avoid filtering and detection by traditional security tools. SMS/texting, Slack, Teams are just a few of the platforms to keep an eye on.
5) Smart contracts will be targeted further
There’s no end in sight to the assaults on cryptocurrency exchanges and smart contracts. Even nation-state actors are participating, trying to steal hundreds of millions in digital currency through sophisticated attacks. This is all in addition to more classic ongoing techniques, like targeting crypto users with phishing scams and address-swapping malware.
6) Attacks will “live off” your infrastructure
Service providers are increasingly being attacked and compromised, with attackers then abusing installed tools (PSA, RMM, etc.) to “live off the land” and perform their malicious activities. This threatens not only your business, but also any consulting companies, first-level support organizations and similarly connected partners. Outsourced insiders may be used to side-step the need for painstakingly crafted supply-chain attacks.
7) More browser-based cyberattacks
The coming year will bring more attacks through web browsing sessions. Malicious browser extensions are already well-attested — swapping wallet addresses during cryptocurrency transactions or stealing passwords in the background. We also see a trend in the hijacking of extensions’ source code, adding backdoors through the GitHub repository. On the remote side, expect attacks to expand on Formjacking/Magecart techniques, skimming site visitors’ info via added code snippets. With the increase of serverless computing, analysis of such attacks will become more complicated.
8) Cloud-exposed APIs will be a significant risk factor
There’s already been a tremendous shift of data, processes and infrastructure to the cloud in recent years. This trend will continue as more automation between different services is introduced, including IoT devices. With so many APIs being accessible from the internet, the threat of large-scale automated attacks will rise.
9) More attacks against business processes
Cybercriminals are constantly coming up with new ideas about how to modify standard business processes for their own benefit/profit. Examples include changing the receiving bank account details in an organization’s billing system template, or adding their cloud bucket as a backup destination for your email server. These attacks don’t always involve malware, but rather require close analysis of user behavior to detect and prevent.
10) AI will be everywhere
Advances in artificial intelligence are hard to ignore, with tools like ChatGPT currently grabbing headlines around the world. Organizations of all sizes — including cybercrime gangs — will use AI to further fuel identity fraud and disinformation campaigns. But a more worrisome trend may be attacks against AI and machine learning models themselves. Attackers could exploit weaknesses in these models, implanting bias into data sets or simply using triggers to flood IT operations with false alerts.
For more insights on the current cyberthreat landscape — and actionable advice you can start taking today — read the Acronis 2022 Year-end Cyberthreats Report.