By Candid Wuest, VP of Cyber Protection Research, Acronis
Today’s world is more digitally dependent than ever. IT environments are becoming increasingly complex, and small flaws in resilience can have a major impact on an organization’s ability to continue operating despite security incidents or breaches. Here are ten trends that are likely to shape the cybersecurity landscape in 2023.
1. Authentication – is that really you?
Authentication and Identity Access Management (IAM) will get successfully attacked more frequently. Many attackers have already started to steal or bypass Multi-factor Authentication (MFA) tokens. In other situation overwhelming targets with requests, for example in MFA fatigue attacks, can lead to successful logins without the need of a vulnerability. The recent attacks against Okta and Twilio showed that such external services are getting breached too. This is of course on top of the still ongoing weak and reused password problems of the past years. Hence it is all the more important to understand how your authentication works and how the data is accessed by whom.
2. Ransomware – still going strong
The ransomware threat is still going strong and evolving. While we are seeing a shift towards more data exfiltration, the main actors are continuing to professionalize their operations. Most of the large players have expanded to MacOS and Linux and are also looking at the cloud environment. New programming languages like Go and Rust are becoming more common and require adjustments in the analysis tools. The number of attacks will continue to grow as they are still profitable, especially when cyber insurance covers some of the impact. Attackers will increasingly focus on uninstalling security tools, deleting backups, and disabling disaster recovery plans wherever possible. Living of the Land techniques will play a major role in this.
3. Data breaches – for the masses
Information-stealing malware, such as Racoon and Redline, is becoming the norm for infections. Stolen data often includes credentials, which are then sold for further attacks via initial access brokers. The growing number of blobs of data combined with the complexity of interconnected cloud services will make it harder for organizations to keep track of their data. The requirement for multiple parties to access the data makes it harder to keep it encrypted and protected. A leaked API access key, for example on GitHub or the mobile app, can be enough to steal all data. This will lead to advances in privacy-friendly computing.
4. Phishing beyond emails
Malicious emails and phishing attacks continue to be sent by the millions. Attackers will continue to try to automate and personalize the attacks using previously leaked data. Socially engineered scams like Business Email Compromise Attacks (BEC) will increasingly spread to other messaging services like text messaging, Slack, Teams chat, etc. to avoid filtering and detection. Phishing, on the other hand, will continue to use proxies to capture session tokens, steal MFA tokens, and use diversions like QR codes to further hide itself.
5. Not so smart contracts
An end to the attacks on cryptocurrency exchanges and smart contracts on the various blockchains does not seem to be in sight. Even nation state attackers are trying to steal hundreds of millions in digital currencies. The more sophisticated attacks on smart contracts, algorithmic coins and DeFi solutions continue, in addition to the classic phishing and malware attacks against their users.
6. Living of your infrastructure
Service providers are increasingly being attacked and compromised. The attackers then abuse the installed tools like PSA, RMM or other deployment tools to live off that land. They are not only managed IT service providers, but also consulting companies, first-level support organizations and similarly connected partners. These outsourced-insiders are often deployed as the weakest link in a target organization without painstakingly crafting software supply chain attacks.
7. Calling from within the browser
There will be more attacks in or through the browser, conducting the attacks from within the sessions. Malicious browser extensions swap targets’ addresses of transactions or stealing passwords in the background. There is also a trend in hijacking the source code of such tools and adding the backdoors through the GitHub repository. On the other side, websites will continue tracking users with JavaScript and oversharing session ids across HTTP referrers to marketing services. Attackers will expand on the Formjacking/Magecart techniques where small added snippets steal all the information in the background of the original website. With the increase of serverless computing, the analysis of such attack can become more complicated.
8. Cloud automation through APIs
There has already been a tremendous shift of data, processes and infrastructure to the cloud. This will continue with more automation between different services. Many IoT devices will be part of this large hyper-connected cloud of services. This will result in many APIs being accessible from the internet and therefore increasing attacks on them. Because of automation, this can trigger large-scale attacks.
9. Business process attacks
Attackers will always come up with new ideas on how to modify business processes for their own benefit and profit. Like changing the receiving bank account details in an organization’s billing system template, or adding their cloud bucket as a backup destination for the email server. These attacks often do not involve malware and require close analysis of user behaviour, much like the growing number of insider attacks.
10. AI everywhere
AI and ML processes will be used by corporations of all sizes and sectors. Advances in the creation of synthetic data will further fuel some identity fraud and disinformation campaigns using deep fake content. More worrisome trends will be the attacks against the AI and ML models themselves. The attacker will try to use weaknesses in the model, implant bias on purpose into data sets or simply use the triggers to flood IT operations with alerts.