John Fokker, Head of Threat Intelligence, Trellix
Amidst sustained geopolitical and economic turmoil, it’s perhaps unsurprising that 2022 was an eventful year for cybersecurity. The emergence of the widespread Log4J vulnerability in January set the tone, with the ongoing cyber and physical war in Ukraine following shortly after. One year on, the world has experienced heightened pressure on its economies, with further disruptions on the horizon. To prepare for this, organizations should expect increased activity from threat actors looking to advance their own agendas for political or financial gain.
Whether it’s teen cybercriminals, crypto-mining or hacking in outer space, Trellix research shows that 2023 will bring another year of new and evolving threats. It’s critical for security professionals to stay abreast of the activity that they are likely to face, to enable them to outwit and outpace bad actors and utilize advanced defenses proactively. Essentially, security must be always-on and always learning.
Here are the top predictions that will play a major role in defining the cybersecurity landscape in 2023.
Cybercrime activity by teens to increase
Last September, a 17-year-old affiliated with the Lapsus$ hacker gang was arrested in London for breaching the internal systems of Uber and Rockstar Games. In recent years, technically talented young people have been recruited by bad actors and organizations such as Lapsus$, resulting in successful hacks of international organizations like Microsoft, Okta and NVIDIA.
In 2023, there’s likely to be increased activity from teens and young adults – everything from large-scale attacks on enterprises and governments to low level crime targeting family, friends, peers and strangers. Not only will this pose dire financial and reputational consequences across the board, but it also means these cybercriminal organizations will be competing for talent against Fortune 500 and security companies, who all work to protect society online.
The boom in youth-led cybercrime should be seen as much of a cultural issue as a public policy one. It underlines an urgent need for stronger education and awareness within young people around the potential consequences of getting caught by law enforcement.
To educate the young on the dangers of cybercrime, there are several new resources and initiatives like Cyberland and CyberCenturion organised by the Cyber Security Challenge UK, which can help prevent them from sliding into a world of cyber-crime.
Greater phishing risk across collaboration apps
Smishing, vishing, social media phishing and business email compromise attacks have traditionally been managed with anti-phishing toolbars and email security protections. However, recent sophisticated phishing attempts driven by AI developments have led to vulnerabilities in messaging channel and business collaboration apps like Slack and Teams. While Zoombombing and similar methods have been observed, the use of business collaboration apps will grow as a threat vector.
There is little doubt that phishing will be weaponized at scale in the coming years, spreading across communication channels, in a much stealthier way.
As the post-pandemic world shifts to hybrid and cloud-based working, it has expanded the attack surfaces to individual’s vulnerable home networks and devices, which malicious threat actors use to gain access into an organization’s network. This, in turn, has driven increases in phishing attempts targeting employees and companies, forcing them to stay abreast of new threat tactics and techniques and focus on strengthening their perimeters and email protection services.
Crypto mining through IoT devices
Moving into the digital age means that IoT devices are an integral part of daily lives. Devices now do everything from warming up coffee, turning off the lights and even driving vehicles. However, with the growing trend of devices becoming smarter, the advanced capabilities of consumer and enterprise IoT devices are at risk of being leveraged by hackers to mine cryptocurrencies – at their electrical expense.
While a single IoT device may not contribute hugely to cryptomining, deploying a botnet like Mirai can bring thousands of devices under a single umbrella. We have also observed cases of coin miners jumping from IoT devices to other operating systems since security is not at the forefront for IoT device manufacturers.
To make matters worse, these devices can be hacked by nation-state or APT groups to spy on high profile targets as was seen with Pegasus. With a lack of adequate anti-malware solutions available for these smart devices, security analysts may struggle to reverse engineer malware manually.
Beware of space invaders
With the launch of more satellites, society also demonstrates a growing reliance on satellite data and internet access. Satellites are in fact purpose-built computers, meaning they are vulnerable to many of the same cybersecurity threats here on earth.
Although “CubeSats” mitigate the vulnerabilities of breaching a ground control station, it does not mean that satellites are secure. Hacking some CubeSats may be as simple as waiting for one of them to pass overhead and then sending malicious commands to exploit vulnerabilities in the satellite’s hardware or software.
Like the manufacturing of IoT devices, if cybersecurity is not fully considered during initial phases of design, it will take a backseat to other engineering challenges, which leaves the system open to compromise. If this continues, there will be an increase of targeted DDoS attacks, like those in Ukraine against SpaceX Starlink terminals.
Ransomware can also be a persistent threat among satellites. As the space landscape evolves into critical infrastructure, it attracts malicious actors that specifically prey on these highly valuable industries’ networks. Attacks on critical infrastructure satellites are particularly lucrative for cybercriminals, given society’s dependence on these networks.
Although discussions about upcoming trends and predictions are valuable, it’s even more vital to anticipate and prepare for major shifts. As global political and economic events continue to unfold this year, it is essential that all organizations look beyond the horizon to ensure they remain proactive and well-equipped against novel threats from more innovative threat actors.