Attackers will increase the use of Deepfakes, target Energy providers and develop new attack methods to successfully deploy ransomware for profit amongst Day’s 2023 threat landscape predictions
In the coming year, cybersecurity professionals across the region will have to combat an increase in Deepfakes being used to conduct cyberattacks, new device-hopping threats and next- generation of ransomware, according to Greg Day, Cybereason’s Vice President and Global Field CISO. Day also warns of critical-infrastructure attacks on Energy companies, and targeted supply-chain breaches amid evermore strict regulatory frameworks.
As 2023 dawns, Day predicts that security leaders across EMEA will have to deploy a variety of new policies, strategies, and approaches to keep attackers at bay. His predictions are:
Increased cloud credential attacks, unless… The big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management (IAM) systems. What’s more, many new SaaS applications don’t integrate with organizations’ existing single sign-on (SSO) solutions, yet organizations continue to accelerate adoption of new SaaS software, even without the security controls of SSO. Consequently, adversaries will increasingly focus on finding these weaker access points (new SaaS applications) to gain access to corporate and personal data, unless IT and Security departments manage to get IAM back under control.
Deepfakes play a larger role in blended attacks. In recent years, we have seen the increased success of blended attacks that combine social engineering tactics with malicious links, for example. With end users becoming more aware of social engineering, we can expect more sophisticated attackers will increasingly turn to deepfakes to trick end users into clicking on malicious links, downloading infected files, and the like. It won’t be long before deepfakes become yet another common and core element of the blended attacks being used in the cybercrime kill chain.
The fifth generation of ransomware emerges. A recent report by Cybereason found that 73% of organizations suffered at least one ransomware attack in 2022, compared with just 55% in 2021. As the world reaches saturation of ransomware, adversaries will explore new methods to get money from the same victims. This will be the fifth generation of ransomware.
Lawmakers refocus regulation. In the coming year, regulation in the E.U. will have more of an emphasis on ensuring businesses have truly identified and remediated breaches. This regulatory focus will close the gap between shutting the attack door in the immediate aftermath of an incident and understanding the attack’s impact. In the U.S., regulatory bodies like the SEC are taking a different approach, one that focuses on enhancing cyber risk reporting and board-level governance.
Ransomware will test cloud storage access controls. Cloud storage can give organizations a significant data protection advantage, along with more flexible recovery options. But as ransomware moves from the endpoint to target cloud-only spaces, it creates new risks for organizations, especially those that accelerated cloud adoption during the pandemic and lost sight of where sensitive data lives and who has access to it. This creates weaker credential management, leaving room for ransomware to infiltrate.
Cyberattacks will be transferable between smart devices. The typical cyberattack moves from hacker to device, but 2023 may bring the first cyberattack that jumps between smart devices, including smart cars. We haven’t seen the in-smart environment replication just yet, but with the pace of innovation, a smart car attack could be riding shotgun to the vehicle next to you.
The risk of a significant attack on critical national infrastructure rises. As both direct and indirect cyber warfare domains grow, so too does the potential for a substantial cyberattack, most likely in an area such as the energy space. This risk is most presently in EMEA, but it’s certainly top of mind among cybersecurity and national defense experts globally.
Burnout will impact cyber resilience. Security teams around the world have been working long hours from home, adapting their organization’s security posture to support all the shifts in key business systems. In an industry that is still facing a massive skills shortage, we shouldn’t be surprised if burnout impacts security teams’ ability to maintain the round-the-clock coverage required to respond to a crisis in a timely fashion.
Security leaders will need to develop new strategies for supply chain threats. The standard due diligence and security assessments that CSOs have performed on third parties is no longer adequate given the escalating frequency and impact of supply chain attacks. Regulations like the E.U. NIS Directive 2.0 and cyber insurance providers are forcing companies to conduct more frequent and dynamic assessments of their supply chain risk and to better control the access third parties have to their networks.
“Defenders don’t have to face an uphill fight in the battle to fend off cyberattacks. There is no test to our resolve, our ingenuity, and our defenses,” said Day “In the new year, the cybersecurity industry as a whole should re-examine its threat posture and adjust its readiness footing by seeking out the right partners and implementing best practices.