In recent years, organizations of all sizes have experienced a rise in cyberattacks, which have also become more severe. These attacks range from ransomware and malware to DDoS attacks, advanced persistent threats, data breaches, insider threats, and more.
Unfortunately, signs suggest that 2023 won't bring any relief from these threats. This leaves cybersecurity teams feeling stressed and unsure how to protect their organizations. What threats should they prepare for this year and in the future?
Stress Levels on Cybersecurity Leadership
According to industry experts and analysts, Board and C-Suite leadership teams will need to increasingly prioritize cybersecurity defense in the coming years, if it's not already at the top of their agenda. Recently, Gartner held the APAC Gartner Security & Risk Management Summit in Sydney, Australia, where they shared their top eight cybersecurity predictions for 2023-2024 (see ref 1 below). They see the stress that CISOs and other leaders in the field face driving significant job turnover and a high attrition rate due to skilled leaders leaving the cybersecurity sphere altogether. That is not ideal, given the acute shortage of experienced people we already have. Organizations should be working to reduce the stress on their cybersecurity teams to boost retention.
The Biggest Threats in 2023
An ongoing review of current publications, articles, and industry discussions, highlights the threats that are currently prevalent, and which will likely remain so this year. We present a list with a discussion on each below. Please keep in mind that this list is not exhaustive, and there will be other risks that your organization may face, including new threats that we don't know about at the time of writing (May 2023). It is crucial to safeguard your systems and networks from both known and unknown threats that may emerge at any time.
An excellent way to stay current is to subscribe to Mike Hamilton's Daily Blast email. You can sign up for the free and informative email that's delivered every weekday at https://www.criticalinsight.com/resources/daily-news.
Common Vulnerabilities and Exposures (CVEs)
To emphasize the point above about emerging threats and the need to defend against them, here is some data on the number of Common Vulnerabilities and Exposures (CVEs) NIST published in 2022.
The total number of CVEs published last year was 26,448. This was the first year that the number exceeded 25,000 and the sixth year in a row it increased year-on-year. These increases are likely a function of more diligence and reporting by cybersecurity teams who find the vulnerabilities, but it is also partly due to an expanding attack surface.
CVEs get graded on a scale that goes up to 10, and many of those rated 9+ on the scale can allow cybercriminals to remotely mount intrusion attacks or perform remote code executions that give them access to the breached network.
Good network detection and response (NDR) tools are essential to detect network anomalies resulting from cybercriminals bypassing security using newly discovered vulnerabilities.
Ransomware
Ransomware will remain a significant concern for organizations of all sizes. The availability of cybercriminal-provided ransomware-as-a-service resources has made it easier for individuals seeking to profit from this sort of attack to enter the field.
Interestingly, moves to prevent organizations from paying ransoms to attackers may have fed into a fall in the number of ransomware attacks against US targets in 2022. By extension, this led to fewer reported ransomware attacks globally in 2022 than in 2021. However, 2022 still had the second-largest number of attacks, and the number in the year's final quarter was the highest since Q3 of 2021. So, the trend is probably upward again from late 2022, and this will likely still be true in Q1 2023 and beyond. See refs 2 & 3 for up-to-date data from SonicWall and Sophos on ransomware trends.
Malware
In addition to ransomware (which is a specific type of malware), there will still be attacks using other malware types. Examples include:
- Wipers that erase data in malicious attacks.
- Spyware that resides on systems to collect data to send to criminals.
- Keyloggers that record keyboard entries to send to attackers.
- Adware that interrupts workflows and generates revenue for criminals.
- Trojans that mimic other software to trick users into running it.
- Worms that exploit known vulnerabilities to spread between systems.
- Viruses are still a problem if not dealt with on endpoints and servers.
- Bots and botnets used for denial-of-service attacks.
Apache Log4j
In December 2021, there was a disclosure of a vulnerability in the commonly utilized open-source Apache Log4j logging library. This library is deeply integrated into the core of numerous Java-based automation and operational systems, many of which are old and considered legacy systems, thus making them difficult to monitor. There is an ongoing process to identify and patch these systems.
The Log4j vulnerability is severe as it allows remote code execution. According to security reports summarizing 2022 attack data, over 1 billion attempts were made to exploit the Log4j vulnerability in monitored systems. It is important to note that not all systems that use the Log4j library are known. Therefore, any organization that has a system with Log4j included but has not updated the code or made necessary configuration changes to mitigate the vulnerability may get targeted using it in 2023 or beyond.
Supply Chain Vulnerabilities
In today's interconnected landscape, no business operates in isolation. Upstream and downstream partners in the supply chain and vendors providing business services pose a significant risk of cyberattacks against organizations. Even loosely linked IT systems and emails can be potential sources of supply chain and vendor threats that need to be assessed and managed to minimize the risks.
Phishing & Other Social Engineering Attacks
While not meant to criticize individuals, it is important to recognize that people are often the weakest link in security chains. Cybersecurity planning must acknowledge that mistakes can happen. Unfortunately, social engineering attacks such as phishing emails remain a significant source of attacks and data gathering for future attacks. Criminals are becoming more advanced by using tools like ChatGPT to create more convincing emails, websites, and other materials in their attempts to trick individuals into clicking malicious links or revealing sensitive information. This year and beyond, we can expect to see an increase in Business Email Compromise (BEC) and targeted spear-phishing attacks, particularly targeting high-profile individuals and their associates within organizations.
Crypto Scams
A type of attack that builds on social engineering techniques is cryptocurrency scams. The attackers send a seemingly harmless message through a messaging service or mobile phone to engage the recipient in a conversation. For instance, they may ask if the recipient is still available for lunch on Monday. Subsequently, the attacker tries to build a rapport with the recipient and eventually persuades them that they can make easy money through cryptocurrency. However, this is just a ploy to lead them to a fraudulent website that steals their money. Unfortunately, falling for this scam could also expose the victim's organization to further malware and other attacks via the scam website.
Attack Surface Expansion
The shift towards hybrid work has hastened the breakdown of the traditional network perimeter. As a result of more individuals working from remote locations, safeguarding networks with firewalls and intrusion detection technology is no longer as effective. Zero trust methods have become more prevalent in tackling this problem, but they alone are insufficient to provide adequate security. Cybersecurity teams must anticipate that defenses will get breached and implement NDR to continuously monitor all network activity for unusual patterns in real-time.
IoT Vulnerabilities
The rise of Internet of Things (IoT) sensors and devices in the built environment and manufacturing is contributing to the growing attack surface. Unfortunately, many of these IoT devices are known to have weak security, with some even shipping with the same admin account and password that often goes unchanged after deployment.
This proliferation of IoT devices not only expands the attack surface but also creates easily exploitable vulnerabilities. If these devices have access to other network systems, it can leave a back door open for anyone who knows the default account settings.
Insider Risk
It is important to be aware of insider risks posed by disgruntled employees or staff who may have been bribed by attackers. Rather than spending time searching for vulnerabilities to exploit, attackers may simply bribe an employee to insert a malware-infected USB drive into a PC on the network. To detect malicious activity on networks and IT systems, it is essential to implement protective measures such as 24x7 NDR and practice zero-trust best practices. These strategies are crucial for guarding against this and other attack vectors.
Conclusion
Achieving complete cybersecurity protection to prevent attackers from breaching defenses is not feasible. It's crucial to minimize the risks as much as possible, but it's also essential to prepare for situations when attackers succeed in infiltrating your network. This is where 24x7 NDR comes in, detecting anomalies and enabling you to isolate suspicious systems and respond to potential cyberattacks.
Critical Insight has a comprehensive CSaaS (Cybersecurity as a Service) offering that includes Incident Preparedness, managed 24x7 NDR (MDR), Incident Response, Vulnerability Scanning, Penetration Testing, and Regulatory Compliance assistance. By partnering with Critical Insight as your Managed Service Provider and using our CSaaS, you have access to experts who can work with your leadership team to prepare for and deal with all cybersecurity requirements and protection. All via pre-agreed and predictable budgets.
References
Gartner: Gartner Unveils Top Eight Cybersecurity Predictions for 2023-2024 - https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024
SonicWall: 2023 SonicWall Cyber Threat Report Casts New Light On Shifting Front Lines, Threat Actor Behavior - https://www.sonicwall.com/news/2023-sonicwall-cyber-threat-report-casts-new-light-on-shifting-front-lines-threat-actor-behavior/
Sophos: The State of Ransomware 2023 - https://news.sophos.com/en-us/2023/05/10/the-state-of-ransomware-2023/