Attacks against infrastructure, supply chains and cloud resources are likely to be among the top threats in the coming year.
Cybercrime is among the biggest threats facing businesses today, creating financial and operational burdens that many organizations simply cannot overcome. Hiscox, a global provider of business insurance, reports that up to 20 percent of American and European companies came close to insolvency due to security breaches in 2021.
It was a record year for cyber threats, and most industry experts expect more of the same in 2023. Check Point, for example, predicts a continued sharp rise in cybercrime worldwide, driven by increases in ransomware and other attacks designed to exploit the continued use of remote and hybrid work models. Here are some of the threats most likely to impact the cybersecurity landscape in the coming year:
Ransomware
Ransomware is the chief source of income for cybercriminals, which is why it accounted for more than 70 percent of all malware attacks in 2022. Analysts anticipate a slight decline in 2023 due to uncertainty surrounding markets for cryptocurrency, the primary ransomware payment option, but these attacks will remain quite common. The availability of inexpensive, automated ransomware delivery kits and subscription-based Ransomware-as-a-Service (RaaS) exploits on the Dark Web make it easy for hackers to launch thousands of simultaneous attacks. Plus, some analysts say the ongoing Russia-Ukraine war and global inflation create additional financial incentives for state-sponsored ransomware gangs.
Attacks on Critical Infrastructure
In October, the pro-Russian hacking group Killnet launched a series of distributed denial-of-service (DDoS) attacks that took down the websites of multiple U.S. airports, including Los Angeles International, Chicago O'Hare and Atlanta Hartsfield-Jackson International. It was the most recent indicator that state-sponsored hackers are targeting critical infrastructure sectors such as transportation, energy, healthcare and agriculture. Microsoft analysts say about 40 percent of all nation-state attacks over the past year were aimed at critical infrastructure. Russia, Iraq, North Korea and China are behind most of these attacks, according to Microsoft.
Cloud breaches
Accelerated adoption of cloud applications and services has been instrumental in supporting remote and hybrid work models, but it has also contributed to a much larger attack surface. Forty-five percent of all data breaches occur in the cloud, according to IBM’s 2022 Cost of a Data Breach report. Cloud resources are an attractive target because they contain valuable data and are often highly vulnerable due to configuration errors, insecure interfaces, unpatched applications and weak access controls.
Supply-chain attacks
As organizations adopt more third-party software solutions, they become vulnerable to attacks targeting the suppliers of those solutions. In these attacks, malicious actors infiltrate a software vendor’s network and deploy malicious code to compromise the software before the vendor sends it to their customers. This allows attackers to spread malware to hundreds or thousands of victims by compromising a single piece of software. Gartner predicts that nearly half of all organizations worldwide will experience attacks on their software supply chains by 2025.
Mobile-first attacks
Mobile devices have surpassed desktops for most of our computing and Internet needs. Naturally, that makes them prime targets for hackers. According to Verizon’s 2022 Mobile Security Index, there’s been a double-digit increase in attacks targeting mobile devices over the past year. Forty-five percent of the IT professionals surveyed said their organizations experienced a security incident involving a mobile device that led to data loss, downtime or another negative outcome. Poor user security practices are a contributing factor. According to Verizon, two-thirds of mobile users have no security functionality of any kind on their devices.
Internet of Things attacks
The vast majority of businesses don’t know how many Internet of Things (IoT) devices are on their corporate networks, and that lack of visibility contributes to security issues. Billions of IoT devices are compromised by malicious actors attempting to organize botnets, steal data and mine cryptocurrency. Even with visibility, IoT devices are vulnerable because they have few built-in security controls due to their small form factor and lack of processing power. Beginning in 2023, U.S. government agencies will begin labeling IoT products and devices that meet certain security standards.
Data poisoning
Machine learning (ML) and artificial intelligence (AI) systems learn to make decisions by analyzing data and finding patterns. In poisoning attacks, malicious actors inject false data into ML or AI programs to confuse pattern-recognition algorithms and skew results. This could be used to circumvent security measures, steal data, compromise networks and undermine AI systems.
Camera-based malware
Some analysts anticipate a rise in exploits targeting smartphone cameras and the technology embedded within them. The software smartphone cameras use for reading QR codes, generating GIFs, creating Live Photos and Boomerang videos, and enabling other cool features may make them vulnerable to malware and other cyberattacks. For example, experts recently discovered that an Android application called “Process Manager” is a form of spyware that accesses a phone’s camera and microphone to surreptitiously record video and audio, take pictures, view pictures from the device and get the user’s precise GPS coordinates.
Conclusion
Although most companies are tightening their belts during this time of economic uncertainty, surveys suggest most will be increasing their cybersecurity spend to counter surging levels of cybercrime. Before investing in new security controls, companies should conduct assessments to identify and close any gaps in their security environment.
Assessments typically involve running internal and external scans on the network to find known weaknesses. When the scans are complete, a detailed report is generated that includes a definition of the found vulnerabilities, how they might be exploited, and how that might affect the organization’s security posture. Using that report, security experts can develop a plan that shows how to remediate the vulnerabilities.
