Virtualization Technology News and Information
Acronis 2023 Predictions: Cyber Threat Predictions for 2023


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Cyber Threat Predictions for 2023

By Candid Wuest, VP of Cyber Protection Research, Acronis

Today's world is more digitally dependent than ever. IT environments are becoming increasingly complex, and small flaws in resilience can have a major impact on an organization's ability to continue operating despite security incidents or breaches. Here are ten trends that are likely to shape the cybersecurity landscape in 2023.

1. Authentication - is that really you?

Authentication and Identity Access Management (IAM) will get successfully attacked more frequently. Many attackers have already started to steal or bypass Multi-factor Authentication (MFA) tokens. In other situation overwhelming targets with requests, for example in MFA fatigue attacks, can lead to successful logins without the need of a vulnerability. The recent attacks against Okta and Twilio showed that such external services are getting breached too. This is of course on top of the still ongoing weak and reused password problems of the past years. Hence it is all the more important to understand how your authentication works and how the data is accessed by whom.

2. Ransomware - still going strong

The ransomware threat is still going strong and evolving. While we are seeing a shift towards more data exfiltration, the main actors are continuing to professionalize their operations. Most of the large players have expanded to MacOS and Linux and are also looking at the cloud environment. New programming languages like Go and Rust are becoming more common and require adjustments in the analysis tools. The number of attacks will continue to grow as they are still profitable, especially when cyber insurance covers some of the impact. Attackers will increasingly focus on uninstalling security tools, deleting backups, and disabling disaster recovery plans wherever possible. Living of the Land techniques will play a major role in this.

3. Data breaches - for the masses

Information-stealing malware, such as Racoon and Redline, is becoming the norm for infections. Stolen data often includes credentials, which are then sold for further attacks via initial access brokers. The growing number of blobs of data combined with the complexity of interconnected cloud services will make it harder for organizations to keep track of their data. The requirement for multiple parties to access the data makes it harder to keep it encrypted and protected. A leaked API access key, for example on GitHub or the mobile app, can be enough to steal all data. This will lead to advances in privacy-friendly computing.

4. Phishing beyond emails

Malicious emails and phishing attacks continue to be sent by the millions. Attackers will continue to try to automate and personalize the attacks using previously leaked data. Socially engineered scams like Business Email Compromise Attacks (BEC) will increasingly spread to other messaging services like text messaging, Slack, Teams chat, etc. to avoid filtering and detection. Phishing, on the other hand, will continue to use proxies to capture session tokens, steal MFA tokens, and use diversions like QR codes to further hide itself.

5. Not so smart contracts

An end to the attacks on cryptocurrency exchanges and smart contracts on the various blockchains does not seem to be in sight. Even nation state attackers are trying to steal hundreds of millions in digital currencies. The more sophisticated attacks on smart contracts, algorithmic coins and DeFi solutions continue, in addition to the classic phishing and malware attacks against their users.

6. Living of your infrastructure

Service providers are increasingly being attacked and compromised. The attackers then abuse the installed tools like PSA, RMM or other deployment tools to live off that land. They are not only managed IT service providers, but also consulting companies, first-level support organizations and similarly connected partners. These outsourced-insiders are often deployed as the weakest link in a target organization without painstakingly crafting software supply chain attacks.

7. Calling from within the browser

There will be more attacks in or through the browser, conducting the attacks from within the sessions. Malicious browser extensions swapping targets addresses of transactions or stealing passwords in the background. There is also a trend in hijacking the source code of such tools and adding the backdoors through the GitHub repository. On the other side, websites will continue tracking users with JavaScript and oversharing session ids across HTTP referrers to marketing services. Attackers will expand on the Formjacking/Magecart techniques where small added snippets steal all the information in the background of the original website. With the increase of serverless computing, the analysis of such attack can become more complicated.

8. Cloud automation through APIs

There has already been a tremendous shift of data, processes and infrastructure to the cloud. This will continue with more automation between different services. Many IoT devices will be part of this large hyper-connected cloud of services. This will result in many APIs being accessible from the internet and therefore increasing attacks on them. Because of the automation, this can trigger large scale attacks.

9. Business process attacks

Attackers will always come up with new ideas on how to modify business processes for their own benefit and profit. Like changing the receiving bank account details in an organization's billing system template, or adding their cloud bucket as a backup destination for the email server. These attacks often do not involve malware and require close analysis of user behavior, much like the growing number of insider attacks.

10. AI everywhere

AI and ML processes will be used by corporations of all sizes and sectors. Advances in the creation of synthetic data will further fuel some identity fraud and disinformation campaigns using deep fake content. A more worrisome trends will be the attacks against the AI and ML models themselves. Attacker will try to use weaknesses in the model, implant bias on purpose into data sets or simple use the triggers to flood IT operations with alerts.




Candid Wuest is the VP of Cyber Protection Research at Acronis, the Swiss-Singaporean cyber protection company, where he researches on new threat trends and comprehensive protection methods. Previously he worked for more than sixteen years as the tech lead for Symantec's global security response team. Wuest has published a book, various whitepapers and has been featured as a security expert in top-tier media outlets. He is a frequent speaker at security-related conferences including RSAC and AREA41. Wuest is an advisor for the Swiss federal government on cyber risks. He learned coding and the English language on a Commodore 64. He holds a master of computer science from the ETH Zurich and various certifications and patents.

Published Friday, October 28, 2022 7:46 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>