Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Four Ways Cybercrime Will Evolve in 2023

By Tyler Moffitt, Senior Security Analyst, OpenText Security Solutions

A new year brings new opportunities, and cybercriminals are ready to take advantage. This past year saw major developments in cybercriminal activity as threat actors worked to benefit from geopolitical tensions and economic woes amidst worsening inflation and recession fears. As we head into 2023, economic uncertainty will continue to weigh heavily on businesses, especially small- and mid-size businesses (SMBs) faced with shrinking security teams and budgets. Add macro-economic pressures to the mix and effective and affordable cybersecurity will feel next to impossible for many SMBs.

Threat actors will continue to evolve their tactics as they look to exploit new attack vectors. In 2022 phishing remained the dominant threat facing people and businesses, with an almost 1100% increase in phishing in just the first four months of year. I anticipate another active phishing year. The risk of ransomware will continue to grow due to the Ransomware as a Service (RaaS) business model taking hold. Furthermore, in today's hybrid work environment, the lines between work and home will also continue to blur with many employees using their personal devices for work. This will create additional security loopholes as personal devices often lack robust security software and group policies.

With so many factors at play, below are just four ways we can expect threat actors to evolve their tactics in 2023.

1.   Cyber attackers will use new and old techniques to bring down SMBs who are struggling to do more with less.

Cybercriminals will increase ransomware attacks on SMBs in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the U.S. Our recent SMB survey found that 52 percent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 57 percent were also concerned about their security budgets shrinking due to inflation. This will force already strapped SMBs to do more with less. Creating a cyber resilient posture will be more important than ever.

2.   Search engines will not only blur the lines between paid vs. organic search results, but also from what's real and fake, increasing phishing attacks.

Search engines like Google and Bing try to make it as easy as possible for business professionals and consumers to find the information they request, but it will become increasingly difficult to distinguish between safe and malicious search results. As search engines work to provide a more streamlined experience, they also put people at greater risk of being phished. On the consumer front, scammers will purchase top ranking search result ads and use them to drive people to malicious and fraudulent websites to steal their personal and financial information.

3.   As every home becomes a smart home and more personal data lives on the cloud, the attack surface will expand no matter how "secure" people feel.

There's a "Black Swan event" coming as consumers and businesses alike adopt new technologies to make their lives smarter and more convenient, in turn, sharing and storing more of their data in the cloud. Being connected to the internet 24/7 will make everyone who uses smart devices more vulnerable in the coming years. I believe a critical event this year, or merely increasing attacks, will signal a wake-up call to consumers and businesses to think more critically about how smart technology use hinders their security and privacy.

4.   Cybercriminals will take advantage of consumers' vulnerable footing to increase attacks as the economy suffers and inflation rises.

No one is more opportunistic than cybercriminals. They are experts in understanding consumers' greatest concerns and how to tap into these fears with phishing tactics to steal their money or personal information. Covid-19 was a prime example of leveraging fear into ROI and the more recent Ukraine war only adds fuel to the fire. I anticipate this attack approach will continue to rise as the U.S. experiences growing inflation, resulting stimulation checks, job losses and a potential recession for more fear tactics.

While these predictions may seem grim, the bright side is that there are many steps businesses and individuals can take to protect themselves against security threats and achieve cyber resilience. Understanding cybercriminal behavior through education and implementing a multi-layered approach to protecting data and information from evolving attack surfaces and threat vectors are recommended course of actions. Cyber resilience is a posture and mindset of a prepared individual in today's landscape. It's not a question of if you'll be attacked, but when. As long as you are worried about being attacked and on the lookout, you have less to worry about.

##

ABOUT THE AUTHOR

Tyler Moffitt, Sr. Security Analyst at OpenText Security Solutions

Tyler Moffitt is a Sr. Security Analyst at OpenText Security Solutions who stays deeply immersed within the world of malware and antimalware. He is focused on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and testing in-house tools.