Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Threat actor sophistication will require innovative cybersecurity solutions
By Members of the Barracuda
executive team
In
the past year, we witnessed the lengths threat actors will go to compromise
organizations' systems-as well as the unfortunate business and societal impacts
of these breaches.
Barracuda's
threat intelligence and research teams saw and defended against these attacks
first hand-and they don't expect things to slow down. As such, our experts have
included their top predictions on what the cybersecurity landscape will look
like in 2023.
Novel MFA Social Engineering &
Bypass Methods Will Drive Cyber Attacks
Sinan Eren, VP Zero Trust Security
During
2023, expect to see hackers continue to overwhelm and manipulate people
utilizing Multi-Factor-Authentication (MFA) with novel social engineering and
bypass methods to gain access to credentials and breach networks. MFA-Fatigue
attacks-which bombard users with MFA notifications-will continue to be a
favorite among hackers because they don't require malware or ransomware
infrastructure. Additionally, they have proven to be very successful especially
of late. Hackers will also increasingly deploy more advanced phishing
techniques to bypass MFA like Man-in-the-Middle attacks, which can intercept
and relay communications between two parties through a proxy site. It's highly
likely that we'll also see downgrade attacks by phishers from secure FIDO2 keys
to less secure secondary factors like SMS or TOTP.
Smishing (SMS Phishing) Attacks
Will Overshadow Email Phishing Attacks
Sinan Eren, VP Zero Trust Security
With
the heightened awareness of email phishing, cybercriminals are realizing that
users are now more likely to click links within SMS messages that mimic the
communications and websites of major organizations-aka Smishing. In 2023, Smishing attacks will become more prominent than
email phishing attacks due to the popularity of smartphones and cybercriminals'
sophisticated spoofing techniques. Smishing will be top-of-mind among security
leaders and the c-suite next year and will drive awareness training initiatives
across internal and external stakeholders.
Wiperware Stemming From
Geo-Political Tensions Will Spill Into Other Countries
Fleming Shi, CTO, Barracuda
Russia's
invasion of Ukraine this year revealed the modern digital battlefield. Most
notably, we have witnessed an increased use of wiperware, a form of destructive
malware against Ukrainian organizations and critical infrastructure. The
frequency has dramatically increased as we saw WhisperGate, Caddy Wiper,
HermeticWiper, and others hitting the news since the war broke out. Unlike the
financial motivations and decryption potential of ransomware, wiperware is
typically deployed by nation-state actors with the sole intent to damage and
destroy an adversary's systems beyond recovery. In addition, in 2023, wiperware
emanating from Russia will likely spill over into other countries as
geopolitical tensions continue; and hacktivism by non-state actors seeking
additional measures to exploit victims. To ensure business continuity despite
an attack, it's imperative for organizations to focus on full-system recovery that
provides operability of the entire system instead of just data. For example, a
speedy restore of the virtual version of a targeted physical system will
dramatically improve the resiliency of your business against wiperware or other
destructive malware attacks.
Ransomware Gangs Will Become
Smaller and Smarter
Fleming Shi, CTO, Barracuda
Throughout
2022, the major ransomware gangs-LockBit, Conti, and Lapus$-were behind
blockbuster attacks, keeping them in the headlines. But in 2023, with the
ransomware-as-a-service business model taking off and the recent build leak of
LockBit 3.0, a new generation of smaller and smarter gangs will steal their
limelight. During the year, organizations will experience an increased
frequency of ransomware attacks with new tactics, and those that aren't
prepared will make headlines that devastate their business and reputation.
Cyber Insurance Will Become More
Expensive Despite Covering Less
Aidan Kehoe, SVP, Barracuda
Going
into 2023, the capacity of cyber insurance will continue shrinking as a result
of increased demand and expected losses. This will cause premiums to skyrocket
and unfortunately, many organizations will not be able to afford the exact
policies they held last year. Additionally, the gray areas created by the
anonymity of cyber attacks and the recent cyber insurance mandates excluding
war and non-war, state backed cyber-attacks will drive litigation and
investigations around coverage next year. To compensate for gaps in coverage
and liability, organizations will be forced to purchase additional
cybersecurity solutions.
The
continued sophistication of threat actors amid an economic downturn can be
devastating to already vulnerable businesses. As such, the new year will drive
the need for innovative cybersecurity solutions that ensure resilience.
##