Virtualization Technology News and Information
Barracuda 2023 Predictions: Threat actor sophistication will require innovative cybersecurity solutions


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Threat actor sophistication will require innovative cybersecurity solutions

By Members of the Barracuda executive team

In the past year, we witnessed the lengths threat actors will go to compromise organizations' systems-as well as the unfortunate business and societal impacts of these breaches. 

Barracuda's threat intelligence and research teams saw and defended against these attacks first hand-and they don't expect things to slow down. As such, our experts have included their top predictions on what the cybersecurity landscape will look like in 2023.

Novel MFA Social Engineering & Bypass Methods Will Drive Cyber Attacks

Sinan Eren, VP Zero Trust Security

During 2023, expect to see hackers continue to overwhelm and manipulate people utilizing Multi-Factor-Authentication (MFA) with novel social engineering and bypass methods to gain access to credentials and breach networks. MFA-Fatigue attacks-which bombard users with MFA notifications-will continue to be a favorite among hackers because they don't require malware or ransomware infrastructure. Additionally, they have proven to be very successful especially of late. Hackers will also increasingly deploy more advanced phishing techniques to bypass MFA like Man-in-the-Middle attacks, which can intercept and relay communications between two parties through a proxy site. It's highly likely that we'll also see downgrade attacks by phishers from secure FIDO2 keys to less secure secondary factors like SMS or TOTP.

Smishing (SMS Phishing) Attacks Will Overshadow Email Phishing Attacks

Sinan Eren, VP Zero Trust Security

With the heightened awareness of email phishing, cybercriminals are realizing that users are now more likely to click links within SMS messages that mimic the communications and websites of major organizations-aka Smishing. In 2023, Smishing attacks will become more prominent than email phishing attacks due to the popularity of smartphones and cybercriminals' sophisticated spoofing techniques. Smishing will be top-of-mind among security leaders and the c-suite next year and will drive awareness training initiatives across internal and external stakeholders.

Wiperware Stemming From Geo-Political Tensions Will Spill Into Other Countries

Fleming Shi, CTO, Barracuda

Russia's invasion of Ukraine this year revealed the modern digital battlefield. Most notably, we have witnessed an increased use of wiperware, a form of destructive malware against Ukrainian organizations and critical infrastructure. The frequency has dramatically increased as we saw WhisperGate, Caddy Wiper, HermeticWiper, and others hitting the news since the war broke out. Unlike the financial motivations and decryption potential of ransomware, wiperware is typically deployed by nation-state actors with the sole intent to damage and destroy an adversary's systems beyond recovery. In addition, in 2023, wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue; and hacktivism by non-state actors seeking additional measures to exploit victims. To ensure business continuity despite an attack, it's imperative for organizations to focus on full-system recovery that provides operability of the entire system instead of just data. For example, a speedy restore of the virtual version of a targeted physical system will dramatically improve the resiliency of your business against wiperware or other destructive malware attacks.

Ransomware Gangs Will Become Smaller and Smarter

Fleming Shi, CTO, Barracuda

Throughout 2022, the major ransomware gangs-LockBit, Conti, and Lapus$-were behind blockbuster attacks, keeping them in the headlines. But in 2023, with the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight. During the year, organizations will experience an increased frequency of ransomware attacks with new tactics, and those that aren't prepared will make headlines that devastate their business and reputation.

Cyber Insurance Will Become More Expensive Despite Covering Less

Aidan Kehoe, SVP, Barracuda

Going into 2023, the capacity of cyber insurance will continue shrinking as a result of increased demand and expected losses. This will cause premiums to skyrocket and unfortunately, many organizations will not be able to afford the exact policies they held last year. Additionally, the gray areas created by the anonymity of cyber attacks and the recent cyber insurance mandates excluding war and non-war, state backed cyber-attacks will drive litigation and investigations around coverage next year. To compensate for gaps in coverage and liability, organizations will be forced to purchase additional cybersecurity solutions.

The continued sophistication of threat actors amid an economic downturn can be devastating to already vulnerable businesses. As such, the new year will drive the need for innovative cybersecurity solutions that ensure resilience.

Published Monday, January 09, 2023 10:03 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>