- New types of threat actors and groups are developing partnerships putting aside previously disparate motivations.
- AI is playing an increasing role in malicious purposes and preemptive defense measures.
- As the e-payments space grows, attack surfaces expand, creating new opportunities for threat actors to target users and companies.
- Disparities in cybersecurity capabilities continue to grow between private and public organizations.
- CISOs pressures will increase and influence how they approach cybersecurity concerning talent, budgets, strategies for personal career protection, and organizational security.
- The Big Four—Russia, China, Iran, and North Korea—will be highly active in 2023, using destructive attacks, information operations, financial threats, and more.
Tel Aviv, Israel, November 15, 2022 – Cybersixgill, the global cyber threat intelligence data provider, announced today the 2023 trends that will significantly impact cybersecurity and reshape the threat landscape. According to the company’s threat research experts, combining global geopolitical forces, economic pressures, and AI creates new opportunities for cyber attacks and alliances among threat groups, creating greater challenges for organizations in taking proactive cybersecurity measures. While the western world struggles with rising grocery bills and gas prices, the economy of the dark web–the digital black market–is chugging along as usual.
What is unique about the world we are in now – is that it is not just increasingly sophisticated technology escalating cyber conflicts – but the changing vectors of motivations and new alliances among protagonists and antagonists. With an expanding attack surface and emerging threats whose targets stem from ideological and financial motivations, cyber warfare is becoming increasingly complex as it stretches across global geographies. Furthermore, government organizations and businesses face limited talent resources and budgets to proactively prevent attacks, forcing them to do less with more. These factors drive a greater reliance on increasingly sophisticated tools such as ML and AI.
Let’s take a closer look at 2023 Trends according to Cybersixgill.
TREND #1: The rise of new threat actors – ‘Quasi-APTs” and state-sponsored threat actors- presents significant risks to global governments, business organizations, and individuals.
- The rise of “Quasi-APT” becomes a more entrenched cyber threat with capabilities equal to those of nation-state-sponsored threat actors. CISOs must maintain constant vigilance, ensuring they can track, monitor, and remediate threats from multiple focal points. It’s not only the well-known advanced persistent threats (APTs) anymore, but your average dark web actor or the local anonymous chapter.
- In 2023, the Quasi-APT’s emergence will escalate due to the democratization of cyberweapons and access enabled by powerful technology now accessible to cybercrime underground. For as little as $10 a piece, threat actors can purchase access and gain a steady foothold in their targets’ systems, attaining a beachhead into highly secured organizations without having to bother with the complex, drawn-out process of gaining initial access on their own. By outsourcing access, attackers of all levels of sophistication can leapfrog several steps, jumping yet another step closer to the level of an APT – hence the birth of the quasi-APT.
- What do companies need to do in response and preparation for this? Automated threat intelligence and robust vulnerability management programs are now more critical than ever for enterprises, as they must cope with thousands of compromised endpoints.
TREND #2: Artificial Intelligence (AI) will play an increasingly important role on both sides of the cyberwar battlefield – as threat actors access malicious AI and organizations move to more proactive and preemptive cybersecurity strategies.
- The use of AI in cyber threat intelligence will escalate in 2023. Why now, since AI has been in play for several years? Historically, criminals have embraced technologies a few years after launch when the technology has become easy to use. We are now at a point where teenagers can use scripts found on GitHub to do basic AI and use them for constructive purposes. Threat actors can use AI for an advanced ‘credential stuffing’ attack, in which they can recognize password patterns to generate password guesses for different systems. AI in Proactive and Pre-emptive Cybersecurity (the good guys): To respond to the escalation by threat actors and criminals using malicious AI, the government and enterprise organizations must use NLP and AI to move to proactive cybersecurity and move away from a reliance on past reactive approaches.
- In 2023 – Automation using AI will play an essential role in Proactive Cybersecurity. Currently, the threat numbers are daunting. It’s a needle in the haystack situation to determine which threats matter. AI detects real threats and builds proper defenses that send resources to the right place at the right time – around chatter and tracking the discourse between threat actors. Combining automation, advanced analytics, and rich vulnerability to exploit intelligence addresses all phases of the Common Vulnerabilities and Exposures (CVE) lifecycle.
Trend #3: New attack surfaces arise in the ePay space (ApplePay, Shopify, Venmo, Paypal, etc.)
- As the digital economy grows, digital crime grows with it. Soaring numbers of online and mobile interactions are creating millions of attack opportunities. Many lead to data breaches that threaten both people and businesses. At the current growth rate, cyberattack damage will amount to about $10.5 trillion annually by 2025.
- Electronic payment methods changed significantly in 2022 – with increased momentum expected to occur in 2023. Online payments surged parallel to the growth in online shopping during the COVID-19 pandemic. According to the Electronic Payments Coalition, nearly $2 billion in mobile payments were processed daily in 2021, up 22% from the previous year, according to the Global System for Mobile Associations State of the Industry Report on Mobile Money 2021. At the same time, the annual survey by the Association of Financial Professionals found payment scams hit almost 75% of businesses. Thirty percent of companies in the 2021 AFP Payments Fraud and Control Survey Report said payment fraud was on the rise, and the majority blamed adjustments brought on by the pandemic.
- The COVID-19 pandemic ushered in an unprecedented era of online shopping, digital payments, and cybercrime. Biometric advances, new international standards, and cyber-security tools are shaping the new world of payment fraud protection. There is significant economic motivation on the dark web to go after ePay for those motivated by financial pressure and criminal behaviors, as opposed to politics.
TREND #4: In 2023, disparities will emerge in cybersecurity capabilities between private and public organizations versus the federal government and across geographies.
- Come 2023, in the United States – there will be different experiences for the government versus companies, with the private sector on its own regarding the increasing number and ferocity of attacks – as they currently are. Businesses will need to respond to new federal regulatory requirements. They may also experience increased attacks, given their predisposition to take visible political stances and engage in boycotts against other countries.
- The Federal Government will focus on using resources to protect its organizations, as politically motivated attacks will increase from state-sponsored organizations and individuals and organizations who are politically motivated and incited by current actions but are not state-backed. They are motivated by finances and the strong desire to take a stance (through technology), their form of protest.
- CISA has been pushing hard to create a set of new directives, which compose a set of first steps for Federal Civilian Executive Branch (FCEB) agencies to follow in their quest to become cyber resilient. As part of this initiative, CISA is working urgently to gain greater visibility into risks facing federal civilian networks and predicts the next step is establishing baseline requirements for all FCEB agencies to identify assets and vulnerabilities on their networks and provide data to CISA at defined intervals.
Trend #5: CISOs will increasingly change how they approach cybersecurity concerning talent, budgets, and strategies for personal career protection and organizational security.
- In 2023 – CISOs will significantly change how they approach cybersecurity from the perspectives of talent, budgets, and strategies – both for personal career protection and organizational security. The recent Uber CISO guilty verdict has put CISOs on notice to adjust strategies and increase transparency.
- In 2023 – CISOs may be inclined to consolidate technologies and tools to ‘cut the fat’ in previously inflated cybersecurity spending. An area tempting for cuts by budget makers is security awareness and other kinds of training. The top brass of organizations must start taking cybersecurity seriously and spending money on defenses outside the IT department. It’s crucial to remember that most data breaches still result from human error, demonstrating the inadequacy of traditional security awareness training. Modern companies must abandon compliance-based awareness campaigns from the past in favor of extensive behavior and culture change programs that promote safer workplace practices.
- Dial-up security investments. Geopolitical events and technological disruption will continue fueling a sophisticated, fast-evolving threat landscape. Prioritized security controls and solutions that protect customer-facing and revenue-generating workloads. CISOs will defend investments that support cloud modernization and the organization’s evolution to Zero Trust.
- Nothing is ever stagnant in the cybersecurity space. Cybercrime Is increasingly lucrative, even more than drug trafficking. It is thought that cybercriminals can rake in $1.5 trillion annually. We expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors – but also due to larger changes in the world: global unrest, supply chain instability, and soaring inflation – will impact an organization’s ability to mitigate, remediate, or prevent a problem.
- In 2023, we will see ransomware flourish, which has become one of the most prolific and costly types of malware in recent years. While ransomware is hardly a new threat – the first ransomware variant was the “AIDS virus,” created in 1989 – the development of cryptocurrency, which allows pseudonymous payments of virtual currency – has made it possible for ransoms to be paid digitally and anonymously, making ransomware attacks safer and easier to perform for cybercriminals. And while it is well-established as part of many threat actors’ toolkits, data shows more of a drop in U.S. ransomware incidents and a rise in European ransomware incidents.
- There will be an increase in the number of attackers motivated simply by bragging rights. These actors are often younger and unrelated to a nation-state or organized group. The Big Four—Russia, China, Iran, and North Korea—will be highly active in 2023, using destructive attacks, information operations, financial threats, and more. Companies in European regions must stay especially vigilant, and organizations worldwide must be ready for increased attempts at extortion. Extortion actors will stop at nothing to achieve their goals, even using physical devices and less common types of social engineering.
Cybersixgill continuously collects and exposes the earliest possible indications of risk produced by threat actors moments after they surface on the clear, deep, and dark web. This data is processed, correlated, and enriched using automation to create profiles and patterns of threat actors and their peer networks, including the source and context of each threat. Cybersixgill’s extensive body of data can be consumed through a range of seamlessly integrated into your existing security stack, so you can pre-empt threats before they materialize into attacks. The company serves and partners with global enterprises, financial institutions, MSSPs, and government and law enforcement agencies.