Consider cyberthreats variations on a theme — the new and novel are rare.
Instead, at their core, many of the top cyberthreats organizations encounter stem from human error and mistakes. That's why experts are quick to call out the perils of phishing and spear phishing attacks.
Those initial mistakes can serve as a bridge to a larger incident.
Cybersecurity Dive asked researchers and analysts what cyberthreats they expect to emerge this year and if they have any predictions on what attacks we'll see. Is there a trend or prediction you think we should highlight? Email us at [email protected]
(Responses have been edited for length and clarity)
Rick Holland, CISO and VP of strategy at Digital Shadows:
Don't expect massive change regarding next year's cyber threats. The threat landscape doesn't dramatically change year over year — it doesn't have to. Why reinvent the wheel when targeting the same unpatched applications and misconfigured remote services work so well?
Extortion will continue, actors will target vulnerable supply chain partners, malicious crypto apps will steal millions, and hacktivists will continue to support their causes. All of this has happened before. All of this will happen again.
Geopolitics has driven the threat landscape since the dawn of time and will continue to do so in 2023. The implications from the Russia/Ukraine war and the China/Taiwan tensions aren't outliers, new flashpoints will emerge, and there will be implications for cyberspace.
Nicole Darden Ford, CISO for Rockwell Automation:
With rising geopolitical tensions, we expect cyberattacks to continue as a weapon of choice and critical infrastructure as a growing target.
This is all the reason, public and private entities should follow cybersecurity guidance by government entities, such as CISA, to mitigate risks.
Mauricio Sanchez, research director at Dell’Oro Group:
Ransomware/data exfiltration will remain prevalent threat vectors via end-user compromise (classic phishing attacks) and IT misconfigurations.
Nation-state supported attacks will increase. The perennial attacks from North Korea and Iran will be joined by an increased number from Russia and China.
Attacks against OT/IoT will increase leading to another Colonial Pipeline class event.
Michael Diamond, technology analyst at Futurum Research:
From a cyberthreat perspective, of course, not all attacks and motivations are created equal. I think for mainstream attacks, I would still put phishing or spear phishing attacks at the top of my list since they are easy to deploy, effective and the path of least resistance.
Fundamentally, we are still answering myriad emails and texts a day and attackers have become more sophisticated.
Also, as more organizations are trying to permeate more analytics across the organization in reporting and platforms, the risks are higher since the sheer amount of data that is out there at their fingertips is greater than ever before.
Chester Wisniewski, principal research scientist at Sophos:
Looking forward into 2023 has me very concerned with what developments we see with the malicious use of machine learning technologies. The criminals have largely been too lazy to embrace and abuse many of the existing solutions offered by modern artificial intelligence, but I think we may be turning a corner.
In fact, the publicly available models like Dall-E and ChatGPT3 require no effort to abuse, which I suspect means that they will be quickly adopted by criminals if they can help advance their aims.
I’m not sure they can all be armed — Dall-E isn’t particularly useful outside of creating memes and clipart for PowerPoint decks — but ChatGPT3 could easily be weaponized to help criminals write more convincing phishing and business email compromise scams.
The majority of user training has focused on users looking for clues that the perpetrators are not likely native English speakers, but ChatGPT3 gives criminals a freely available tool to help eliminate that suspicion for many users.
Other than that, ransomware, blah blah blah, crypto scam, yada yada yada.
Jon Geater, chief product and technology officer at RKVST:
Software vendors can no longer hide their shortcomings, and software users can no longer hide from their responsibilities if they choose to deploy something inappropriate.
Although there’s still a way to go, we are definitely now on a road on which the digital supply chain is recognized as being as critical as the physical one: Suppliers must supply quality, and consumers must take control of their own risk.
Regarding supply chain attacks, most of the problems come from mistakes or oversights originating in the supply chain which then open the target to traditional cyberattacks.
It’s a subtle difference, but an important one. I believe that the bulk of discoveries arising from improvements in supply chain visibility next year will highlight that most threats arise from mistake, not malice.