Many sectors operating in the technology space has undergone rapid digital transformation in 2022. While the rapid adoption of digital technologies helps in implementing new and disruptive business models and processes, it also involves risks, increasing cyberattacks being the biggest risk factor. To address these challenges, security leaders should ensure cybersecurity is woven into the digital fabric to achieve a state of “security by design.” As 2022 comes to a close, the following cybersecurity predictions focus on the issues that we are likely to see in 2023.
In 2023, adversaries will leverage identity-based attacks for initial access and lateral movement, driving down breakout time: Throughout 2022, we have seen an increase in identity-based attacks and development of sophisticated file-less techniques bypassing traditional multi-factor authentication defenses. And it’s not just stolen credentials, as pass-the-cookie, golden-SAML, and even social engineering with MFA fatigue add to the ever growing ways to compromise an identity. In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure, or exfiltrate critical data from Azure, GCP, or AWS public cloud infrastructure.
APIs are the next attack vector: With the proliferation and use of SaaS applications, API usage has grown exponentially year-over-year, and, as with any growth area, the associated risk is also increasing. APIs connect critical data and services that drive today's digital innovation. As a result, APIs have proven an extremely valuable target for cyber criminals. It is imperative for security teams to have thorough understanding and clear visibility into their full attack surface. This surface includes all APIs in your environment, including undocumented (shadow) APIs as well as unused/deprecated APIs that have not been disabled. As a result, APIs have proven an extremely valuable target for cyber criminals. On the heels of several recent high-profile API-related incidents - the trend is expected to accelerate into 2023.
In 2023, dedicated data leak marketplaces will see a massive expansion as extortion becomes the #1 eCrime TTP: In 2023, we will see a growth in the weaponization of data as extortion becomes the most common TTP used by eCriminals. Data extortion will surpass traditional data encryption and provide threat actors the ability to victimize organizations repeatedly with such tactics as double or triple extortion. This will be demonstrated through lock-and-leak operations, where eCrime actors will target organizations with high value data - such as in the technology, manufacturing and financial sectors - locking target networks and subsequently threatening to leak victim information. In industries such as healthcare that must comply with various regulatory requirements, such an attack can be devastating. As a result of this increase in data theft and extortion, there will be explosive growth of new criminal marketplaces dedicated to advertising and selling victims’ data.
The vicious Zero-Day Tuesday/Hack Wednesday cycle will continue: The patch panic that seizes security teams the second Tuesday of every month will persist and increase in 2023 as adversaries grow the sophistication of their TTPs and continue their feverish targeting of zero-day vulnerabilities. As we have seen, the number of zero-days and critical vulnerabilities has continued to increase, and, concurrently, the time between the disclosure of those vulnerabilities and threat actors actively attempting to exploit them has narrowed. In fact, in 2022, we witnessed many cases of threat actors exploiting announced vulnerabilities immediately. The continued growth in zero-day threats will underscore the importance for proactive threat hunting solutions capable of addressing threats at scale. Until then, organizations will spend more time pushing critical patches as soon as they’re available, or focusing on workarounds when the patches aren’t available.
Organizational constraints in the uncertainty of 2023 will result in high-profile cyber incidents: Uncertainty is pervasive around the world, and it will provide an environment ripe for threat actors to exploit. In the current, rapidly changing economic and geopolitical climate, organizations are under increased pressure to do more with less, securing their business with similar or potentially fewer resources against the ever-increasing volume and severity of cyberattacks. A high-profile cyberattack will have even greater consequences to the victimized organization, as one major data breach threatens to cripple the entire business when organizations cannot afford any downtime. Cybersecurity incidents are expensive and can go on for years, including the cost of cleaning up after a breach, paying for incident response and forensic investigations, legal costs, changing security providers, through to notifying customers and regulators. In 2023, we will see even more high-profile incidents as a result of the increased pressure of organizational constraints in these times of uncertainty.
The article has been written by Mike Sentonas, Chief Technology Officer, CrowdStrike