Saturday, December 31, 2022

7 Expected Cyber Trends For 2023

 


Well, here we are on New Year’s Eve of 2022.  So what will the Cyber world look one day from now?  Here are some thoughts:

1)     Automation will become more popular:

I’ve written numerous whitepapers this past year on automation.  For right now, this is popularly used in the manufacturing industry, such as cars, where Robotics are used quite a bit.  But how about Cyber?  It has made its start as well here, but to of limiting degrees.  For example, it is being used quite heavily in AI, in order to help optimize and clean out large datasets.  It is also being used in both Pen Testing and Theat Hunting.  But will we see more of in 2023?  I think we possibly could, especially when it comes to getting a much more accurate picture of the Cyber threat landscape.

2)     Scary ML:

While AI has its good side, it does possess its dark side as well.  Probably the worst-case usage of it are the Deepfakes.  This is when a fake video of a real person is created, in order to make them look like the real thing.  Luckily, we did not see too much of it in the midterm elections of this year, but it is expected that starting next year and forwards, the malicious use of Deepfakes is only going to get worse.  This is especially true when it comes Social Engineering, and launching Synthetic ID Fraud attacks (this is where bits and pieces about a real person are used to create an entirely fake persona).

3)     Malicious uses of Chatbots:

Remember those pesky things that appear on the lower right-hand side of a website?  That is what I am talking about.  It seems like that just about every website now has them, and when then they do appear at first, they have a horrible sound to them.  But anyways, Chatbots are supposed to be of help when you can’t get through to someone on the customer service line.  But I have never found them to be useful because all I get are canned answers.  But the truth of the matter is that these so called Chatbots are getting much more advanced all the time.  Now it has come to the point where even the Cyberattacker have hijacked Chatbots for malicious purposes.  One such case was the “ChatGPT”.  This is where various languages were used in various Chatbots.  Nothing wrong with that, but the problem was that the language was so perfect the end user did not realize that they were communicating with a malicious third party that could barely even speak English.  More details about this can be seen at the link below:

https://venturebeat.com/security/chatgpt-ransomware-malware/

Worst yet, the chatbot can also be used for a supply chain attacks.  For example, all a Cyberattacker has to do is infect one machine with some nefarious malware, and from there, that will spread like wildfire to hundreds, if not thousands of other unsuspecting victims.

4)     Critical Infrastructure:

We have seen attacks here already happen, but the fear is that it could get a lot worse, especially with the geopolitical tensions right now with the Ukraine and Russia.  What we have seen so far have been much smaller scale attacks (except for maybe the Colonial Gas Pipeline attack), but this could magnify greatly next year and beyond.  For instance, what is feared is that there could be a simultaneous hits in major cities on our own soil.  It could impact everything from the water supply to the national power grid.  Just imagine not having either one for weeks at a time?  Well, that is what could very well happen.  The problem with our Critical Infrastructure (as I have written about before) is that it is built upon technology way back in the 1970s.  So it cannot be ripped out and replaced with a new one, nor can you simply apply patches and upgrades.  This only means that we will simply be a sitting duck in this regard for a long time to come.

5)     Attacks on other targets, with the IoT:

The IoT is blossoming and will one day come into full growth.  This is where all devices that we have contact with in both the physical and virtual worlds are all interconnected together.  This has given to novel items such as smart cars, smart homes, etc.  But the problem with all of this interconnectivity is that if a Cyberattacker found just one weakness to penetrate into, they could get all over into the place, and even launch an attack on Critical Infrastructure from this angle.  For example, it is quite conceivable a Cyberattacker could commandeer a commercial airplane or even a boat, and steer it purposely in the wrong direction in order to cause the greatest amount of damage that is possible.  Yes, in a way it can be advantageous to have all of this interconnectivity, but at what price to society will it come at?  That is the question yet to be answered, and unfortunately, the answer will be quite depressing.

6)     Mergers and Acquisitions:

Although there have been a number of tech layoffs recently, it is still expected that the Cybersecurity industry will grow, just for the sheer fact that we need it.  Therefore, it is expected that there will be more buyouts and transactions that will happen in 2023.  In fact, I have seen this already happen in 2022, as I peruse through the news headlines on a daily basis.  There is at least one headline per day where some VC is giving out money to a startup, or one Cyber company is buying out another one.  There will always be innovation and growth here, so expect this kind of activity to happen for the long term.

7)     More tabs on the workforce:

The COVID-19 pandemic changed the shape of this world, both for the good and bad.  But one thing for sure is that the Remote Workforce will now be a permanent fixture here at least in Corporate America for a long time to come.  Because of this, employers will need better ways in order to keep tabs on their employees.  Unfortunately though, these will be much more covert and stealthier, and in some cases, even scarier in the eyes of the Remote Worker.  This can be likened to the fear of Big Brother watching.  But this a tradeoff proposition:  If employees want to WFH, then they need to accept the fact that there will be a need for their employer to keep closer tabs on them.  Will the Hybrid Workforce model alleviate this?  Let’s find out as 2023 starts soon.

My Thoughts On This:

Well, there you have it, a list of what could possibly happen next year on the Cyber front.  In reality it is hard to say if they will happen, but we will know one year from now, as we await for the start of 2024.  But one thing is for sure:  The oldest threat vector, Phishing, will still continue in full force even going into 2023.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...