Saturday, December 24, 2022

What The Cyber Threat Landscape Will Look Like In 2023 - 4 Key Takeaways

 


Well, here we are on Christmas weekend, with the big day being tomorrow.  Hopefully everybody is safe and sound from this deep freeze the United States is going through.  What is even harder to believe is that in in one week it will be 2023.  It just seems like yesterday, back in 2020, when the COVID-19 pandemic made all of the news wires.

So, it is now during this time period that all of the security pundits are making their predictions for next year.  I sort have eluded to this in my blogs over the last couple of weeks, but I have not formalized into content yet.  That will be the purpose of today’s blog, so here we go:

1)     More disruption:

This term here always gives me the shakes when I hear it, because it is such an overused technojargon.  But when it comes to an actual attack, then that is different.  Many pundits are predicting that Cyberattackers will launch threat vectors just for the sake of doing so.  For example, they may not really be after anything per se, but rather, they want their presence to b known and felt.  This may lead to a chain of other disruptive style attacks to happen, but the idea here is to simply be a nuisance to a business.  And it won’t be a one-time deal, rather, it will happen quite frequently.  In this aspect, to see more worms, trojan horses, viruses, and DDoS attacks to occur.  The good news is that Ransomware attacks will probably even decrease some more, as they have fallen by well over 8% in the last part of this year (SOURCE:  https://blog.checkpoint.com/2022/10/26/third-quarter-of-2022-reveals-increase-in-cyberattacks/).  Probably another form of a disruptive attack are those pf the data leakages, whether the are intentional or not.  Just this year alone, 93% of US businesses experienced this, and over half lost data permanently (SOURCE:  https://www.securitymagazine.com/articles/97631-93-of-orgs-have-suffered-a-data-related-business-disruption).

2)     The Critical Infrastructure:

This is something I have been blabbering about this entire year.  We have seen attacks already happen, with the Colonial Gas Pipeline incident being the best example of this.  In the end, this led to huge shortages on the east coast, the futures prices for natural gas spiked, and in the end, the CEO had to pay a multimillion ransom.  Many pundits believe that 2023 could be the year when a much bigger, and a much more catastrophic Critical Infrastructure attack could happen.  For example, there could be multiple attacks om large cities here in the US, leaving our water and oil pipelines rendered useless, and there could even be a cataclysmic effect on the national power grid.  The unfortunate thing about all of this is that is that there is not a lot that can be done to fortify the level of security, as most of these infrastructures were built in the 1970’s.

3)     The supply chains:

Remember the Solar Winds hack?  That is an example of a supply chain attack, where one point of entry is used to infiltrate and expose hundreds if not thousands of other victims.  This is expected to continue into 2023, but my prediction is that we won’t see such large-scale attacks anymore.  Rather, they will be much smaller in nature, but they will be happening much more frequently, in order to be nothing but a deep nuisance, once again.  Bu the changing trend here is that the Cyberattacker won’t be acting alone.  Rather, they will form alliances with other hacking groups.  They will probably have other nation threat actors backing them up with financial support and a place to stay in hiding.  In other words, watch for a new type of organized crime forming here.

4)     Phishing:

Yes, the oldie but the goodie will still be around next year.  Did you realize that the first true Phishing attack occurred back in the late 90’s, and the victim was AOL?  That is how old Phishing is.  But keep in mind that the Cyberattacker has become much more sophisticated in this regard, and now they take their time to study their unsuspecting victims.  For example, they can study the Socia Media sites, and even use the various OSINT tools that are out there to find the weaknesses and vulnerabilities of their victims.  But it is important to keep in mind here that the Cyberattacker is not just going after everybody.  Rather in 2023, they will have a favorite one in mind: The C-Suite, their families, and their friends.  The concepts of Social Engineering will be used to here in order to launch what are known as “Sextortion” based attacks.  In these instances, the Cyberattacker will try to “extort” money out of their victims by threatening to release private information and pictures of their friends and family.  These can be very damaging, as these attacks become more personal in nature.  In the end, the targets will be the high-profile executives across Corporate America.

My Thoughts On This:

In the end, there is no way that you cannot be a victim Cyberattack.  It can happen to any of use, whether it is now or in 2023.  All we can do is to try and mitigate that risk from happening to us.  And this is where being proactive about things become important.  One of the best ways to do this is to watch what you put on your Social Media sites.  The safest bet here is to not even use them at all, or if you have to, use one or two of them at most. 

In my case, I am only active on Linked In and to some degree, Twitter.  A simple Google search will also reveal  many other ways to protect yourself in 2023.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...