Well, here we are on Christmas weekend, with the big day
being tomorrow. Hopefully everybody is
safe and sound from this deep freeze the United States is going through. What is even harder to believe is that in in
one week it will be 2023. It just seems
like yesterday, back in 2020, when the COVID-19 pandemic made all of the news
wires.
So, it is now during this time period that all of the
security pundits are making their predictions for next year. I sort have eluded to this in my blogs over the
last couple of weeks, but I have not formalized into content yet. That will be the purpose of today’s blog, so
here we go:
1)
More disruption:
This term here always gives me the shakes
when I hear it, because it is such an overused technojargon. But when it comes to an actual attack, then
that is different. Many pundits are
predicting that Cyberattackers will launch threat vectors just for the sake of
doing so. For example, they may not
really be after anything per se, but rather, they want their presence to b
known and felt. This may lead to a chain
of other disruptive style attacks to happen, but the idea here is to simply be
a nuisance to a business. And it won’t
be a one-time deal, rather, it will happen quite frequently. In this aspect, to see more worms, trojan
horses, viruses, and DDoS attacks to occur.
The good news is that Ransomware attacks will probably even decrease
some more, as they have fallen by well over 8% in the last part of this year (SOURCE: https://blog.checkpoint.com/2022/10/26/third-quarter-of-2022-reveals-increase-in-cyberattacks/). Probably another form of a disruptive attack
are those pf the data leakages, whether the are intentional or not. Just this year alone, 93% of US businesses experienced
this, and over half lost data permanently (SOURCE: https://www.securitymagazine.com/articles/97631-93-of-orgs-have-suffered-a-data-related-business-disruption).
2)
The Critical Infrastructure:
This is something I have been
blabbering about this entire year. We
have seen attacks already happen, with the Colonial Gas Pipeline incident being
the best example of this. In the end,
this led to huge shortages on the east coast, the futures prices for natural
gas spiked, and in the end, the CEO had to pay a multimillion ransom. Many pundits believe that 2023 could be the
year when a much bigger, and a much more catastrophic Critical Infrastructure
attack could happen. For example, there
could be multiple attacks om large cities here in the US, leaving our water and
oil pipelines rendered useless, and there could even be a cataclysmic effect on
the national power grid. The unfortunate
thing about all of this is that is that there is not a lot that can be done to
fortify the level of security, as most of these infrastructures were built in the
1970’s.
3)
The supply chains:
Remember the Solar Winds hack? That is an example of a supply chain attack, where
one point of entry is used to infiltrate and expose hundreds if not thousands
of other victims. This is expected to
continue into 2023, but my prediction is that we won’t see such large-scale
attacks anymore. Rather, they will be
much smaller in nature, but they will be happening much more frequently, in
order to be nothing but a deep nuisance, once again. Bu the changing trend here is that the
Cyberattacker won’t be acting alone.
Rather, they will form alliances with other hacking groups. They will probably have other nation threat
actors backing them up with financial support and a place to stay in
hiding. In other words, watch for a new type
of organized crime forming here.
4)
Phishing:
Yes, the oldie but the goodie will
still be around next year. Did you realize
that the first true Phishing attack occurred back in the late 90’s, and the victim
was AOL? That is how old Phishing
is. But keep in mind that the Cyberattacker
has become much more sophisticated in this regard, and now they take their time
to study their unsuspecting victims. For
example, they can study the Socia Media sites, and even use the various OSINT
tools that are out there to find the weaknesses and vulnerabilities of their
victims. But it is important to keep in
mind here that the Cyberattacker is not just going after everybody. Rather in 2023, they will have a favorite one
in mind: The C-Suite, their families, and their friends. The concepts of Social Engineering will be
used to here in order to launch what are known as “Sextortion” based
attacks. In these instances, the Cyberattacker
will try to “extort” money out of their victims by threatening to release
private information and pictures of their friends and family. These can be very damaging, as these attacks
become more personal in nature. In the end,
the targets will be the high-profile executives across Corporate America.
My Thoughts On This:
In the end, there is no way that you cannot be a victim
Cyberattack. It can happen to any of use,
whether it is now or in 2023. All we can
do is to try and mitigate that risk from happening to us. And this is where being proactive about things
become important. One of the best ways
to do this is to watch what you put on your Social Media sites. The safest bet here is to not even use them
at all, or if you have to, use one or two of them at most.
In my case, I am only active on Linked In and to some degree,
Twitter. A simple Google search will
also reveal many other ways to protect yourself
in 2023.
No comments:
Post a Comment