Cybersecurity is undoubtedly one of the biggest pain points for organisations. While, we've seen that cyber security as a topic has gradually moved from the IT department to the boardroom in recent times, bad news is, cyber-criminal activities often outpace business security efforts, resulting in a requirement for security teams to constantly adapt to an ever-evolving threat landscape.
Now, faced with new macroeconomic issues, such as the continued financial instability, geopolitical tensions and rise of a hybrid workforce, the impact on the cyber landscape has been unprecedented. The World Economic Forum's [http://%20https/www.weforum.org/reports/global-cybersecurity-outlook-2022/]Global Cybersecurity Outlook report indicates that cyber-attacks increased by 125% between 2021 and 2022 – and this upward trend will continue in 2023 as well.
So, as 2022 draws to a close, we look at some of the key cyber threats business leaders must be watchful in order to survive and prepare themselves in the coming months.
Ransomware shows no sign of going away
Ransomware, in which hackers break into a company’s network and block access to crucial and sensitive files, demanding a ransom to return that access, has been a major cybersecurity issue for years. A research report published in October 2022 by IT services firm Ivanti, shows that ransomware has grown by 466% since 2019 and ransomware groups are continuing to grow in volume and sophistication with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits. In the coming year too, it shows no signs of going away as cyber criminals continue to evolve their attacks.
Subbu Iyer, regional director for India and ASEAN, at Forescout Technologies, attributed the increase in ransomware to the ongoing “digital transformation wave” even as the cybersecurity teams in most companies are “perennially understaffed and under-resourced.”
“Poor knowledge of digitisation, lack of cyber skills, and inadequately trained cybersecurity professionals are some of the factors leading to elevated cyber threats,” he added.
The explosive growth in new ransomware variants is primarily thanks to more attackers taking advantage of Ransomware-as-a-Service (RaaS) subscriptions on the dark web,” said Vishak Raman Vice President for Sales in India, SAARC and Southeast Asia, at US-based cyber security company, Fortinet, adding that those companies agree to pay ransoms to get their systems back only to be hit again by the same ransomware perpetrators.
Rohan Vaidya, Regional Director (India and SAARC) at cybersecurity solutions company CyberArk, said that the availability of ransomware kits allowed lesser-skilled cybercriminals to launch attacks. “The would-be attackers can simply browse a marketplace, fill their carts with cheap lists of stolen credentials and cookies or off-the-shelf ransomware, phishing and exploit kits and check out,” he added.
Supply chain vulnerabilities to evolve
Earlier this year, Gartner predicted that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains — a three-fold increase from 2021. Not only are these attacks increasing, but the level at which they are penetrating systems and the techniques attackers are using are also new. Attackers are now taking advantage of access granted to third-party cloud services as a backdoor into companies' most sensitive core systems, as seen in recent high-profile attacks on Mailchimp, GitHub, and Microsoft.
Calling supply chain attacks as one of the biggest cyber threats heading into 2023, NordLocker’s Chief Technology Officer Tomas Smalakys said, “The Covid-induced global chip shortage revealed that the most fragile part of the global economy is its interconnectedness. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals have the ability to grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands,” he said. “We already see this trend in 2023 as these types of attacks are only ramping up.”
Smalakys believes that one step companies can take is to audit the security measures that their suppliers and vendors use to ensure that the end-to-end supply chain is secure.
Web3, crypto scams to surge
Cybercrime surrounding crypto continues to soar and poses a major threat to organisations, individuals, and governments everywhere. Hackers have stolen nearly $2 billion worth of cryptocurrencies in the first half of 2022, a 60% rise from last year.
Cybersecurity firm McAfee saw several online scams making use of existing content to make crypto scams more believable. One such example was doubling the money cryptocurrency scam that used an old Elon Musk video as a lure.
With the pandemic, the hype around crypto, Bitcoin, NFTs skyrocketed. “As amateur consumers will begin to explore these offerings without fully understanding what they mean or what dangers they should be aware of, investing time and money into crypto or creating their own NFT content, bad actors will seek to exploit this group, offering up links or applications that play on these users’ crypto/Web3 lure,” McAfee researchers said.
Further, Vaidya predicted the rise of the Metaverse could pose new security challenges. “It is still an emerging and nascent space with no structured best practices or regulations to ensure security or privacy,” he said.
IT services firm Experian in its 10th annual Data Breach Industry Forecast, published in December 2022, for example said that the use of augment and virtual reality (AR and VR) devices increases the impact of data breaches as these devices collect large amounts of personal information and user data. This may increase their potential to be hacked and lead to more sophisticated attacks in the coming year.
Data poisoning – a new vector emerges
As companies turn to artificial intelligence and machine learning (AI/ML) to bolster their defences and prevent cybercrimes, these technologies often become a double-edged sword. An IBM 2022 study found that 35% of companies were using AI in their business and 42% were exploring it, thus AI/ML undoubtedly open up new possibilities for companies in every industry. But cyber criminals are getting smarter and are also turning to this technology to launch attacks themselves. One way in which attackers do this is through AI and data poisoning which poses a significant problem for cyber security professionals.
“Data poisoning can occur if hackers gain access to a model’s private training data or rely on user feedback to learn and will become more dangerous in the coming months,” said security expert Prateek Bhajanka.
He explained that instead of attacking from the outside, data poisoning attempts to make the inputs accepted into the training data, thereby affecting its ability to produce accurate predictions. This also brings to focus a greater need for cyber security training.
Data poisoning is a new attack vector into corporate systems. In this, a malicious actor finds a way to inject corrupted data into an AI system that will skew the results of an AI inquiry, potentially returning an AI result to company decision makers that is false. The notorious Apache Log4j Log4Shell bug is a classic example of data poisoning in AI systems. Hundreds of millions of devices use the Log4j component for various online services, among them government organisations, critical infrastructure, companies and individuals.
As it is still in its infancy, cyber security professionals are still learning how to defend against data poisoning attacks in the best way possible. One way to protect against it is to continuously monitor your AI results, believe experts, like having scientists on board who develop AI models to regularly check that all the labels in their training data are accurate can be a way to mitigate such attacks.
Geopolitics and hactivism will continue to play a part in cyber attacks
Massachusetts Institute of Technology (MIT) Review reported that cyber operations against Ukraine from Russian government-affiliated hacker groups will continue. Russia has attacked Ukrainian targets at least six times with wiper malware this year. Forbes reports that they believe that businesses unaffiliated with the government may become targets of state-sponsored attackers. Cyber-attacks on infrastructure are expected to be seen, and disinformation campaigns are anticipated, as over 70 countries are due to hold elections next year.
In recent months, more distributed denial of service (DDoS) attacks are becoming politically motivated. These attacks occur when a threat actor uses resources from multiple, remote locations to attack an organisation’s online operations. Kaspersky researchers found that over 80% of the 57,116 DDoS attacks discovered in Q3 2022 seemed to be politically motivated. “In the coming year, we can expect to see military groups around the world increasingly rely on expert hackers to attack other nations’ critical infrastructure and private business operations.
Also, in the past year, hacktivism, the act of hacking as a form of civil disobedience to promote a political agenda or social change, has evolved from social groups with agendas (such as Anonymous) to state-backed groups that are more organized, structured and sophisticated. Such groups have attacked targets in the US, Germany, Italy, Norway, Finland, Poland and Japan recently, and these ideological attacks will continue to grow in 2023 across the world, as per Check Point researchers.
Deepfakes to become the next big thing
Talking about attacks evolving due to the emergence of AI, one cannot ignore AI-synthesised media—so-called deep fakes—that have dramatically increased in quality, sophistication, and ease of generation. Experts believe, deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon in the coming years.
Deep fake technology uses AI techniques to alter existing or create new audio or audio-visual content. It has some non-malign purposes — such as satire and gaming — but is increasingly used by bad actors for bad purposes. And yet, studies have shown seven out of 10 people were still unaware of deepfakes.
In the last one-year, deep fakes have been increasingly weaponised for use in non-consensual pornography, large-scale fraud, and disinformation campaigns. As was seen, in October 2022, a deepfake of US President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely. According to researchers at Checkpoint, Deepfakes, will be increasingly used for misinformation, embarrassing revelations, accusations of illegal exports and or even rogue nation states seeking to offset sanctions, can be rampant globally in the coming year as well.
Insider threats to pose greater risks
Human error is still one of the primary reasons for the data breach. Any bad day or intentional loophole can bring down a whole organisation with millions of stolen data. An October 2022 report by Ponemon Institute showed that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. Such incidents can be accidental, caused by negligence, or may be malicious in nature. The report further showed some alarming data, such as the cost of credential theft to organisations increased 65% from $2.79 million in 2020 to $4.6 million in this year, and the trend is here to stay.
Further, a report by security risk management firm Kroll, said that insider threats peaked to its highest quarterly level to date in Q3 of 2022, accounting for nearly 35% of all unauthorised access threat incidents.
“While always a challenge, the risk of insider threat is particularly high during the employee termination process,” wrote the report’s authors, adding that the increase in a hybrid or remote workforce, compounded with increasing uncertainty in the job market, will prioritise insider risk management as a focus area for security leaders in the coming months.