Supply-Chain Attacks Increase in Complexity
In 2023 supply chain attacks will become more targeted, sophisticated, and well-prepared. This type of attacks involve creation of hacker backdoors in the source code of products, such as embedding malicious code in libraries, MPM modules and npm packages for JavaScript, in order reach customers through updates or packages and make them vulnerable.
In 2023, we will see a significant increase in the number of attacks through supply chains and through external dependencies; in addition, we expect more malicious packages to appear on public services for developers, such as GitLab. This trend will spur the development of secure development processes.
DDoS is Back but on Layer 7
2023 will mark an extensive increase in DDoS-attacks. The majority of attacks will happen in layer seven (in 2022, attacks of the third level prevailed), which will try to mimic user attacks. Since such attacks are more difficult to detect, protection must move from the network to the application level. Applications, in turn, should be able to detect bot activity.
Hacking for the Hype
In 2022, attackers already started targeting not only financially profitable, but also well-recognized enterprises, which, if breached, can make the headlines. In 2023, this trend will continue, because threat actors want to attract public attention. Usually, such attacks are performed by low-skilled hackers and are very simple in execution. For example, threat actors can copy a large block of information from the public domain and upload it in a single archive to the public domain, supposedly as a result of a hack. In pursuing fame, these attackers try to make even the smallest attack a big deal, turning it into a high-profile event.
More tech-savvy hackers will focus on the publication of stolen data. They will try to make internal documents and emails publicly available. Extortionists put pressure on their victim using these tactics, but APT groups can act with purely destructive objectives. APTs will publish data about their competitors or set up websites to disseminate personal information. Undoubtedly, such attacks will become a part of the cyber threat landscape, and we will hear more and more about such campaigns in 2023.
Ransomware Turns into Damageware
In 2022, some ransomware operators started causing maximum damage to their victims by destroying their infrastructure. It means that, although they use previously unknown kinds of crypto-ransomware, as well as lockers, they no longer demand any ransom. Instead, their goal is to cause reputational damage to the business by putting stolen data in the public domain and disrupting the company’s internal processes. Moreover, stolen information cannot be recovered because intruders destroy backup copies and refuse to give up the key for decryption. We predict that this trend will increase in 2023.
Script Kiddies Learn Faster and Group Up to Cyber-Army
Hacktivists, who, at the beginning of 2022, chose only easily accessible targets and conducted easily executable attacks like “deface” and DDoS, have significantly improved their skills since then, and incorporated methods previously typical to highly skilled cybercriminals and APT groups. In fact, since many of their victims have drastically strengthened their defenses, they had no other choice. That is why hacktivists’ attacks will become more sophisticated, complex, and targeted in 2023. The increase in hacktivists’ competence level will probably cause a new wave of more skilled, advanced, targeted, and well-prepared cyber-attacks. Also, hacktivists may start to develop an advanced organizational structure like cyber-army.
New Reality of Cyber Attacks Volume
The current geopolitical situation brings us to a point where business and state enterprises are gradually moving into a new reality where the volume of cyber attacks will be steadily high without any exceptions. This trend will be our new normality.
Mail Servers will Become a Priority Target
In recent years, vulnerability researchers have focused more and more on analyzing email software. The reason is simple: it is a voluminous set of software that supports different protocols and connects to the Internet. For example, critical vulnerabilities allowing unauthenticated RCE attacks were found in Microsoft Exchange and Zimbra. Until patches came out, attackers actively exploited these vulnerabilities – sometimes even for mass attacks.
Proxyshell and proxynotshell make us think that these are not the last vulnerabilities that will be discovered in mail programs. In addition to storing information of interest to APTs, mail servers represent the most significant attack surface imaginable. Zero-day attacks will be the predominant threat to all popular email programs in 2023. System administrators should enforce proper mail server monitoring and ensure timely patching to protect their mail infrastructure from attacks.
Conclusion
As businesses continue to make investments in technology to run their operations to support remote work, improve the customer experience, and generate revenue, they are currently adding more technologies to their IT networks, which could lead to new vulnerabilities. So, it becomes increasingly important to learn about newly released updates as soon as they are available. With Action1, you can — as well as streamline the entire patch management process, from identifying missing updates to compliance reporting, across both Windows OS and third-party software.
Get started today and use Action1 on 100 endpoints free of charge with no functionality limitations.
