What does 2023 have in store for cybercrime?
While most of us are celebrating the holiday season, cyber attackers are planning their next wave of breaches. Sad, but true. So what should security experts be planning for?
Every year technology makes things a litter faster, cheaper or both. It’s the wonder of innovation – and it’s been this way for two hundred years. But new every advance brings some downside. And in the digital era, it’s cybercrime. Regrettably, for all the benefits ushered in by online connectivity, there are criminals dreaming up thefts and deceptions that take advantage of flaws in data storage, identity and encryption.
Every year the number of attacks appears to grow. In 2021, for example, the FBI 2021 Internet Crime Study reported 847,376 complaints in the US alone. That’s a seven percent increase from 2020. Meanwhile the Anti-Phishing Working found that in Q1 2022 there were 1,025,968 attacks — the worst quarter for phishing to date.
And the financial damage is growing too. In 2022, the average cost of an attack reached $4.35 million – up 2.6 percent on the previous year, according to IBM’s Cost of a Data Breach Report.
On the flip side, cybersecurity experts are developing new tools to repel attacks. Also, awareness of the risks is growing. And given that criminals target employees as much as they do systems, this is an important development.
The need to promote awareness is critical, not least because the nature of the threats changes all the time. So what can we expect in 2023? We reviewed the insights of various experts – including Crowd Strike, Ntirety, Atakama, IBM, Cybertalk.org – to bring you this round up.
#1 – Criminals will turn their attention to SaaS APIs
Software as a Service is not new. But adoption is still growing every year. Experts believe cyber attackers will increasingly target the SaaS APIs that enterprises use to connect critical data and services. There could be targeted attacks on top-tier cloud providers.
#2 – Attackers could go after standalone 5G networks
5G standalone mobile networks represent a break with what has gone before. They are based around a virtualised core, and as such rely much more on software operations and automation than physical infrastructure. This makes them fast and capacious – but it also changes the nature of the security risk.
In 2023 the risk will be real rather than speculative. Why? Because at least 36 operators in 21 countries have launched public 5G SA networks, while 111 operators in 52 countries are planning deployments.
#3 – Data leak marketplaces will grow rapidly
One of the reasons for the proliferation of cybercrime is the ease with which criminals can share their expertise and illegal ‘assets’. In 2023, there could be explosive growth in new criminal marketplaces dedicated to advertising and selling victims’ data. Security specialist believe attackers will target industries such as healthcare that possess especially sensitive user information.
See more: Samsung chief forecasts tech weakness in 2023
#4 – Expect a boom in cybercrime-as-a-service
The marketplaces mentioned above have lowered the barrier of entry for less experienced/technical cyber criminals. As the global economy stutters, there’s a risk that the supply of hackers-for-hire will grow.
#5 – No let-up in zero-day hacks
A zero-day attack happens after a developer learns of a flaw – but before they release a patch to fix it. These hacks look set to grow thanks to greater information sharing (see above) among criminals.
#6 – Economic and geopolitical uncertainty could weaken resistance to attacks
Enterprises are tightening budgets in response to macro-economic factors. Cyber security could come under budgetary pressure thanks to the high cost of cleaning up after a breach, paying for investigations, legal costs, changing security providers, to notifying customers and regulators etc. Criminal will exploit this.
#7 – Cyber insurance premiums will soar
Inflation is everywhere – and cyber security is not exempt. Experts believe
cyber insurance premiums will skyrocket in 2024, with new compliance standards emerging around areas such as ransomware payments. Big breaches could incur big fines.
#8 – The combination of IoT and shadow IT will be a rich new attack surface
With billions of devices connected to the internet in 2022, attackers already have huge number of (often not well secured) connections to target. What might make this even worse in 2023 is the proliferation of IoT devices in shadow IT systems (ie devices, software, applications and services being used by employees without explicit IT department approval).
#9 – There will be a fresh drive to protect DevSecOps environments
Security departments still shiver at the memory of the SolarWinds attack in 2020. That hack saw criminals insert a few lines of malicious code into an IT management platform. As a result, they gained access to the networks of multiple companies and US federal agencies.
It was a notably ‘successful’ attack, so more are definitely likely. Most will take place thanks to social engineering (persuading employees to share of passwords and log-in credentials). So we may see a special drive to protect DevSecOps platforms.
#10 – 2023 will be a breakthrough year for SASE
In the edge era, data and users will be more diverse, more widely distributed, and more vulnerable than ever. This vulnerability is the driver of SASE (secure access service edge). It’s a cybersecurity technology for organizations seeking simplified solutions, tighter technology stacks, and an alignment between network performance and security. 2023 could see a big increase in adoption.
#11 – A major space-tech attack?
To date space tech has been relatively unaffected by cybercrime. But this market is growing fast, so experts have warned to be vigilant against potential breaches of satellites, launch centers, networks and communications.
#12 – A major crypto attack?
Unlike space, the crypto world is constantly another attack. Could 2023 be the year of a crypto breach that fatally undermines cryptocurrency as a viable financial instrument?
#13 – State-sponsored crime is growing
In a connected world, it’s inevitable that nations will use leaked credentials, supply chain attacks, breaches and industrial secrets to undermine their perceived enemies. This trend grew in 2022, and looks set to persist across 2023.
#14 – Social engineers will focus more on ICS systems
Hackers use all sorts of techniques to persuade employees to share log ins and other sensitive information. But which employees? Specialists believe they will sharpen their focus on the gatekeepers of Industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA). These systems are essential to the operations of industrial manufacturers. A breach can be catastrophic.
#15 – Criminals will find ways to evade EDR
Endpoint Detection and Response (EDR) describes security solutions that monitor end-user devices to detect ransomware, malware and so on. Security watchers say criminals have developed many EDR evasion techniques. They expect to see these tools go widely for sale on the dark web in 2023.
#16 – 2023 could be the year of deepfake cybercrime
Deepfake tech has been on the agenda for a few years, especially as the creation tools have become cheaper and more user friendly. Worryingly, 2023 could be the year it is deployed in ransomware – with deepfake pictures, videos and audio files used to ramp up the impact of attacks.