Blog

Thought Leadership

Five Cyber Security Predictions for 2023

Five Cyber Security Predictions for 2023Default blog imageDefault blog image
14
Dec 2022
14
Dec 2022

As 2022 draws to a close, we reflect on a cyber security landscape shaped by a partial return to office but with a wide acceptance of hybrid and flexible working, as well zero-trust principles becoming mainstream, increasingly complex digital landscapes, and a geopolitical situation marred by Russia’s invasion of Ukraine.

These new challenges have been accompanied by more familiar threats vectors, with ransomware remaining rampant, and the growing commercial availability of offensive cyber tools leading a persistent stream of low-sophistication cyber crime becoming a thorn in the side of CISOs and security teams.

But the cyber landscape is constantly changing, and in what follows, we look at five key predictions, pulled from a range of analysts and experts across the Darktrace team, that we expect to see emerge in 2023.

1)  Attacker tradecraft centers on identity and MFA

It wasn’t just the recent Uber attack in which the victim’s Multi-Factor Authentication (MFA) was compromised; at the core of the vast majority of cyber incidents is the theft and abuse of legitimate credentials. In the case of Uber, we saw that MFA can be defeated, and with Okta, that the MFA companies themselves become targets – potentially as a mechanism to reduce its effectiveness in other customer environments. 

Once considered a ‘silver bullet’ in the fight against credential stuffing, it hasn’t taken attackers long to find and exploit weaknesses in MFA and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a stand-alone ‘set and forget’ solution. Questions around accessibility and usability continue to dominate the MFA discussion and will only be amplified by increases in cloud and SaaS along with the dissolution of traditional on-prem networks. 

Today and in the future, MFA should be viewed as one component of a wider zero trust architecture, one where behavior-based analytics are central to understanding employee behavior and authenticating the actions taken using certain credentials. 

2)  Continued ‘hacktivism’ from non-state actors complicates cyber attribution and security strategies 

The so-called ‘vigilante’ approach to cyber geopolitics is on the rise. Recent attacks launched by groups such as Killnet, though limited in their operational impact, have not failed in their aim to dominate global headlines in light of the Russo-Ukraine conflict, mounting concerns that these citizen-led operations could become more destructive or that states could use these groups as a deniable proxy.

Yet claims that ‘Russia’ launched these attacks can be misleading and add fuel to an already complicated political fire. Cyber attribution and deciphering the extent of state-level tasking is difficult, with blurred lines between state-aligned, state-involved and state-directed increasing the risk of escalation, collateral and misattribution. 

In 2023, ‘knowing thy enemy’ in cyber will be more complicated than ever before – but it is critical that organizations remain aware of the realities of cyber risk and cease to focus on the ‘boogie man’ of the internet that features in sensationalist reporting. Persistent, widely available, lower-sophistication malware and run-of-the-mill phishing campaigns statistically remain a greater global risk to corporations than the newest, most devious exploit kit or ransomware typically associated with APT groups. As it gets harder to name the enemy, we should see organizations moving away from the headlines and towards ensuring operational stability based on a bespoke understanding of their unique risk profile.

3)  Crypto-jacking neglect gets dangerous

The hijacking of computer resources to mine cryptocurrencies is one of the fastest growing types of cyber-threats globally. These attacks are often overlooked as unthreatening ‘background noise’, but the reality is that any crypto-mining infection can turn into ransomware, data exfiltration or even an entry point for a human-driven attack at the snap of a finger. 

To achieve the scale of deployment that crypto-jackers are looking for, illegitimate network access must have been enabled by something relatively low-cost – a pervasive software vulnerability or default, weak or otherwise compromised credentials. This means that the basics aren't being done right somewhere, and if a crypto-jacker could do it, what's stopping a ransomware actor from following the same path? 

In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible. Security leaders need to ask themselves: “How did this person get in?” – and shore up the easiest points of entry into their organization. 

Companies should not live with rogue software and hackers siphoning off their resources – particularly as rising energy prices will mean a greater financial loss is incurred as a result of illicit crypto-mining. 

4)   Ransomware rushes to the cloud

Ransomware attacks are ever-evolving, and as cloud adoption and reliance continue to surge, attackers will continue to follow the data. In 2023, we are likely to see an increase in cloud-enabled data exfiltration in ransomware scenarios in lieu of encryption. 

Third-party supply chains offer those with criminal intent with more places to hide and targeting cloud providers instead of a single organization gives attackers more bang for their buck. Attackers may even get creative by threatening third-party cloud providers – a tactic which already impacted the education sector in early October when the Vice Society ransomware gang blackmailed Los Angeles Unified (LAUSD), the second largest school district in the US, and published highly sensitive information, including bank details and psychological health reports of students on the darknet. 

5)   Recession requires CISOs to get frank with the board about proactive security 

Cyber security is a boardroom issue, but with growing economic uncertainty, organizations are being forced to make tough decisions as they plan 2023 budgets. 

Rising cyber insurance premiums are one thing, but as more underwriters introduce exclusions for cyber-attacks attributed to nation-states, organizations will struggle to see the value in such high premiums. Both insurance and compliance have long been seen as ways of ticking the ‘protection’ checkbox without achieving true operational assurance, and we need look no further than Colonial Pipeline to see that insurance cannot compensate for long-term business disruption and reputational damage. 

In 2023, CISOs will move beyond just insurance and checkbox compliance to opt for more proactive cyber security measures in order to maximize ROI in the face of budget cuts, shifting investment into tools and capabilities that continuously improve their cyber resilience. With human-driven means of ethical hacking, pen-testing and red teaming remaining scarce and expensive as a resource, CISOs will turn to AI-driven methods to proactively understand attack paths, augment red team efforts, harden environments and reduce attack surface vulnerability. Maturity models and end-to-end solutions will also be critical, as well as frank communication between CISOs and the board about the efficacy of continuously testing defenses in the background.

More in this series:

No items found.

Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Toby Lewis
Head of Threat Analysis

Prior to joining Darktrace, Toby spent 15 years in the UK Government’s cyber security threats response unit, including as the UK National Cyber Security Centre’s Deputy Technical Director for Incident Management. He has specialist expertise in Security Operations, having worked across Cyber Threat Intelligence, Incident Management, and Threat Hunting. He has presented at several high-profile events, including the NCSC’s flagship conference, CyberUK, the SANS CyberThreat conference, and the Cheltenham Science Festival. He was a lead contributor to the first CyberFirst Girls Competition, championing greater gender diversity in STEM and cyber security. Toby is a Certified Information Systems Security Professional (CISSP) and holds a Master’s in Engineering from the University of Bristol.

USE CASES
No items found.
PRODUCT SPOTLIGHT
No items found.
COre coverage
No items found.
This Article
Five Cyber Security Predictions for 2023
Share
Twitter logoLinkedIn logo

Related Articles

No items found.

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
For more information, please see our Privacy Notice.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.