Cyber Threat Prediction – 2023

Cyber Threat Prediction by Barracuda Networks – 2023

Blog Credit: Trupti Thakur

Image Courtesy: Google

 

Barracuda Networks revealed threat predictions that would leave the organizations exposed in 2023. As part of the threat forecast, Barracuda turned to the professionals on the security frontline and asked them about the things they witnessed in 2022 and to identify a series of vulnerabilities and attacks that shook large enterprises.

In 2022, geopolitical conflicts further reminded us that cyber threats have no borders and just how vulnerable the world is to cyberattacks. Against this backdrop, some of the top cyber threat trends that Organisations need to be ready for in 2023 are Ransomware, Zero-Day Vulnerability, Supply Chain attacks, and Credential theft amongst others

With the increasing frequency, Ransomware will still be an issue– 2022 was the first time when targeted ransomware attacks were witnessed against individuals based on their personal social media profiles. We have witnessed an increased use of wiperware. In 2023, this wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue.

With the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight in 2023. During the year, organizations will experience an increased frequency of ransomware attacks with new tactics.

More Zero-day vulnerabilities to take place – In 2022, there were 21,000 CVEs registered. Many of them were classed as ‘critical’, and many were actively exploited by attackers. There were also a number of popular third-party software libraries that had critical vulnerabilities reported. Organizations need to have a team in place ready to patch software and remediate as soon as possible.

Supply Chain attacks to continue in 2023, supply chain attacks have taken place in 2022 with a large number of high-profile incidents occurring around the world and it has led more attackers to look for the weakest link in attacking companies.

Leading the threats, Credential theft remains a top target for attackers– Account takeover continues to be a low-hanging fruit for attackers and a top-of-mind risk for organizations. These credentials open the door for remote access, email and corporate web applications storing customer data. We have seen impersonation techniques and spear phishing attacks constantly evolve and with multifactor authentication (MFA) fatigue attacks, they are having more and more success.

MFA will not be the answer to all security concerns with the increased abuse of MFA. With the growing ease of two-fact and multifactor authentication fatigue attacks and with TOTP (time-based one-time passwords) susceptible to social engineering, security practitioners will be taking a new look at authentication measures.

In 2023, the Attack Surfaces will Expand as the number of potential attack surfacesin organizations will continue to increase as more of them adopt cloud-based and Software-as-a-Service offerings as remote work continues. This is forcing organizations to rethink security.

 Parag Khurana, Country Manager, Barracuda Networks India, “In 2023, organizations need to be ready to be targeted by every kind of cyber threat, regardless of their size or industry sector. As existing authentication methods are challenged by attackers, security practitioners need to look at alternatives, and we expect to see password-less and FIDO U2F (Universal 2nd Factor) single security key technology receiving a lot of consideration. The growing use of artificial intelligence (AI) in threat detection will make a significant difference to security, and we expect to see more companies invest in 24/7 human-led threat hunting and response, making use of an expert SOC-as-a-Service if they don’t have the resources in-house. It is also important to enhance employee security awareness in order to mitigate human risk.”

According to the company, organizations should be prepared to face every type of cyber threat, regardless of size or industry, as attackers increasingly target existing authentication methods and expand their attack surfaces.

Exploitation of Authentication Methods

As attackers continue to challenge existing authentication methods, security practitioners will need to consider alternative options to protect their organizations.

Expansions of Attack Surfaces

With the adoption of cloud-based and software-as-a-service offerings for remote work on the rise, the number of potential attack surfaces within organizations will continue to increase. It is important for organizations to be aware of this trend and take necessary measures to secure their systems.

Increasing Zero-Day and Supply Chain Attacks

Barracuda predicts that there will be a rise in zero-day vulnerabilities and attacks on supply chains in 2023. In 2022, nearly 21,000 Common Vulnerabilities and Exposures (CVEs) were registered, with many classified as “critical” and actively exploited by attackers. It is important for organizations to stay up-to-date on the latest threats and vulnerabilities and implement proper patch management protocols to protect against these types of attacks.

Web Application Attacks

Web application attacks, including those targeting vulnerable third-party software libraries, are also expected to be a significant threat in 2023. It is crucial for organizations to secure their web applications and ensure that they are regularly testing and updating them to prevent these types of attacks.

 

The Exploitation of Vulnerabilities in IoT

As the Internet of Things (IoT) continues to grow in popularity, the exploitation of vulnerabilities in these devices is expected to be a significant threat. It is important for organizations to properly secure their IoT devices and ensure that they are regularly updated to prevent attacks.

Overall, Barracuda’s predictions highlight the need for organizations to stay vigilant and proactive in their cybersecurity efforts in 2023. By keeping track of the latest threats and vulnerabilities and implementing appropriate security measures, organizations can effectively protect themselves against cyber attacks.