#1: Ransomware evolution
Ransomware will continue to evolve and research shows that attacks are becoming more harmful each year. According to Mimecast’s State of Ransomware Readiness Report 2022, two-fifths of cybersecurity leaders (40%) have encountered ransomware attacks that use compromised credentials tactics this year, compared to 33% last year.
Cyber insurance will no longer be a guaranteed safety net and preventing an attack altogether is the only safe path.
Concerningly, businesses’ ransomware defences appear to have remained static, with many firms lacking basic security measures, which increases vulnerability and exposure in the event of an attack. It’s critical to properly invest in fundamental measures, like robust email security and employee training.
#2: AI voice cloning technology
Threat actors will take social engineering to the next level. As artificial intelligence (AI) voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilise audio deepfakes. These will be used in combination with compromised email and collaboration accounts.
#3: Malicious use of Large Language Models
Large Language Models (LLMs) will be used by criminals to increase the number of attacks. These are AI tools that read, summarise and translate texts and predict future words in a sentence, letting them generate sentences similar to how humans talk and write.
Bad actors will use accessible LLMs to create campaigns using Natural Language and automatic social engineering, aimed at the most vulnerable people in companies. This will allow them to carry out more attacks while at the same time improving their success rate.
#4: Increase in Malware-as-a-service
Malware-as-a-service (MaaS), which is a model similar to Software-as-a-Service will continue to grow as a booming business for cybercrime organisations. MaaS is available for purchase on the dark web, to target big businesses with sensitive and critical assets.
#5: Harvest now, decrypt later
Quantum computing is closer to becoming a reality and as we move towards Q-Day - when this technology will be readily available - organisations need to prepare for ‘harvest now, decrypt later’ attacks. Bad actors will ‘harvest’ data from organisations, with the intention of decrypting the data later, when quantum computing reaches maturity.
#6: Increase in insider threats
Insider threats are likely to increase as other, more traditional cybersecurity solutions are strengthened. This includes both malicious and unintentional activity by employees. The threat increases significantly when accounts are not removed following a staff departure from an organisation. Employees may also be bribed or coerced to assist threat actors. Such employee fraud can be extremely difficult to detect but the maintenance of normal day-to-day processes and procedures – such as the “CIA (Confidentiality, Integrity and Availability) Triad” – should limit any attack.Other forms of insider threats such as compromised internal accounts and / or non-malicious or accidental insiders (e.g. using shadow IT) must also be protected against.
#7: Phishing attacks targeting new employees
Phishing attacks will continue to iterate as these are low cost with a high return on investment for cybercriminals, especially initial access brokers. Recent research has shown that an email impersonating a colleague has the highest chance of success. We’re therefore likely to see phishing attacks on new employees grow as a phenomenon. As new starts make a splash on LinkedIn, they are more susceptible to fake welcome emails from “senior executives” or fake company onboarding portals etc. These are used for credential harvesting, account takeover or even multistage malware droppers in some cases.
More sophisticated spear phishing
Fraudsters will continue using social engineering, a method of attack where cybercriminals weaponise personal information to target a specific user. Sophisticated attacks like spear phishing - where attackers send emails that appear to be from a known or trusted sender - will grow.
Most prominently, whaling will be on the rise, which is an even more specialised variety of spear phishing, and targets a specific user high in an organisation’s hierarchy – also known as CEO or CFO fraud.
#8: Skills gap in cybersecurity
The skills gap in cybersecurity, particularly AI/ML expertise, will probably be felt more acutely in 2023. In 2022, newsworthy attacks were typically very targeted, methodically planned, but still very manual in nature. Customers will be looking for cybersecurity products that can effectively protect against a multi-stage attack like this. But to detect these attacks, the existing detection systems need to be harmonised effectively and turned into a meta-system. As a result, cybersecurity companies will be looking for AI/ML experts to design and implement these meta-systems, in an already tight labour market.
