Security6 min read

Howler Security Predictions: How Will the Threat Landscape Evolve in 2023?

Viaframe

2022 brought the security industry a resurgence in ransomware attacks, continued fallout from Log4j, Shields Up, and a booming dark web economy of scale, all of which have had a significant impact on individuals, businesses, and government agencies. Emerging technologies, like the use of deepfakes in cyberattacks, continue to keep defenders on their toes. Meanwhile, business leaders are more concerned about ransomware attacks than ever before, and despite new reporting requirements, organizations have not taken paying the ransom off the table.

As we ring in 2023, we asked the Howlers for their predictions on how the threat landscape will evolve, where attackers will shift their focus, and how CISOs and business leaders will adapt to increasing cyber risk. From metaverse security to API attacks, the new year will bring a range of new threats and shifting priorities for security teams. Read on for the Howlers' full insights.

Disclaimer: ChatGPT wrote the initial draft of this paragraph. Keep reading to see how cybercriminals may utilize this type of AI technology in a much more malicious nature.

2023 Predictions from Rick McElroy, Principal Cybersecurity Strategist, VMware

As we start to look ahead to 2023, businesses will need to be careful and considered in their approach to delivering this nascent technology. Dragging passwords into the metaverse is a recipe for breaches. But if we’re thoughtful about the controls put in place to identify users and deploy continual authentication – leveraging different factors such as biometrics and closely monitoring user behavior – it’ll help to alleviate those security concerns around the metaverse.

Rick McElroy, Principal Cybersecurity Strategist, VMware

The metaverse could be the next big thing, but let’s be realistic
The metaverse has a relatively unknown future given its adoption is still in its infancy, but enterprises are still rushing it to market faster than the security community is comfortable with. We’re already seeing instances of identity theft and deepfake attacks in the current version of our digital world, in which bad actors prey on executives to make wire transfers of hundreds of thousands of dollars outside of a company. What’s not to say there won’t be an uptick in similar scams inside of the metaverse virtual reality? As we start to look ahead to 2023, businesses will need to be careful and considered in their approach to delivering this nascent technology. Dragging passwords into the metaverse is a recipe for breaches. But if we’re thoughtful about the controls put in place to identify users and deploy continual authentication – leveraging different factors such as biometrics and closely monitoring user behavior – it’ll help to alleviate those security concerns around the metaverse.

Education will continue to be a top target for cybercriminals in 2023 
This past year, more than 1,000 schools in the United States fell victim to ransomware attacks. In 2023, state and private institutions will continue to face the same challenges as there are a handful of security gaps most education institutions face that make them more vulnerable to cyberattacks. A lack of cybersecurity awareness and training, limited funding, and resources are creating the ideal environment for criminals to gain access to substantial amounts of personal student data or research data. These organizations continue to be a popular target for ransomware attacks as adversaries know schools only have a short window to update processes and get in front of risks (during the summer closures), making it harder to keep pace with updated security technologies and easier for cybercriminal groups to gain access to these networks and wreak havoc. 

CISO will continue to be in the business spotlight
We are at a major inflection point regarding the role of the CISO, which will continue into 2023 and beyond. The added legal pressure some CISOs now feel following high-profile security leader convictions and whistleblower complaints is added weight to an already stressful job. CISOs are tirelessly fighting for larger budgets in order to ensure that security becomes or remains a board-level issue and an organization-wide responsibility. This includes having open conversations with CEOs and CFOs about where and how funds will be used and the value improved defenses will bring to the organization as a whole. In the year ahead, the CISO role will only become more challenging and face more scrutiny as we work to balance the increasing stressors of the job while also making an effort to maintain the positive work that has been done to manage the burnout of cyber pros. 

2023 Predictions from Karen Worstell, Senior Cybersecurity Strategist, VMware

Across the industry, we are moving toward wellness programs that help an organization’s workforce manage stress and prevent burnout, and these programs will become even more prevalent in 2023. However, these wellness programs are just one piece of the puzzle. Over the course of the next year, it will become the role of the manager to help recognize early on when their reports are struggling, and work to address it before it snowballs into a major issue.

Karen Worstell, Senior Cybersecurity Strategist, VMware

Cyber risk management will be a top priority for business leaders
When it comes to the governance and oversight of cyber risk, our system is broken. It’s no longer what it used to be fifteen years ago - we are dealing with higher stakes and fragile corporate reputations. As a result of this, in 2023, we will see companies double down on cyber risk management. Boards will need to have a much clearer role and responsibility when it comes to the process of ensuring adequate controls and reporting cyberattacks. Cyberrisk governance is not just the domain of the CISO it is now clearly a Director and Officer level concern. When it comes to cyber, plausible deniability is dead.

The prioritization of wellness will finally reach infosec
Burnout remains a critical issue, with almost half of incident responders experiencing burnout or extreme stress in the past twelve months. On a more positive note, two-thirds of organizations have implemented wellness programs to address burnout. Across the industry, we are moving toward wellness programs that help an organization’s workforce manage stress and prevent burnout, and these programs will become even more prevalent in 2023. However, these wellness programs are just one piece of the puzzle. Over the course of the next year, it will become the role of the manager to help recognize early on when their reports are struggling, and work to address it before it snowballs into a major issue.

2023 Predictions from Chad Skipper, Global Security Technologist, VMware

The nature of technologies like ChatGPT allows threat actors to gain access and move through an organization’s network quicker and more aggressively than ever before. For example, in the past when cybercriminals were faced with writing code and decoding buffer overflows to gain access to a network, what used to take them hours, can now take them seconds. We are also facing the possibility of cybercriminals using ChatGPT and other AI tools to create things like phishing emails and to better tailor their attacks to their targets.

Chad Skipper, Global Security Technologist, VMware

Cybercriminals continue to seek keys to the kingdom to launch API attacks
In 2023, we’ll continue to see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organizations. A main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment. Because the majority of traffic within modern applications is API traffic, and it’s often not closely monitored, this fuels lateral movement as cybercriminals continue to use evasive techniques once inside the environment to divert detection across VDIs, VMs, and traditional applications. It may be a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom through four key steps – steal credentials, move laterally, acquire data and then monetize it.

Remote desktop protocol will fuel island hopping attacks
Many organizations have learned the hard lesson that you’re only as secure as the weakest link in your supply chain. In 2023, cybercriminals will continue to utilize island hopping, a technique that aims to hijack an organization’s infrastructure to attack its customers. Remote desktop protocol is regularly used by threat actors during an island hopping campaign to disguise themselves as system administrators. As we head into the new year, it’s a threat that should be top of mind for all organizations, but particularly those in the healthcare industry given the sensitive nature of personal health data and the regulations across the sector.

Cybercriminals will utilize AI bots like ChatGPT to better tailor their attacks
Technology like ChatGPT has the potential to be seen as another tool in the belt of cybercriminals. In the past, we have seen Malware-as-a-Service and Code-as-a-Service, so the next step would be for cybercriminals to utilize AI bots to offer “Malware Code-as-a-Service.” The nature of technologies like ChatGPT allows threat actors to gain access and move through an organization’s network quicker and more aggressively than ever before. For example, in the past when cybercriminals were faced with writing code and decoding buffer overflows to gain access to a network, what used to take them hours, can now take them seconds. We are also facing the possibility of cybercriminals using ChatGPT and other AI tools to create things like phishing emails and to better tailor their attacks to their targets.