In predicting what will transpire in cybersecurity in 2023, the best method is to look at past experience. As with any security and criminal activity, threat actors tend to build upon what they have done in the past, adding new twists to keep their tactics fresh and effective.
So, taking this into consideration, it is no surprise that Trustwave's security experts see much of the same type of attacks that plagued 2022 continuing. Ransomware shows no signs of abating, attackers will target operational technology, and security teams will be forced to do more with less financial support.
The major differentiator from last year is the Russia-Ukraine War. The war has not only caused unmeasurable levels of human suffering but is the fulcrum on which a large cyberwar is being fought between the two opponents. This war has manifested itself through attacks centered on each nation and in some cases, striking targets in countries supporting their enemy.
In case you missed it, please take a look at Trustwave 2023 Cybersecurity Predictions: Part 1.
Ziv Mador, Vice President, SpiderLabs Security Research
Ransomware attacks will continue to grow, both in number and financial impact. The average ransom fee will likely cross the $1 million threshold, and it's likely almost any company will experience in western countries may experience ransomware and supply chain attacks.
As more companies migrate their systems to the cloud, it will likely become an even bigger target in 2023. While systems are often better managed in the cloud (for example, in terms of patching), data that used to be protected on-premises, will become accessible from the internet, creating new opportunities for cybercriminals.
We will see threat actors exploit many new zero-day vulnerabilities along with more sophisticated, interactive phishing attacks. In addition, cybercriminals will benefit from an ever-growing library of tools and methods for infiltrating networks and computers. SCADA/OT environments will become a bigger target for nation-state attackers
Chalking one up for the good guys, machine learning and artificial intelligence will be adopted by many security vendors creating new challenges for cybercriminals, given their ability to quickly identify never-seen-before malicious indications of compromise, much faster than any response that relies on human analysis. That would push cybercriminals to adopt new efforts and creativity to keep the ROI of their activity.
Shawn Kanady, Director, Threat Fusion & Hunt, Trustwave
Strong supply chain security and third-party vendor audits will be more critical than ever as ransomware groups take advantage of supply chain vulnerabilities. We’ve previously seen supply chains infiltrated with many credit card data breaches where bad actors gained access to one vendor’s system through a phishing attack and poor password management, allowing them remote access to deploy credit card stealing malware across multiple retailers. Now, ransomware groups are using the supply chain as an attack vector to strategically target vendor organizations on a massive scale.
If organizations do not audit and secure their use of open-source code, in 2023 we’ll see more malware delivered through open source, such as the 29 malicious info-stealing malware packages recently discovered in obfuscated code in Python Package Index (PyPI).
Open source is a common framework for many organizations, but as easy as it is for IT administrators to download and use open-source tools for projects, it’s just as easy for a bad actor to embed malicious code into that open-source project. Organizations need to think twice before downloading open-source tools and consider the risks associated. If and when possible, do a thorough code audit to review and ensure the code is legitimate before using it in production systems.
Bill Rucker, President, Trustwave Government Services
CISA will continue to have more responsibility for cybersecurity at federal civilian agencies, and we expect more funding to implement CISA requirements on agencies – like Binding Operational Directive 23-01, focused on asset discovery and vulnerability enumeration. This will drive more focus on where the data lives and a new prioritization of vulnerability scanning of databases.
Government agencies will continue to focus on preventing ransomware. To do so, we will see the expansion of reporting requirements beyond the government and the critical infrastructure when a victim pays a ransom demand.
Federal agencies will push for additional funding for the Technology Modernization Fund. The demand remains high, yet there are insufficient resources to implement needed cybersecurity improvements.
Finally, we expect a renewed focus on broader privacy legislation and an expanded use of EDR in civilian agencies as President Joe Biden's Executive Order on Cybersecurity continues to be implemented. This EDR expansion will drive the need for Managed Detection and Response partnerships to ensure the data created has additional threat operations support and review.
Tom Powledge, Senior Vice President, Product Management
In 2023, I expect exposure management to become more important. Exposure management is a set of processes and capabilities that allow enterprises to continually validate the visibility and vulnerability of their digital assets. As it becomes more vital for organizations to see themselves through the same lens as an attacker, so the proper defenses can be installed, more companies will implement an exposure management program.
Another key theme for 2023 will be the shift within organizations of being proactive, and not waiting until they are breached before making cybersecurity changes. Part of this process will include organizations validating their security controls using breach attack simulations to answer the question of whether they are in fact secure. Breach attack simulation programs answer the question: “How would an attacker take advantage of any security gaps and risks?”
I don’t expect to see a slowdown in the adoption of managed security. For most organizations that are serious about their security posture, it’s now more obvious than ever that they can’t do it alone – they need an experienced cybersecurity partner.