Barracuda Networks revealed threat predictions that would leave the organisations exposed in 2023. As part of the threat forecast, Barracuda turned to the professionals on the security frontline and asked them about the things they witnessed in 2022 and to identify a series of vulnerabilities and attacks that shook large enterprises.
In 2022, geopolitical conflicts further reminded that cyberthreats have no borders and just how vulnerable the world is to cyberattacks. Against this backdrop, some of the top cyberthreat trends that organisations need to be ready for in 2023 are Ransomware, Zero-Day Vulnerability, Supply Chain attacks, and Credential theft amongst others
With the increasing frequency, Ransomware will still be an issue - 2022 was the first time when targeted ransomware attacks were witnessed against individuals based on their personal social media profiles. We have witnessed an increased use of wiperware. In 2023, this wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue.
With the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight in 2023. During the year, organisations will experience an increased frequency of ransomware attacks with new tactics.
More Zero-day vulnerabilities to take place - In 2022, there were 21,000 CVEs registered. Many of them were classed as ‘critical’, and many were actively exploited by attackers. There were also a number of popular third-party software libraries that had critical vulnerabilities reported. Organizations need to have a team in place ready to patch software and remediate as soon as possible.
Supply Chain attacks to continue in 2023, supply chain attacks taken place in 2022 with a large number of high-profile incidents occurring around the world and it has led more attackers to look for the weakest link in attacking companies.
Leading the threats, Credential theft remains a top target for attackers - Account takeover continues to be a low-hanging fruit for attackers and a top-of-mind risk for organizations. These credentials open the door for remote access, email and corporate web applications storing customer data. We have seen impersonation techniques and spear phishing attacks constantly evolve and with multifactor authentication (MFA) fatigue attacks, they are having more and more success.
MFA will not be the answer to all security concerns with the increased abuse of MFA. With the growing ease of two-fact and multifactor authentication fatigue attacks and with TOTP (time-based one-time passwords) susceptible to social engineering, security practitioners will be taking a new look at authentication measures.
In 2023, the Attack Surfaces will Expand as the number of potential attack surfaces in organizations will continue to increase as more of them adopt cloud-based and Software-as-a-Service offerings as remote work continues. This is forcing organizations to rethink security.
security practitioners need to look at alternatives, and we expect to see password-less and FIDO U2F (Universal 2nd Factor) single security key technology receiving a lot of consideration. The growing use of artificial intelligence (AI) in threat detection will make a significant difference to security, and we expect to see more companies invest in 24/7 human-led threat hunting and response, making use of an expert SOC-as-a-Service if they don’t have the resources in house. It is also important to enhance employee security awareness in order to mitigate human risk.”