To win at chess, you need to know your opponent's next moves. That means understanding their options for attack, the threats against them, and how they reason. The same goes for cybersecurity: By understanding the adversaries' motivations, risks, and resources, we have a better chance of understanding how to defend against their next play.
As 2022 comes to a close, cybercriminals are already planning their next move, that's why we've asked our team of experts to share their insight on what security teams should expect from the threat landscape in the next year.
Successful Security Teams will be Mining Threat Intelligence
Financially motivated attackers continue to dominate the threat landscape, amounting to 96% of attacks tracked by the 2022 Verizon Data Breach Investigation Report (DBIR), and evidence points to the fact that threats have been getting increasingly sophisticated.
ExtraHop CISO Jeff Costlow explains what that means for security organizations in 2023:
Looking back will be the new looking forward in 2023. Dwell time for breaches continues to increase year-over-year. If you look at most big breaches from the past year, the dwell time jumps from weeks to months by the end of the investigation. It is going to be essential for organizations to be able to mine their own data to correlate new IoCs and threat intelligence information for defensive and remediation purposes.
Post-Breach Response Is Necessary as Attackers Evolve Tactics
The reality is that today's attackers are squeezing companies by adapting to their security measures and increasing their leverage. Tsuyoshi Yamanishi, Area Vice President, Japan, explains why planning for post-breach response is also an important aspect of cybersecurity strategies in 2023:
In recent cases, attackers also targeted and encrypted backup servers creating an arduous, slow process for recovery. Until organizations are better prepared to handle post-breach compromise, ransomware will continue to have a huge impact.
On attack sophistication and tactics, Senior Principal Data Scientist Edward Wu adds his take on how cyberattackers are evolving to bypass standard security controls, and what organizations should do:
We will continue to see attackers use non-traditional techniques to breach the perimeter such as leveraging legitimate VPN credentials like what we saw in the Uber hack. This is going to make it even more difficult for organizations to put all their security budget and focus on prevention. They will need to expand their focus, and investment, in post-breach defenses and processes.
As demonstrated by the Uber attack, social engineering, which includes phishing, pretexting, and other ways of duping humans into allowing attackers access has been on the rise. Senior Security Advisor, APJ, Chris Thomas warns about what is to come:
In 2023, we will continue to see an increase in fake virus advertisements phishing emails or texts. Attackers have become so creative and they are now mimicking legitimate precautionary notices and capitalizing on well-publicized breaches—like Optus and Medibank in AU. These lures and tricks are so convincing that even some of the most tech-savvy professionals are falling victim to these schemes. High-profile breaches will continue to be the '"gift that keeps on giving"for attackers.
Supply Chain Security Will be Top of Mind
For attack vectors that don't involve social engineering, supply chain security is top of mind for today's organizations. The use of downstream open-source software dependencies and third-party managed software has only increased, putting a renewed focus on the weaknesses in today's supply chains. Chris Thomas explains how this will affect security strategy.
With the rise of supply chain attacks, organizations will need to be smarter about vetting third-party vendors. A potential contractor's security posture and network security strategy will be a determining factor for doing business. Vetting will also need to extend to understanding third-party dependencies in a developer's code. For example, do you know where that countdown widget on your website really comes from? What code is in it and what it is accessing? Security teams will need to update their strategy to include vetting even the simplest integrations to secure their framework.
The State of Threats Themselves will Shift Dramatically
In 2022, Russian state-sanctioned gangs dominated the threat landscape. Among them, Conti effectively shut down most of the Costa Rican government, Vice Society successfully attacked Los Angeles Public Schools, and LockBit has been an especially prolific threat to government organizations across the globe. Evidence suggests that these financially motivated threats have strong Russian support and have been coordinating targets to meet Russian state political goals.
It's also been the case that, as a result of their invasion of Ukraine, Russia has lost physical, economic, and diplomatic ground, Jeff Costlow explains how that might affect the nature of threats in the coming year:
The physical security landscape is changing across Eastern Europe with Russia's invasion of Ukraine. Former Soviet Bloc countries are second-guessing Russia's military and security support. This means they're looking to other countries for alignment, including China. The realignment of physical support will coincide with a similar realignment in the cybersecurity world and we may see different Nation State campaigns as Russia loses some of its cyber-controlled territories.