Category: Predictions

The discussion of cyber security has grown beyond the IT department and now includes the entire C-suite as well as the Board. As the number of attacks has increased and the stakes grow regarding penalties and reputation, it has become a top issue for businesses of all sizes.

Increased vulnerability is causing headaches and expenses due to numerous societal shifts –  whether it’s the proliferation of the internet of things (IoT) in every aspect of business and society, or the widespread adoption of home and remote working that began during the Covid-19 pandemic and has persisted in many organizations.In this tumultuous climate, it’s a safe bet to say that 2023 will be a year in which cybersecurity remains top of mind. As such, we may expect the following major developments:

Boaz Gorodissky, CTO & Co-Founder

“Customer networks will become increasingly complex in 2023 as companies continue to move their critical assets to the cloud environment. . Attackers will try to compromise those assets, mostly by starting on-premises and trying to ‘jump’ from there to the cloud. The complexity of the networks will also cause more misconfiguration errors, creating a greater need to find, analyze, and prioritize the most severe mistakes.”

Matt Quinn, Technical Director for Northern Europe

“One trend that will be massive in 2023 is that many organizations will rethink their whole vulnerability management process, as it is currently broken industry-wide. Enterprises will instead start to look for approaches that identify exploitable vulnerabilities within their environment, in order to drive greater efficiencies.”

Sascha Merberg, Technical Director DACH

“Despite the plethora of reactive tools that are meant to stop a breach while in progress, organizations will continue to be breached. It doesn’t matter how good their cyber hygiene, endpoint protection or event analytics are. In addition, digital transformation and WFH have not just expanded the attack surface, but created completely new ones that are difficult to control and intertwined with core business processes – like the home computer an employee might use to connect to a company’s ERP system.

The need to understand how an attacker could move through their network is more important than ever for businesses. Instead of adding layers of noise generated by reactive tools and overloading already overloaded teams, organizations must utilize solutions that help predict attacks and focus on what is most relevant, both operationally and strategically.”

Shay Siksik, VP Customer Experience

“Attackers will rely less and less on CVEs, instead using identity theft, passwords, and misconfigurations to enter and move within networks. Some of the recent attacks we have seen, for example on Uber, did not use CVEs at all.”

Zur Ulianitzky, VP Research

“In 2023, Microsoft Active Directory (AD) will continue to be a major risk. Ransomware groups are here to stay, and AD is a huge attack vector they are exploiting in order to move laterally.

Vulnerabilities will also continue to have a major impact. Mail servers in particular are a primary goal for attackers. We have seen publicly exploited vulnerabilities like ProxyNotShell during 2022, and will continue to do so in 2023.

As organizations continue to adopt cloud services, the connectivity to the cloud is growing larger. That means that multi-connected systems such as Kubernetes and the cloud will be major vectors that will be exploited by hackers.”

Tobi Traebing, Technical Director EMEA

“I think we will see an increase in ransomware attacks/families and “professional ransomware,” as well as more widespread impacts. OT / IoT will also be an active target for threat actors using tools like wiper malware.”

Rinat Villeval – Manager of Technical Enablement

“The market is struggling to hire good cybersecurity teams, and there will be a lot of budget cuts in 2023. To combat this, companies will need to invest in team efficiency, including security solutions that will make the team’s work more efficient. Cyber threats are also growing even more rapidly because of the economic downturn globally, so companies that invested heavily in security controls before the ‘boom’ and in costly incident response activities afterwards will need to increase investment in the preventive realm to justify cyber insurance.”

The post XM Cyber’s Cybersecurity Predictions for 2023 appeared first on Cybersecurity Insiders.

By Geert van der Linden, EVP & Head of Global Cybersecurity Practice at Capgemini

You might feel like we live in an age of permacrisis. The past year has brought about rising geopolitical tensions, mass digitalization, more hybrid working, and a skilled labor shortage. Adding to these challenges is the new era of almost limitless connectivity, which is changing the way we live and work, all the while causing havoc for cybersecurity teams. As a result, organizations must adapt quickly or risk significant costs.

More companies are recognizing the importance of investing in cybersecurity. According to Gartner, global spending on cybersecurity could reach $1.75 trillion by 2025, with current spending at around $172 billion. In certain areas, such as data analytics, this investment is paying off with improved security capabilities, making it easier for IT teams to proactively identify and address cyber threats with data and automation.

However, the scope of cyber breaches continues to grow. Malicious actors continue to evolve, and so do their targets. Today, businesses, such as car manufacturers, must be aware of potential malware infections not just in their own systems, but also in those of their suppliers and equipment. With IT teams often being small, it can be difficult to constantly monitor and analyze everything. That’s why it’s crucial for employees – who are often the most vulnerable targets – to be better educated on cybersecurity threats and more proactive in preventing attacks and unintended vulnerabilities.

Where does that leave us for the year ahead? Here are the five challenges that will alter the industry in 2023:

Zero trust will replace perimeter security

Hybrid working has become the norm for many businesses now; employees are just as likely to be working from another country as they are from the office. Organizational data is flowing outside of traditional closed networks and into the cloud, while the 5G-powered Internet of Things (IoT) is vastly multiplying endpoints at risk from attack.

These factors spell the end of perimeter security, and in response, we need a zero-trust approach. This means that every user is suspicious until verified and must be granted access every time they pick up tools – eliminating any room for doubt and allowing for better monitoring of unusual behavior. Zero trust is essential for enabling the growth of digitalization and the cloud. In fact, Gartner reports that zero-trust network access will remain the fastest-growing segment in network security, with growth of 36 percent in 2022 and 31 percent anticipated in 2023.

Implementing a zero-trust security model cannot be done overnight but is a multiyear journey. It will depend on the amount of legacy infrastructure and will need to cater to the specific requirements of certain industries. The zero-trust model involves going beyond traditional network zoning to create a more stable and secure framework, and it’s likely that we will see more organizations fully adopting zero-trust in the coming year.

5G security hots up

Whether its cars, washing machines, or factories, 5G is transformative. It’s the foundation for Intelligent Industry. Almost everything can be connected to the internet, expanding the potential points of vulnerability. As such, 5G security and its security architecture will come under the spotlight as businesses continue to migrate to the cloud – with data flowing freely between organizations and telcos.

As adoption of 5G technology grows, it is essential to prioritize cybersecurity at the board level in order to effectively manage the challenges of the digital age. Without this focus on security, organizations will struggle to address potential threats, educate employees and vendors, and facilitate effective communication between cybersecurity teams and decision makers.

Security by design

Cybercriminals are now targeting vulnerabilities further down the supply chain as more specialized connected devices are produced. Take a specialist manufacturer of a connected car part as an example. These attacks are likely to become more prevalent as geopolitical tensions around intellectual property and influence rise.

To address this, it’s crucial to incorporate security measures during the development stage through a process called DevSecOps. This involves bringing together development, security, and operations teams to automate security throughout the software development lifecycle, which can help reduce effort, cost, and improve compliance.

Neglecting to prioritize security early on in the development process could have serious consequences for critical industries like healthcare, automotive, energy, and agriculture.

Invest in data over AI

While there’s no doubt that AI and automation technology will continue to advance, their progress is not happening as quickly as some may hope. Instead, next year, data analytics and data mining will take greater prominence.

Both will be critical to relieving some of the pressure on IT teams. A study by IBM, found that 67% of Cybersecurity Incident Responders say they experience stress and/or anxiety in their daily lives, with an alarming 65% seeking mental health assistance as a result of responding to cybersecurity incidents. By better harnessing data, teams can deliver better insights and correlation on attack trends, while forecasting future attacks. In this way, organizations can help to reduce the pressure on cybersecurity professionals.

Growing concerns in hyperscalers

As more and more businesses migrate to the cloud, worldwide spending is expected to reach $1.3 trillion by 2025. At the same time, 79% of companies experienced at least one cloud data breach in the last 18 months.

The added values and integrations of platforms like Microsoft Azure and Amazon Web Services are significant. However, such hyperscalers put more pressure on smaller security providers who will continue to lose their market share in the year ahead – they have to prove that they’re capable of delivering secure cloud environments as part of the package. Businesses need to be able to move into the cloud with confidence, and for SME’s especially, affordability is crucial.

There’s still room for hope in 2023 despite the scale of these challenges. The security environment can feel overwhelming, but investments continue to rise even within the context of global inflation.

Advancements in data analytics and capabilities are improving and showing the benefits they bring to the table, but organizations will have to invest in talent to help teams alleviate forthcoming pressure. By leveraging this technology and promoting a culture of security at all levels, including among suppliers and employees, businesses can position themselves for success in the security industry in the coming years.

The post What’s Next in Cybersecurity: Insights for 2023 appeared first on Cybersecurity Insiders.

Richard Bird, Chief Security Officer, Traceable AI

This year will be the year that many business and security leaders will wake up to truly understand the scope of their API security issues.

For the past three years, organizations have prioritized flexibility and growth over security and navigating extremely challenging business conditions. They’ve aggregated large data sets and deployed more cloud services to digitize business models, products, and services. The key to making all of this work is truly APIs. When creating and deploying apps, DevOps teams use internal APIs to connect data sources and business processes, and external APIs to communicate with partners and customers. As a result, sensitive data, such as critical business information and consumers’ contact, financial, and health information, increasingly passes over APIs.

Unfortunately, organizations typically lack the ability to automatically discover, inventory, validate, manage, and secure their API inventory, which is increasing every week. In addition, teams may be using operational frameworks that don’t enforce standardization and governance, as their API holdings skyrocket. As a result, most organizations are unaware of the extent of the APIs they possess, and cyber-attackers and malicious actors are taking note. Hackers have identified APIs as the Achilles heel in organizations’ cybersecurity posture and are using them to steal data, commit fraud, and create havoc in the marketplace, among other aims. More than half of all data thefts were traced to unsecured APIs as of 2020, according to Gartner – and the problem is only getting worse.

Here are some API security predictions for 2023:

Prediction #1: There will be a major API security breach that forces faster regulatory action

Gartner predicts that by 2025, less than 50 percent of enterprise APIs will be managed, as explosive growth outpaces API management capabilities.

Already, API security incidents are soaring, and regulators are taking notice. An adversary used LinkedIn’s official API to scrape data on 90 percent of its users. A researcher used Venmo’s public API to access data on millions of payments. The zero-day, Log4Shell vulnerability, reported in December 2021, is still being exploited. Other API security incidents have ensured Coinbase, John Deere, Experian, Peloton, SolarWinds, and more.

While regulatory action typically lags behind advanced technology development, API security is increasing the scope and severity of security breaches. I predict that a major API security incident that disrupts mission-critical services, such as in the financial or public infrastructure verticals, will occur in 2023, forcing faster regulatory action across all verticals.

Prediction #2: Leaders will see APIs as representing both security and business risks

The need to protect business operations, customers, and data will be a key driver for organizations to implement API security platforms. This year, leaders will want to take a broader look at the problem of managing APIs.

That’s because the lack of control, security, and governance around APIs doesn’t just increase risks, it is also operationally inefficient.

DevOps teams are constantly developing and deploying APIs to connect applications and processes. That means there is a huge number of zombie APIs, which are APIs that are abandoned, but not yet removed from corporate systems. The lack of synchronized, standardized processes also is increasing process redundancy across API groups. As a result, organizations are spending more on development processes and application maintenance then they need to.

Prediction #3: Financial services will lead other verticals in addressing API security issues

Global regulators need to develop API-specific security regulations, rather than relying on data protection regulations such as HIPAA, GDPR, PCI, and others to govern these digital connections.

The good news is that financial services are poised to lead the charge for more regulatory oversight. Already, the Federal Financial Institutions Examination Council (FFIEC) members issued guidance governing securing authentication and access to financial institutions’ services and systems, including APIs.

In 2023, we expect that these regulators will increase their expectations around financial institutions’ API security. This heightened focus couldn’t come too soon. With their motherlode of rich customer data and transactions, banks, fintech companies, insurance companies, and other financial institutions represent a favorite attack target for hackers. In addition, the industry must develop a scalable approach to API security if it is to move forward with open banking. Open banking, which provides third parties with access to financial transaction data, is completely powered by APIs.

Financial services have led other industries in terms of adopting risk and security frameworks and tools to protect data and systems. It will do the same with API security, setting a standard for other verticals to follow.

Prediction #4: Organizations will right-size data storage to reduce risks

One of the reasons that API security risks are so dangerous is that organizations are collecting and storing too much data. While data storage used to be expensive, tumbling costs over the past decade have enabled organizations to collect petabytes of unstructured data, much of which isn’t used. Like APIs, organizations have a shadow data problem, with unknown, unmanaged data stores abounding.

As they harden API security, business, IT, and data teams should also rationalize their data holdings. Business is transforming so fast that most historical data hold little value. Organizations predict operational performance in terms of days and weeks now, rather than years. Far better, then, to purge unnecessary data than to risk storing it in an unmanaged database – and having it exfiltrated over an unsecured API.

Prediction #5: Enterprising CISOs will see API security as an opportunity to innovate

API security is a greenfield opportunity that leading CISOs will exploit to choose and implement the best frameworks, processes, and tools for their organizations. Those that move ahead proactively to implement solutions, such as platforms that enable automated AI discovery, cataloging, management, and real-time attack detection, will achieve significant improvements in security and risk mitigation.

They’ll also integrate API security testing into pre-production processes, enabling developers to scan and remediate APIs before they are deployed. By doing so, they’ll enable teams to use DevSecOps processes to develop and deploy applications at pace, without increasing their organizations’ attack surface.

These CISOs will help their organizations outperform competitors who rely on unsecured API gateways or the limited capabilities of web application firewalls. They’ll achieve this goal by enabling faster innovation, using connected processes to reap more value from customers, and sparing their organizations from disabling API security breaches.

Prediction #6: Leading with API security will differentiate organizations in the marketplace

The future of business is connected, meaning that future API growth is likely limitless. So, the question is not whether organizations will secure APIs, but when and how.

Gartner predicts that by 2025, 60% of organizations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements. Furthermore, no organization wants to lose control over their business, customer data and precious intellectual property due to partners’ improper API security practices – or be on the receiving end of a cybersecurity attack for the same reason.

Since third-party APIs will represent 30 percent of all APIs used to connect organizations’ applications and data sources, leaders will think carefully about whom they want to do business with.

Because the API security industry is fast-transforming. There are myriad tools and platforms that CISOs and their teams can choose from, as well as lessons learned from lists of API security risks and retrospective analyses of breaches.

By learning more about API security and best practices, CISOs can lead to reducing these risks. They can implement effective governance, standardize and enforce processes, discover and control API holdings, and proactively remediate unsecured APIs before they are used in attacks.

APIs can unlock increased business potential and value for organizations – or remain a source of unmitigated risk that harms business momentum and revenues. That choice will become increasingly important in 2023.

About The Author:

RICHARD BIRD, CHIEF SECURITY OFFICER, TRACEABLE AI

Richard is a multi-time, c-level executive in both the corporate and start-up worlds, Richard is internationally recognized for his expert insights, work and views on cybersecurity, data privacy, digital consumer rights and next generation security topics. Richard delivers keynote presentations around the world and is a highly sought after speaker, particularly when he is translating cybersecurity and risk realities into business language and imperatives. He is a Senior Fellow with the CyberTheory Zero Trust Institute, a Forbes Tech council member and has been interviewed frequently by media outlets including the Wall Street Journal, CNBC, Bloomberg, The Financial Times, Business Insider, CNN, NBC Nightly News and TechRepublic.

The post Predictions for 2023 API Security appeared first on Cybersecurity Insiders.

By Brad Liggett, Technical Director, Americas for Cybersixgill

Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. The year promises a “Spy vs. Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies.

Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals. In those same technologies they find new breach pathways and targets, and more sophisticated intrusion techniques.

The result can be a cat-and-mouse game in which we run in circles without either actually getting ahead.

For cyber professionals, awareness is the first and perhaps most important step toward breaking out of this cycle. While predictions are always risky – perhaps even more so in the unpredictable digital realm – we can gird ourselves against the coming year by looking at what’s happening now, knowing our adversaries will be sure to step up their game.

We see these three cyber trends looming in 2023:

  1. Advanced Persistent Threat (APT) software will level the playing field between less-experienced, profit-driven cybercriminals and more politically motivated state-backed groups. As a result, these disparate perpetrators will work together, irrespective of where they’re located, as supporting governments look the other way.Even as nation-state-supported groups launch APT attacks on their governments’ behalf – such as the China-baked APT5’s recently discovered exploit of a Citrix application – we’re seeing software for sale on the dark web that gives lone wolf and profit-driven groups similar capabilities. We call these threat actors “Quasi-APTs.”

How to prepare: CISOs must be more vigilant than ever before, and make sure their organizations can track, monitor, and remediate threats from multiple points, around the clock. These threats aren’t coming only from state-sponsored APT groups anymore, but also from your garden-variety dark web actor or Anonymous chapter.

Automated threat intelligence and robust vulnerability management programs are now more critical than ever for enterprises. As your technologies proliferate so, too, do your endpoints, each a potential avenue for breach – and they may number in the thousands. Without automation, continuously protecting them all will be impossible.

  1. Artificial Intelligence (AI) will play an increasingly important role on both sides, as threat actors use malicious AI and enterprises employ the technology to proactively find and preemptively eliminate threats.

Everyone’s talking about ChatGPT, the OpenAI chatbot that can “speak” with users intelligently – answering questions, admitting mistakes and correcting itself, rejecting inappropriate requests, and more. It’s an exciting advance for enterprises wanting to use AI to better serve customers – and it’s most likely exciting for cybercriminals, as well.

Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. The emails don’t have the usual spelling, grammar, and syntax errors that today’s phishing messages composed by non-native-English speakers tend to contain – errors that serve as a tip-off to recipients.

Likewise, this technology could make misinformation and disinformation that much more credible, writing articles and posts using persuasive techniques pretty much reserved for humans now.

How to prepare: Governments and enterprise organizations will need to use natural language processing and AI to shift to a more proactive approach to cybersecurity. Automation using AI will play an essential role. By listening in on chatter among threat actors, AI can determine which threats are most likely to materialize, and send defense and response resources to where they’re needed, before they’re needed.

  1. The use of “wiper” malware will proliferate, erasing data from government and critical infrastructure systems as well as mobile phones.

Originally intended to help companies erase data from company devices – a security technology – wiper software has morphed into wiper malware.

We’re seeing an increase in dark-web chatter about planting malware in Android marketplaces, including the use of “wiper” malware that erases data.

Many federal agencies already use Android phones, and will need to up their vigilance against this devastating tool.

The “NotPetya” attack of 2017 – the most financially damaging cyberattack in history – and the 2018 “Olympic Destroyer” attack, which took down the entire technology system of the Winter Olympics in Seoul, South Korea, used wiper malware.

These attacks, both attributed to cybercriminals in Russia, almost certainly weren’t motivated by money, since the attackers didn’t deploy ransomware or demand pay. This emerging tactic warrants the attention of not only governments but critical infrastructure providers, as well, and possibly even individuals as criminals move to wiping clean mobile phones.

The good, the bad, and the ugly

As the new year progresses, it’s important to remember that pretty much everything has a good side and a bad side. Technology offers many upsides, including helping us to work and live more efficiently and securely. But cybercriminals pay attention to technological trends perhaps even more closely than most. When one catches on, they’ll be there, hoping to cash in.

If these predictions – based on information gleaned from our observations in the areas of the internet most can’t see – tell us anything, it’s this: in 2023, businesses will need to work harder to stay ahead of cybercrime. Old, reactive paradigms won’t do, not anymore, and we all know what happens when you run in circles: you go nowhere.

 

The post Three cybercrime technology trends to watch in 2023 appeared first on Cybersecurity Insiders.

Darren James, Head of Internal IT, Specops Software

It’s that time of year again, when IT and security experts line up to reflect on the past year and share their industry predictions for what’s to come. With the cybersecurity landscape more unpredictable than ever, it can be difficult to predict what’s going to happen tomorrow, let alone in the next 12 months. However, while few things may be certain in life, with rising global conflicts, a looming recession, and the continued use of weak and breached credentials, we can be sure that more cyberattacks will be on the horizon in 2023. Here are a few trends and predictions to watch out for in the new year:

1 – The new Cold War brings increasing nation-state attacks

Nation-state cybercriminal activity is nothing new, but the ongoing conflict between Russia and Ukraine has brought with it increased and even more sophisticated nation-state activity, particularly aimed at Ukraine and its allies. But with increasing pressures from the war and economic downturn, we have likely just glimpsed the beginnings of the new Cold Cyber War as state-sponsored hackers look for new ways to make money and disrupt critical infrastructure.

Based on recent cybercriminal activity, businesses should expect increased social engineering and train employees to recognize the signs of such attacks. And with new social engineering trends like “callback phishing” on the rise, it’s not just businesses that should be concerned. Businesses and consumers alike will need to be on the lookout to protect themselves from increasingly crafty cybercriminals.

2 – Cybersecurity budget cuts introduce new threats

With a looming recession, many organizations will be looking for ways to reduce spending. Despite increased concern and emphasis on cybersecurity in recent years, cybersecurity personnel and tools may be on the chopping block amid budget cuts. Unfortunately, cybercriminals will likely be feeling the impacts of recession as well and looking for new ways to make a quick buck to reduce financial strain. As a result, we can expect a vicious circle whereby organizations that reduce cybersecurity investments to save money may actually incur more costs and consequences as a result of financially-motivated attacks.

3 – Credential-based attacks will continue to rise

Credential-based attacks have been on the rise, with Verizon finding stolen credentials contribute to nearly 50% of attacks and a plethora of cyberattacks this year as evidence. Unfortunately, the password guidelines we’ve all grown familiar with and that many web services used as requirements – such as using a mix of capital and lowercase letters, numbers, and special characters – are no longer enough, with Specops Software’s 2022 Weak Password Report finding that 93% of the passwords used in brute force attacks include 8 or more characters and 68% include at least two character types. But despite warnings from security experts, individuals continue to use weak and breached passwords that leave them vulnerable to cybersecurity threats. In 2023, credential-based attacks are likely to continue, coupled with new threats related to weak forms of multi-factor authentication and rising phishing attempts.

Despite the doom and gloom of these predictions, there is good news – organizations can take steps now to ensure they are better protected from cyber threats in the new year. With weak and breached credentials at the center of so many security incidents, password security is a great place to start. Organizations should consider introducing measures to block weak and breached passwords, requiring longer and harder-to-guess passphrases, and utilizing password managers to help employees securely store and manage login credentials. It is also critical for organizations to require a strong form of backup authentication, such as biometrics, to provide an added layer of security for all sensitive business information.

Few things may be certain except cyberattacks, but you can control your destiny in 2023 by taking small steps now to improve your organization’s security posture.

The post Few things are certain except cyberattacks: Security predictions for 2023 appeared first on Cybersecurity Insiders.

John Stock, Product Manager, Outpost24

With continued challenges from remote and hybrid working, increased economic unrest and geopolitical conflict, and a new gang of teenage hackers, 2022 has certainly thrown cybersecurity professionals some curveballs. While many of the same trends and threats remain, 2023 is likely to keep us on our toes as these threats mature and the landscape continues to shift. Here are a few trends to watch out for in the new year:

Cyber threats emerge as a result of hybrid working

More workers have returned to the office, with hybrid work increasingly the new normal. With this shift comes new challenges – some similar to those businesses have faced since the start of the pandemic, and some still emerging. With hybrid work, VPN and remote access will start to become greater network-based targets. Additionally, the user will continue to be the weak point, with blurred lines between work and home devices creating new challenges. 2FA spamming is now quite commonplace, with a number of high-profile attacks like that on Uber recently using this method to gain remote access. Businesses with remote and hybrid workers will need to take steps to educate employees on these new threats and put new protocols and tools in place to ensure employees are as secure at home as they are in the office.

Increased challenges for web application asset management

Many security professionals have emphasized the importance of asset management for IoT and other internet-connected devices. However, in 2023, it’s time to broaden our definition of asset management to include both hardware and software assets, with the growth of cloud computing introducing new internet-based threats and many organizations still lacking a comprehensive inventory of internet-facing assets and their attack surface. As with devices, it is difficult to protect cloud resources and web applications if you don’t even know they exist. It is critical for CISOs and security teams to track and maintain an up-to-date inventory of all internet-facing assets and take steps to minimize and manage their organization’s attack surface.

The economic downturn fuels more sophisticated cyber crime

The current economic climate means individuals and businesses are tightening their purse strings and may not be in a position to withstand the financial impacts of cybercrime. Unfortunately, at the same time, cybercriminals will be looking for new ways to make a quick buck, fueling a growth in online fraud from the most basic scams to highly sophisticated ransomware extortion. As fraud becomes more mainstream and consumer-focused in 2023, businesses and individuals alike will need to keep an eye out for evolving scams and educate themselves on the latest tactics as cybercriminals look for even more elaborate ways to carry out their attacks.

The key is to adapt

Ultimately, those that fare best against new 2023 threats will be those that are quick to adapt. Cybercriminals are always looking for new avenues for financial attacks and have evolved their tactics over the last few years as the landscape has shifted as a result of the pandemic, related rise of remote work, and other trends. By educating yourself on the threats and implementing new procedures and tools to combat them you will be one step ahead in the new year.

The post Cybersecurity Predictions: 2023 Brings New Threats from Hybrid Working and Economic Downturn appeared first on Cybersecurity Insiders.

By Marcus Fowler, CEO of Darktrace Federal

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy.

1 – Attacker tradecraft centers on identity and MFA

It wasn’t just the recent Uber attack in which the victim’s Multi-Factor Authentication (MFA) was compromised; at the core of the vast majority of cyber incidents is the theft and abuse of legitimate credentials. In the case of Uber, we saw that MFA can be defeated, and with Okta, that the MFA companies themselves become targets – potentially as a mechanism to reduce its effectiveness in other customer environments.

Once considered a ‘silver bullet’ in the fight against credential stuffing, it hasn’t taken attackers long to find and exploit weaknesses in MFA and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a stand-alone ‘set and forget’ solution. Questions around accessibility and usability continue to dominate the MFA discussion and will only be amplified by increases in cloud and SaaS along with the dissolution of traditional on-prem networks.

Today and in the future, MFA should be viewed as one component of a wider zero trust architecture, one where behavior-based analytics are central to understanding employee behavior and authenticating the actions taken using certain credentials.

2 – Continued ‘hacktivism’ from non-state actors complicates cyber attribution and security strategies

The so-called ‘vigilante’ approach to cyber geopolitics is on the rise. Recent attacks launched by groups such as Killnet, though limited in their operational impact, have not failed in their aim to dominate global headlines in light of the Russo-Ukraine conflict, mounting concerns that these citizen-led operations could become more destructive or that states could use these groups as a deniable proxy.

Yet claims that ‘Russia’ launched these attacks can be misleading and add fuel to an already complicated political fire. Cyber attribution and deciphering the extent of state-level tasking is difficult, with blurred lines between state-aligned, state-involved and state-directed increasing the risk of escalation, collateral and misattribution.

In 2023, ‘knowing thy enemy’ in cyber will be more complicated than ever before – but it is critical that organizations remain aware of the realities of cyber risk and cease to focus on the ‘boogie man’ of the internet that features in sensationalist reporting. Persistent, widely available, lower-sophistication malware and run-of-the-mill phishing campaigns statistically remain a greater global risk to corporations than the newest, most devious exploit kit or ransomware typically associated with APT groups. As it gets harder to name the enemy, we should see organizations moving away from the headlines and towards ensuring operational stability based on a bespoke understanding of their unique risk profile.

3 – Crypto-jacking neglect gets dangerous

The hijacking of computer resources to mine cryptocurrencies is one of the fastest growing types of cyber-threats globally. These attacks are often overlooked as unthreatening ‘background noise’, but the reality is that any crypto-mining infection can turn into ransomware, data exfiltration or even an entry point for a human-driven attack at the snap of a finger.

To achieve the scale of deployment that crypto-jackers are looking for, illegitimate network access must have been enabled by something relatively low-cost – a pervasive software vulnerability or default, weak or otherwise compromised credentials. This means that the basics aren’t being done right somewhere, and if a crypto-jacker could do it, what’s stopping a ransomware actor from following the same path?

In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible. Security leaders need to ask themselves: “How did this person get in?” – and shore up the easiest points of entry into their organization.  Companies should not live with rogue software and hackers siphoning off their resources – particularly as rising energy prices will mean a greater financial loss is incurred as a result of illicit crypto-mining.

4 – Ransomware rushes to the cloud

Ransomware attacks are ever-evolving, and as cloud adoption and reliance continue to surge, attackers will continue to follow the data. In 2023, we are likely to see an increase in cloud-enabled data exfiltration in ransomware scenarios in lieu of encryption.

Third-party supply chains offer those with criminal intent with more places to hide and targeting cloud providers instead of a single organization gives attackers more bang for their buck. Attackers may even get creative by threatening third-party cloud providers – a tactic which already impacted the education sector in early October when the Vice Society ransomware gang blackmailed Los Angeles Unified (LAUSD), the second largest school district in the US, and published highly sensitive information, including bank details and psychological health reports of students on the darknet.

5 – Recession requires CISOs to get frank with the board about proactive security

Cyber security is a boardroom issue, but with growing economic uncertainty, organizations are being forced to make tough decisions as they plan 2023 budgets. Rising cyber insurance premiums are one thing, but as more underwriters introduce exclusions for cyber-attacks attributed to nation-states, organizations will struggle to see the value in such high premiums. Both insurance and compliance have long been seen as ways of ticking the ‘protection’ checkbox without achieving true operational assurance, and we need look no further than Colonial Pipeline to see that insurance cannot compensate for long-term business disruption and reputational damage.

In 2023, CISOs will move beyond just insurance and checkbox compliance to opt for more proactive cyber security measures in order to maximize ROI in the face of budget cuts, shifting investment into tools and capabilities that continuously improve their cyber resilience. With human-driven means of ethical hacking, pen-testing and red teaming remaining scarce and expensive as a resource, CISOs will turn to AI-driven methods to proactively understand attack paths, augment red team efforts, harden environments and reduce attack surface vulnerability. Maturity models and end-to-end solutions will also be critical, as well as frank communication between CISOs and the board about the efficacy of continuously testing defenses in the background.

The post 2023 Cybersecurity Predictions from Marcus Fowler, Darktrace appeared first on Cybersecurity Insiders.

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. This analysis from Dirk Schrader, Vice President of Security Research, and Michael Paye, Vice President of Research and Development, is based on Netwrix’s global experience across a wide range of verticals, including technology, finance, manufacturing, government and healthcare.

Here are five specific trends for 2023 that you need to be aware of:

  • The business of cybercrime will be further professionalized. The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. In particular, the growth of ransomware-as-a-service is enabling criminals without deep technical skills to make money, either by extorting a ransom for decryption keys or selling stolen data on the dark web or to a victim’s competitors. Accordingly, organizations should expect an increase in phishing campaigns. Vital defense strategies include timely patching and updating of software, as well as locking down network access with multifactor authentication (MFA) and privileged access management (PAM) solutions.
  • Supply chain attacks will intensify. Modern organizations rely on complex supply chains, including small and medium businesses (SMBs) and managed service providers (MSPs). Adversaries will increasingly target these suppliers rather than the larger enterprises knowing that they provide a path into multiple partners and customers. To address this threat, organizations of all sizes while conducting a risk assessment need to take into account the vulnerabilities of all third-party software or firmware.
  • Understaffing will increase the role of channel partners. Demand for cybersecurity professionals is far outpacing supply. This shortage of cybersecurity talent will increase risks for businesses as attacks become even more sophisticated. To overcome this challenge, organizations will rely more on their trusted security partners, such as channel partners, system integrators, MSPs and MSSPs.
  • The human factor will become a top security concern. Users have long been a weak link in IT security, prone to opening infected email attachments, clicking malicious links and other risky behavior. Now, rapid advancements in social engineering and easy-to-use deep fake technology are enabling attackers to trick more users into falling for their schemes. Accordingly, comprehensive auditing of user activity will become even more crucial for spotting abnormal behavior in time to prevent serious incidents. In addition, implementing a zero standing privilege (ZSP) approach will help organizations prevent abuse of their most powerful accounts, either unintentionally by their owners or by adversaries who compromise them.
  • Vendor consolidation will continue gaining momentum. To combat cybercrime, organizations keep investing into IT security. But more tools doesn’t always mean better security — point solutions from different vendors operate separately, offer overlapping or conflicting functionality, and require organizations to deal with multiple support teams. To minimize the security gaps caused by this complexity, organizations are now looking to build a security architecture with a select, smaller group of trusted vendors, which offers the additional benefit of reduced costs from loyalty pricing. In turn, it leads to a faster Return on investment (ROI) which is increasingly important in the current economic climate.

“It’s not getting any easier for IT professionals to secure their environments. Indeed, cybercriminals keep inventing new attack tactics and techniques,” says Michael Paye. “To respond effectively, it is vital to identify what really matters and concentrate on protecting the most critical assets. Organizations should regularly reassess their risks to address the most likely and potentially damaging threats, and focus on increasing their cyber resilience to be able to operate even under an ongoing attack.”

About Netwrix 

Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

For more information, visit www.netwrix.com.

The post Five Cybersecurity Trends that Will Affect Organizations in 2023 appeared first on Cybersecurity Insiders.

By Doriel Abrahams, Head of U.S. Analytics, Forter

‘Tis the season for holiday shopping, and with it, a surge in e-commerce transactions. While this festive time of year presents a big opportunity for retailers, it is also rife with fraudsters hoping to catch them off guard.

From new, sophisticated scams to variations on tried-and-true tactics, cybercriminals are hard at work devising ways to take advantage of eager shoppers and their spike in online activity.

Here are five trends online merchants need to watch out for to keep their business – and their customers – safe this holiday season.

1. Rise in Amateur Actors

In a case of good shoppers turned bad, a growing number of customers formerly recognized as legitimate are going rogue. Within Forter’s own network, we’ve seen a 35% increase in fraud committed by non-professional fraudsters, particularly in North America.

Unlike specialized cybercriminals who run well-organized operations like a business, these are everyday consumers who turn to fraud as an additional source of income. They are more likely than professional fraudsters to target items on the average shopper’s holiday wish list such as cell phones, gaming consoles and luxury goods.

Their activities are not to be confused with friendly fraud aka policy abuse, but are rather standard credit card fraud using stolen card data. What usually gives amateurs away is their lack of technical savvy. They often use their own devices and resort to simple obfuscation strategies like a VPN.

2. Increase in Couponing

Given the current state of economic uncertainty, consumers globally, and especially in the U.S., are being extra scrupulous about how they spend and using more coupons. In the past, coupon use remained fairly steady from one season to the next, but this year, we’re already seeing a double-digit increase in coupon usage of about 11%.

Fraudsters who are in on this buying trend are craftily using coupons to make their personas look more legitimate and trustworthy. For this reason, merchants can’t let their guard down just because a customer comes with coupons.

Even good customers are giving way to different forms of coupon abuse. They try rigging the system by reusing or stacking coupons, sometimes setting up multiple accounts to get more than what’s allowed. Merchants need to ensure they have clear policies on applying coupons and that their systems are configured to enforce those rules.

3. Gift Card Growth

Gift cards are on the wish lists of holiday shoppers and fraudsters, alike. They make a practical present for friends and loved ones. And fraudsters like them because they’re anonymous, easy to resell and can be used as part of a chain of fraudulent activity.

Traditionally, gift card purchases spike during certain periods of the shopping season, notably during Black Friday and Cyber Monday and again in mid-December. The ultimate peak comes on Christmas Eve when gift card purchases are six to seven times greater than on November 1.

This year is different with fraudsters getting in on the act much earlier. They’ve already started doubling down on gift card attacks since late October and are exploiting where they have found vulnerabilities, which are retailers more so than gift card-specific merchants.

4. Creative Address Manipulation

Fraudsters are always looking for new ways to circumvent security measures, including address verification services (AVS) that merchants use to catch credit card fraud. After all, just like good customers, bad actors have to provide a shipping address in order to receive merchandise.

During the busy season, criminals are employing rather low-tech ways to skillfully trick AVS, such as writing “one” instead of the numeral “1” since AVS only checks numbers and not words.

Another maneuver is writing the address in the name field and “see name” in the address field. This makes the address discernable to the mail courier without getting flagged by the AVS or other detection systems.

Similarly, adding an innocuous element to a shipping address prevents machines from noticing that the same address has been used multiple times, while still enabling the courier to deliver the package.

5. More Bot Attacks

More is anything but merrier when it comes to malicious bots, yet vertical industries across the board, including those that haven’t typically been targeted, are seeing a major uptick in attacks. These attacks are generally large, professional operations utilizing sophisticated technology at extreme volumes.

When a site’s traffic is heavy, bots find it easier to fly under the radar. And while they’re known for targeting checkout, bot attacks are increasingly infiltrating other points along the customer journey, including account creation and login.

Forter’s data shows that apparel and footwear merchants that offer limited stock drops or flash sales are particularly vulnerable, facing five to six times more bot attacks than merchants that don’t engage in similar marketing tactics.

As more transactions are conducted online, fraud attempts are also expected to increase this holiday season, making it a stressful time for e-commerce merchants. By understanding the evolving threats to their bottom line and taking proactive steps to thwart them, companies will help keep their business protected not only during the holidays but every day of the year.

The post Five Fraud Trends To Watch Out for in the 2022 Holiday Season appeared first on Cybersecurity Insiders.

By: Matt Lindley, COO and CISO of NINJIO

Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. Likewise, the cyberthreat landscape is undergoing several tectonic shifts, such as the increasing frequency of state-sponsored cyberattacks, the infiltration of supply chains, and the exploitation of a widening array of attack vectors.

While the year ahead will certainly be full of surprises, there are several measures companies can take to defend themselves from cyberattacks, and building a more cyber-aware workforce should be at the top of the list. As we tackle that challenge, here are four major trends that will shape that work in the coming year.

1 – The era of remote work will present new cyberthreats. While many employees have returned to the office, it’s clear that remote and hybrid work will be a permanent feature of the workplace. A recent McKinsey survey found that 87 percent of employees who have the chance to work remotely take it, and they spend an average of three days per week working outside the office.

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. To avoid these risks, companies need to develop a culture of cybersecurity that will lead to sustainable behavioral change whether employees are in the office or not. Companies should also provide clear channels for reporting suspicious incidents. Finally, employees should have all the tools necessary for safe remote work, such as VPN subscriptions, password managers, and devices equipped with multi-factor authentication.

2 – The proliferation of attack vectors will put companies at risk. The average American household has 22 connected devices. Unlike an employee’s laptop or smartphone, many of these devices don’t have built-in security updates, which means sharing a network with them is risky. As the number of IoT devices surges and employees continue working outside the office, cybercriminals will have a huge number of new entry points.

When Rockstar Games was recently hacked, cybercriminals downloaded highly sensitive in-development game footage from the company’s Slack channel and posted it on YouTube. Cybercriminals also used Slack to infiltrate Uber around the same time. These are reminders that cloud-based productivity tools like Slack (which are becoming more common, especially in the remote work era) are prime entry points for hackers, who know how much privileged information is shared on these platforms every day. But it also illustrates a broader point: companies have to know what resources their employees are using, which will allow them to establish clear data sharing guidelines, security protocols, and incident reporting mechanisms.

3 – Supply chains will continue to be major targets. At a time when 93 percent of supply chain executives say they’re planning to make supply chains more resilient, cybersecurity should be one of the most critical elements of this effort. A report by NCC Group found that supply chain cyberattacks increased by 51 percent in the second half of last year, and we should expect to see more attacks in the near future.

Cybercriminals are particularly focused on supply chains because they rely on many complex and interconnected digital systems that can be infiltrated and disrupted. Supply chains are also uniquely susceptible to third-party risk, as lackluster cybersecurity among partners can give cybercriminals back-door access to more secure targets. The supply chain sector is in the middle of a comprehensive digital transformation, which means companies are in the early stages of deploying digital resources to improve visibility, collaboration, and so on. Many cybercriminals view this as an opportunity to exploit digital systems that are still being set up.

4 – The majority of cyberattacks will target human beings. While the cyberthreat landscape is constantly shifting, one constant remains: cybercriminals rely on human error to launch the majority of their attacks. According to the 2022 Verizon Data Breach Investigations Report, 82 percent of breaches over the preceding year involved a human element. This finding has been remarkably consistent over the years, and it’s unlikely to change any time soon.

While digital tools like VPNs and multi-factor authentication play an important role in keeping companies safe, no resource is more valuable than a cyber-aware workforce. This is why cybersecurity education has never been more important. There are several crucial elements of an effective educational platform: engagement, consistency, and relevance. It’s vital for cyber-awareness content to capture employees’ attention, regularly reinforce what they learn, and be applied to keep them safe.

While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

The post The four cybersecurity trends to watch in 2023 appeared first on Cybersecurity Insiders.