Looking into cyber security’s crystal ball

In recent years, due to remote and then hybrid working, and systems moving rapidly to the cloud, new vulnerabilities and fresh attack vectors emerged. Attackers took full advantage of this and found the gaps that nobody knew they had.

So says Anna Collard, SVP content strategy & evangelist at KnowBe4 Africa.

“Looking ahead at 2023, it is very likely that there will be a continued increase in the sophistication and prevalence of mobile malware attacks, particularly against Android devices,” she says.

Last year, the FluBot trojan swept through Android phone users, stealing passwords, online banking details, and private information. It was highly effective, and it’s likely we will see more of this type of attack next year, she adds.

Collard believes another area of concern is the increased use of IOT solutions. This technology is finally ‘finding its digital feet’, and making inroads across smart cities, organisations and solutions. However, it is also a significant risk.

“Operational environments, such as SCADA, are becoming increasingly digitised and more inclusive of IOT technologies,” explains Collard. “This means that where a malware infection could have potentially only impacted a company’s administrative network in the past, the interconnected and digital transformation of these systems now makes them all open to risk.”

She says this can impact a company’s downtime, but it can also impact the physical safety and well-being of employees. More concerning, KnowBe4 has spotted a shift amongst threat actors away from financial services to the manufacturing industry.

Companies need to become more vigilant, and they need to be more prepared for what lies ahead.

Anna Collard, KnowBe4 Africa.

This situation can evolve within high-risk plants or manufacturing environments where systems are digitised and connected to enhance worker or machinery safety. If these systems are hacked, it could lead to unexpected problems or safety issues. If there is not the right amount of security in place, then the increased attack surface presented by digitised systems creates more opportunities for cyber criminals.

“Of course, the more complex systems get, the more difficult it becomes to properly secure them,” says Collard. “There is IOT and there is operational technology, and then there are interconnected cyber-physical worlds or systems such as autonomous cars and digital twins that increase the attack surface.”

This, she says, is why the key word for 2023 is vigilance. “Companies need to become more vigilant, and they need to be more prepared for what lies ahead.”

On the plus side, Collard believes that decision-makers across all levels of the organisation have become more aware of security, and more invested in implementing it properly.

“This trend sharply rose in 2022 and will continue on its upward trajectory well into 2023 – and this will go a long way towards helping companies be better prepared for the onslaught that lies ahead.”

She says it’s hard to predict precisely what vector, threat, attack surface, or vulnerability will be exploited by bad actors in 2023. But it’s easy to predict that they will keep on trying, because it is a profitable business for them.

“To combat the risks and embed a culture of security within the business, companies need to focus on training, security skills development, robust security solutions, and constant awareness,” Collard ends.

According to Check Point Software, we can expect more global attacks, government regulation, and consolidation next year.

“Hacktivism, deepfakes, attacks on business collaboration tools, new regulatory mandates, and pressure to cut complexity will top organisations’ security agendas over coming year,” the company says.

Globally, cyberattacks across all industry sectors grew by 28% in Q3 of 2022, compared to the year before, and the company predicts a continued sharp rise worldwide.

This will be driven by increases in ransomware exploits and in state-mobilised hacktivism fuelled by international conflicts.

The company also found that cyber threats targeting African entities outnumber those in other parts of the world.

Adding fuel to the fire, security teams will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further, which will see governments introducing new cyber-regulations to protect citizens against breaches.

Similarly, there will be new national cybercrime task forces, as more governments follow Singapore’s example of setting up inter-agency task forces to counter ransomware and cybercrime, bringing businesses, state departments and law enforcement together to fight this threat.

“The dearth of cybersecurity professionals across Africa means it is more important than ever for the private sector to partner with government and tertiary education institutions to develop relevant education programmes,” the company says.

In addition, the conflict between Russia and Ukraine continues to have a profound impact globally. State-mobilised hacktivism is also on the rise. Over the past year, hacktivism has evolved from social groups with fluid agendas (such as Anonymous) to state-backed groups that are more organised, structured, and sophisticated.

These groups have already attacked entities in the US, Germany, Italy, Norway, Finland, Poland, and Japan recently, and these ideological attacks will continue to grow in 2023.

Issam El Haddioui, head of security engineering, EMEA – Africa, at Check Point Software, says: "The frontier between the cyber world and our everyday lives has become vanishingly small and the impact of a cyber threat can have multiple faces.”

He says the impact will range from financial implications caused by ransomware attacks to the disruption of organisational profit flow, to the inability to bring goods and services to citizens. The cyber threat landscape is an evolving environment and therefore cyber security posture enhancement needs to be a continuous journey, with measures that need to be evaluated and adapted to new realities.”

According to Check Point, 2023 will also see more deepfakes being weaponised. “In October 2022, a deepfake of US President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely.”

The question, Check Point says, is was this a joke, or an attempt to influence the important US mid-term elections? “Deepfakes technology will be increasingly used to target and manipulate opinions, or to trick employees into giving up access credentials.”

For Kaspersky, ransomware will remain a major threat in 2023.

However, ransomware negotiations and payments will rely less on bitcoin as a transfer of value. “As sanctions on ransomware payments continue to be issued, the markets become more regulated, and technologies improve at tracking the flow and sources of Bitcoin (and sometimes clawing back conspicuous transactions), cybercrooks will rotate away from this cryptocurrency and toward other forms of value transfer.”

In addition, Kaspersky says ransomware groups will be less about financial gain, and more about destructive activity.

"As the geopolitical agenda increasingly occupies the attention not only of the public but also of cybercriminals, ransomware groups are expected to make demands for some form of political action instead of asking for ransom money.”

Marc Rivero, a senior security researcher at Kaspersky’s Global Research and Analysis Team, says Kaspersky is predicting two major scenes inside the ransomware landscape in the upcoming year.

“One of them will be the usage of destructive ransomware with the unique purpose of resource destruction and the impact of what we call ‘regional attacks’, where certain families only impact certain regions. For instance, the mobile malware landscape made a big evolution in Latin American region, bypassing the security methods applied to banks such as OTP and MFA. Malware-as-a-service is another important thing to observe as this kind of underground service is commonly observed around ransomware attacks impacting larger organisations,” he says.

Rivero says malware loaders are also set to become the hottest goods on the underground market.

Many threat actors have their own malware, but this isn’t enough. “Entire samples used to consist of ransomware alone. But when there are different types of modules in ransomware, it is easier for the threat to evade detection. As a result, attackers are now paying much more attention to downloaders and droppers, which can avoid detection,” says Rivero.

This has become a major commodity in the malware-as-a-service industry, and there are already favourites among cybercriminals on the dark wet, for example the Matanbunchus downloader. All in all, stealth execution and bypassing EDR's is what malicious loaders developers are going to focus on in 2023.