As we head into 2023, there is no question that cloud cybersecurity threats will continue to multiply. The cybercrime wave that began with the onset of the pandemic remains an existential problem, and the technologies and tactics employed by today’s cybercriminal enterprises continue to evolve at an explosive rate. Now is a good time to survey the dangers on the horizon.
A helpful way to think about the threat of cyberattack today is to remember that the criminal organizations who practice this dark art are no longer gangs. They are now big businesses. They operate out of high-rise offices, not basements. In many cases, they are shockingly well equipped thanks to sponsorship by rogue states.
In short: Cybersecurity threats in 2023 are complex and formidable, and a recent study concluded that the cloud will be one of the top three threat vectors as the year unfolds. Here are some of the worst threats we should prepare for.
- Increased Ransomware Attacks
There were more than 235 million ransomware attacks worldwide in the first half of 2022. While the situation barely improved in Q3, anecdotal evidence suggests that things could get worse in the year ahead. The bad actors are getting better and better at finding ways to plant malware on a network, encrypt all of the data, paralyze an organization of any size, and successfully demand money to restore access.These ransomware perpetrators have been professionalizing their operations and learning ways to hit higher-value targets. At the same time, the nations responsible for much of the rise in ransomware attacks—Russia, China, North Korea, and Iran—are not expected to relent in their efforts to steal billions of dollars while gaining global leverage by causing chaos.
Meanwhile, the persistent global supply-chain problem will open doors for targeted ransomware campaigns, as cybercriminals create messaging designed to hook employees desperate to solve procurement problems.
On a related note, the global semiconductor shortage might play a role in corporate cybersecurity if companies in need of computing power choose to cut cybersecurity expenses.
- Smarter Distributed Denial of Service (DDoS) Attacks
To review: A Denial of Service (DoS) attack targets your network by bombarding you with requests that overwhelm and exhaust your resources, thus denying legitimate users access. In a Distributed Denial of Service (DDoS) operation, the attacker infects and hijacks dozens or hundreds of websites and devices, including Internet of Things (IoT) devices, to create a monster “botnet” that attacks your network from uncountable directions.The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a recent report recommending that your organization takes steps to protect yourself from this type of attack. This comes in the wake of an alarming uptick in DDoS attacks.
Last year we saw the all-time highest number of DDoS attacks worldwide, attributed largely to the proliferation of unsecured devices employed by the remote workforce. According to GovTech, there were 60% more malicious DDoS events in the first half of 2022 than during all of 2021. DDoS attacks are projected to rise to 15.4 million per year by next year. Over that period, the number of “smart” or advanced attacks showed a deeply concerning growth of 81% over Q4 2021.
- More Sophisticated Phishing Attacks
In 2023, the oldest trick in the cybercrime book remains effective, bolstered by new strategies. Phishing attacks use what cybersecurity professionals refer to as “social engineering,” which usually manifests simply as emails that persuade your employees to hand over data including passwords or financial information, or to get them to download a file containing malware. Cybersecurity is still an arms race, and phishing schemes continue to proliferate and become more sophisticated. Over the past 18 months, phishing attacks against European and US-based businesses from Russia alone have increased eight-fold. And we know the Russians are not the only bad actors in this realm. Because many of the basic phishing tactics have already been tried and organizations have learned to repel them, attacks have become even more creative, and will continue to evolve perniciously. - Expanded Threat Surface
Over the past several years, as remote workers in home offices (and coffee shops) unintentionally but effectively took control of their devices away from security administrators, every organization’s vulnerability to cyberattack grew precipitously. The simultaneous spike in cloud adoption again grew the threat surface. Consequently, forms of spear phishing, social engineering fraud, ransomware attacks, and other forms of data theft and malicious behavior become increasingly prevalent. This will continue to be of considerable importance in 2023. - Threats from Emerging Technologies
If you are losing sleep worrying that cybercriminals could be targeting your organization with artificial intelligence, I need to tell you that is a fact. Using AI, cybercriminals can manipulate datasets to craft scenarios that avoid raising suspicion while infiltrating your network. Although the current version of this threat has not been seen until recently, professional cybersecurity service providers have learned to defend against it. Complicating matters, if your organization has made the move to the cloud, and is taking advantage of new technologies including the Internet of Things, this increases your vulnerability. Again, this is a new but known threat. No need to stay awake at night, but please do what you need to do to protect yourself and your organization.
I hope you found this information helpful. As always, contact us anytime about your technology needs.
Until next time,
Tim