The year ahead is shaping up to be a period of uncertainty for both cybercriminals and defenders, who will move forward with caution in the face of a business landscape that’s fraught with security blindsides and economic ebbs and flows. For decision-makers, 2023 provides an opportunity to reevaluate their security playbooks and shine a light on the overlooked areas of their cybersecurity infrastructure. As more businesses strive to accommodate a more distributed workforce, security teams will have to contend with limited visibility over an ever-increasing enterprise perimeter and oft-neglected attack surfaces like open-source software that could enable potential cyberattacks. Enterprises will also make inroads in their digital transformations thanks to innovation drivers like artificial intelligence (AI), 5G connectivity, and cloud-based tools, but struggle with implementation woes and a lack of top talent to secure these new technologies.
Threats will also continue to mount against enterprises, with malicious actors working to stay ahead of the game by capitalising on outdated protocols, vulnerabilities in internet-facing devices, and overworked security teams. Some attackers will set their sights on big-game targets like automobiles via the cloud applications connected cars use; others will want to turn a profit from data monetisation schemes. While there are cybercriminals that plan to ride out the uncertainties of 2023 with a return to time-tested methods like social engineering-based attacks, those in ransomware circles may branch out to entirely new business models instead.
In this blog entry, we discuss select predictions and major developments in various security fronts that the coming year may have in store:
Cybercriminals are poised to pounce on cloud adopters’ missteps
As more companies work towards incorporating cloud tools to their operations, we foresee more malicious actors taking full advantage of user-side misconfigurations and implementation inconsistencies to get a foothold into enterprise systems. In the offing to 2023, we anticipate these application challenges to be borne out of companies that are struggling to oversee the many cloud vendors and assets that collectively make up their enterprise cloud environments. Specifically, enterprises should be on the lookout for any security blind spots in attack surfaces like cloud application programming interfaces (APIs). Commonly used in many of today’s connected cars, these APIs are bound to become targeted by criminals that will be drawn to smart cars, which make for high-value targets.
Cybersecurity manpower and vertical regulations will be needed to secure smart factories
In the year ahead, we expect companies to pour more resources into technologies like 5G and AI that can help facilitate their transition to the industrial internet of things (IIoT). However, a cybersecurity skills shortage will make it difficult for their understaffed security teams to manage multiple connected factories, on top of the integration of these new technologies and how these will further facilitate the convergence between IT and OT systems. Enterprises will have to look out for IT-based attacks that will inadvertently impact OT systems connected to IT networks, but on the upside, we also foresee a growing demand for more vertical regulations for OT systems: expect to see a crop of both industry-wide and government-imposed mandates that will lead to more highly regulated OT infrastructures in 2023.
Bad actors will be lurking in the blockchain
Public interest in non-fungible tokens (NFTs) and the metaverse will be stuck in the doldrums, but other blockchain-powered virtual assets, such as cryptocurrency, will continue to pique the interest of both users and malicious actors looking to move with freedom and anonymity. While the likes of Monero will continue to be widely used for fund transfers, a fear of fluctuations in cryptocurrency markets will prompt end users to cash out quickly to fiat currencies — a trend that will drive a surge in money laundering schemes in 2023.
Social engineering lures are getting an upgrade
During this period of transition, internet fraudsters will turn to attacks that have a proven track record and bank on methods that prey on human fallibility. In 2023, we'll see more polished iterations of social engineering-based attacks like business email compromise (BEC) schemes and romance scams, which bad actors will have integrated with modern tools. Additionally, we anticipate that cybercriminals will take a special interest in emerging technologies like deepfakes, whose wealth of potential applications promises to make their future impersonation and identity theft scams even more highly targeted.
The ransomware arena will be thrown in flux
Not all cybercriminals can afford to rely on tried and tested avenues: Lawmakers and well-armed security teams will loom large over ransomware operators, who must continue to evolve if they are to stay relevant and avert further hits to their bottom line. Data will remain a valuable commodity, so some ransomware actors will opt to monetise data directly by scouring their victim’s systems for information they can sell off. Others may choose to move past the ransomware business model altogether and instead dedicate themselves fully to extortion schemes in which they would retain largely the same attacks but without a ransomware payload.
Steering clear of cyber risks
More enterprises will seek to fortify their security posture with unified platform solutions, but these companies will need to ready themselves with a proactive cybersecurity strategy that can minimise risks across multiple attack surfaces as their security teams face off against threats both known and unknown. To learn more about the perspectives and insights from our security experts on what’s to come in 2023 and their recommendations for circumventing upcoming threats, read our full report, “Future/Tense: Trend Micro Security Predictions for 2023.”