The cybersecurity workload is expected to grow in 2023.
“The last few months have proven to be
as complex as ever – with new threats constantly emerging and malicious
actors continuing to use the same proven playbook for big payouts,”
said Candid Wüest, Acronis VP of Cyber Protection Research.
Rashish Pandey, VP, Marketing and Communications, Fortinet Asia agreed: "In 2023, cybercriminals will continue to use tried-and-true attack tactics, particularly those that are easy to execute and help them achieve a quick payday. In addition, we can also expect several new attack trends leveraging deepfakes, metaverse, Web 3, and mixed reality (MR) technologies to increase."
Some challenges for 2023 include:
A new level of strategy
 |
| Source: Trend Micro. Ng. |
"2023 will see enterprises veer away from a point solution approach to security, to a long overdue shift to a more holistic cybersecurity strategy. This is underpinned by the existing need for greater visibility across the increasing attack surface spreading across various environments, networks, and operating systems," said David Ng, Country Manager, Singapore, Trend Micro.
"In 2022, organisations in Southeast Asia claimed to have just 62% visibility of their attack surface. Respondents also admitted that they had too few resources or limited capabilities to manage and understand cyber risks. The good news is that organisations are now steering away from point solutions that are overconsuming resources."
Identity as a target
"Identity will be the top threat vector in 2023 and identity providers will play a critical role in helping to protect user credentials," said Michael Rogers, VP, global business development, channel and alliances, CrowdStrike.
"Threat actors know that they can take advantage of the growing remote workforce to steal credentials and infiltrate organisations. The ability to protect these identity-based attacks will require an identity protection solution that integrates with identity providers, so that organisations can handle the complexities of storing and authenticating identities."
"Throughout 2022, we have seen an increase in identity-based attacks and development of sophisticated file-less techniques bypassing traditional multifactor authentication (MFA) defenses. And it’s not just stolen credentials, as pass-the-cookie, golden-SAML, and even social engineering with MFA fatigue add to the ever growing ways to compromise an identity," elaborated Michael Sentonas, CTO, CrowdStrike.
"In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure, or exfiltrate critical data from Azure, GCP, or AWS public cloud infrastructure."
SAML stands for Security Assertion Markup Language, and golden-SAML is an attack technique. GCP refers to the Google Cloud Platform.
Metaverse vulnerabilities
The attack surface has grown because of the metaverse, added Fortinet. Fortinet's FortiGuard Labs highlighted the risks of maintaining virtual cities and virtual worlds. "While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in uncharted territory. For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers," FortiGuard researchers said.
"Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, non-fungible tokens (NFTs), and any currencies used to transact (this phenomenon offers) threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the augmented reality (AR) and virtual reality (VR)-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes.
"In addition, the applications, protocols, and transactions within these environments are all also possible targets for adversaries. Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation."
Tony Jarvis, Director of Enterprise Security, Darktrace, Asia Pacific & Japan, also highlighted the fading fortunes for MFA. "Once considered a ‘silver bullet’ in the fight against credential stuffing, it hasn’t taken attackers long to find and exploit weaknesses in MFA and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a standalone ‘set and forget’ solution," he said.
Credential stuffing refers to the practice of using stolen credentials like email addresses and passwords to gain access into a system.
Critical infrastructure becomes increasingly attractive
Righard Zwienenberg, Senior Research Fellow at ESET, said that 2023 will see more nation state attacks. "Cybercriminals will be going more to countries and critical infrastructure," he said, warning that the definition of critical infrastructure can even include large companies and government agencies. "(It's) not just power plants and airplanes," he said. "They could attack welfare organisations. If you cut that, there's no income from the state."
 |
| Source: Group-IB. Volkov. |
"We expect to see more attacks carried out by nation-state threat actors and financially-motivated adversaries on the operational technology/critical information infrastructure (OT/CII) sector. Telecommunications companies could serve as a staging area for further attacks on supply chains and allow attackers to reach specific organisations and individual users.
"Supply chain security should be the top consideration for CII, telecom, and financial companies’ security teams. The good news is that there are technologies capable to address these ever-evolving cyber risks.
Yaniv Vardi, CEO, Claroty, explained that a number of trends are affecting the world of cyberphysical systems (CPS), leading to interconnections that affect CII and beyond: "We’ll see the consolidation of solutions on the market with more M&A activity, considering the economic recession and the market needs, as larger companies scoop up smaller providers that are focused on specific verticals or use cases," he said.
"Digital transformation as well as recent events, such as COVID and the economic recession, will accelerate connectivity and the convergence of operational technology (OT) and IT systems, with more IoT assets coming into the mix as well, while companies are focusing on being more productive and competitive in this environment.
"This in turn goes along with closer integrations between industries that were previously isolated from one another. For example, hospitals focused on securing medical devices will need to broaden their focus to cover building management systems (BMS) as they begin to realise that the operability of elevators and HVAC systems can have an even greater impact on patient care than infusion pumps or MRI machines.
"The combination of all these trends will cause security vendors and their partners to expand their tech stacks, in order to be more compatible and reduce inefficiencies. As their customers’ networks and attack surfaces expand, vendors and partners will also need to extend their capabilities and services across these converged networks."
Vardi also highlighted that closer collaboration between the government and the private sector on cybersecurity, is expected as "CPS security has become inextricably linked to geopolitical and economic stability". "Manufacturers will be stepping up in providing deeper levels of transparency and security (e.g. software bill of materials [SBOM]) and we can expect them to take more ownership in protecting their product lines," he said.
The Trend Micro report highlights managed service providers (MSPs) in particular when it comes to supply chains. According to the report, MSPs will be prized by cybercriminals because they offer access to a large volume of downstream customers, thereby maximising the ROI of a cyberattack.
Patchy cloud cover
Cloud adoption is providing cybercriminals with new opportunities via irregularly-patched vulnerabilities, said Dan Garcia, CISO, EDB. "Though both hybrid and multicloud approaches offer greater options for accessibility and workload offsetting, these environments can also widen security gaps," he said.
"To offset the risk of these vulnerabilities, enterprises will need to deepen their employee education and training. Organisations that cannot safely scale in the cloud with in-house resources should partner with dependable third parties who possess proven experience in privacy, security, and cloud deployments. Lastly, the popularity and adoption of open source databases such as Postgres will continue to rise, selected for regular security and bug fixes and a rich community of members publicly optimising the code to mitigate security threats."
Ng of Trend Micro also highlighted the dangers of cloud computing. "In (2023), we will see attackers take advantage of application and service vulnerabilities – for both internal and external services – as enterprises may not be on top of patching their vulnerabilities. Therefore, security professionals will need to be proactive in watching out for new attack surfaces," he said.
"One example of this is the cloud application programming interface (APIs) on connected cars. In early 2022, a teen hacker gained control of more than 25 Tesla cars remotely in an experiment, exposing the importance of API tokens to vehicle security. Connected cars are a treasure trove of data and as a result, a high-value target for attackers. Spotting vulnerabilities in the cloud APIs of new attack surfaces will be a challenge that one will need to brace themselves for in 2023."
Sentonas highlighted APIs as being a priority target in 2023. "With the proliferation and use of SaaS applications, API usage has grown exponentially year-over-year, and, as with any growth area, the associated risk is also increasing," he said.
"APIs connect critical data and services that drive today's digital innovation. As a result, APIs have proven an extremely valuable target for cyber criminals. It is imperative for security teams to have thorough understanding and clear visibility into their full attack surface. This surface includes all APIs in your environment, including undocumented (shadow) APIs as well as unused/deprecated APIs that have not been disabled. On the heels of several recent high-profile API-related incidents – the trend is expected to accelerate into 2023."
 |
| Source: F5. Backer. |
Shadow APIs, said Shahnawaz Backer, Senior Solution Architect, Asia Pacific, China and Japan, F5, could be the cause of a major breach. Like shadow IT, shadow APIs are used in businesses but without the IT department's knowledge, so they are not subject to corporate governance and security measures.
"In 2022, we saw a glimpse of what misconfigured or unknown APIs, better known as shadow APIs, can do to enterprises. There has been recent research showing about 5 billion malicious transactions observed in the first half of 2022 targeting shadow APIs," Backer said.
"With the rapid proliferation of APIs, new vulnerabilities and misconfigurations (emerge) - which proves why there is a strong need to identify and secure shadow APIs. This can be done through building a comprehensive inventory of all known APIs, their endpoints and expected operations. The security loophole can then be further closed by utilising a machine learning platform ...to periodically scan and analyse data, ensuring API inventory is as up to date as possible."
Quantum smarts
 |
| Source: Entrust. Cook. |
"In 2023 and beyond, quantum computers will pose an inevitable threat to digital security. The world is soon entering an era where the available computing power can and will break conventional cryptography," warned James Cook, VP, Digital Security Solutions, Entrust APAC.
"This migration to quantum-safe algorithms requires more than time and effort. It requires detailed and careful work that requires specific skills. Coupled with the cybersecurity manpower crunch, organisations need to prepare for challenges as they navigate the post-quantum world."
Everything changes in a post-quantum world. Cook said organisations will need to assess their inventory and cryptographic assets, re-examine their key public key infrastructure and digital identity framework, as well as review their governance against best practices and compliance computing.
Lack of human resources
"As organisations, especially those in tech sectors, look to optimise and recalibrate their workforce, we continue to see a major shortage of skilled talents in the cybersecurity space. This is alarming as businesses are at risk and is vulnerable as cybercrimes become more organised and lucrative," said Chua Chee Pin, Area VP of ASEAN, Hong Kong, Korea, Japan and Taiwan, Commvault."Talents that understand the intertwined nature of data management and security in 2023 will be most sought-after as organisations seek people with the right data skills to build backup and recovery architecture and set compliance and governance policies to better manage, protect and recover their data."
Explore Security in 2023:
Mitigation
No comments:
Post a Comment