By Jaime Chanaga
As we enter 2023, predictions for what we’ll face in the new year are everywhere, from the economy to healthcare and beyond. The global cybersecurity community is no different. While some trends we saw in 2022 will continue, new attack trends will emerge and it is important that CISOs and organizations stay on top of the threat landscape.
Globally, digital transformation continues to disrupt as much as it delivers benefits. While it increased business efficiency and cost savings, the shift to flexible work models has resulted in multi-edge networks which are more vulnerable to attack.
Over the last few years, the frequency of all cyberattacks has increased, and the number of new variants associated with common attack vectors continues to grow. In the first half of 2022 alone, the number of new ransomware variants Fortinet identified increased by nearly 100 per cent over the previous six-month period thanks to the prevalence of ransomware-as-a-service (RaaS).
Researchers at FortiGuard Labs leverage a global network of sensors to track and study cybercrime and analyze what it means to your organization’s risk. As they look out to 2023, they noted critical threats all CISOs should be planning for.
Cybercriminals adopt more sophisticated methods: Cyber adversaries continue to rely on tried-and-true attack tactics that are easy to execute and deliver a quick payday. However, modes of attacks are converging, like pairing ransomware with wiperware to maximize damage and profits. It is paying off, as almost half of the organizations in a Fortinet survey opted to pay when faced with a ransomware attack. In the first half of 2021 alone, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) reported that organizations paid out almost $600 million USD in ransomware—on track to surpass the total payout over the last decade in less than a year.
In a new development, run-of-the-mill cybercriminals are adopting tactics usually only seen by Advanced Persistent Threat (APT) groups. APTs are often nation-states using innovative and advanced techniques to hack systems secretly. Once in, they camp out for an extended period for reconnaissance, using evasion techniques to bypass security, detection and controls. These APT-style attacks are on the rise as the modus operandi is adopted by more traditional cybercrime groups.
Cybercrime as a commodity: Given the success of RaaS, 2023 will likely see a growing number of attack vectors made available for sale as a service on the dark web. Expect that more turnkey, subscription-based offerings will be made available to cybercriminals of all skill levels, driving seasoned cybercriminals to building out their “as a service” attack portfolios to establish a simple and repeatable payday. In addition to selling ransomware and other Malware-as-a-Service offerings, we predict we’ll see new a-la-carte criminal solutions, including money laundering, Reconnaissance-as-a-Service, and the monetization of deep fake videos.
Wiperware evolves: In the first six months of 2022, Fortinet observed at least eight significant wiper variants—HermeticWiper, AcidRain, WhisperGate, CaddyWiper, IsaacWiper, DesertBlade, DoubleZero, and Industroyer.V2—that’s nearly as many variants detected in the past decade, with evidence it has spread to as many as 24 additional countries. 2023 should be no different as this malicious code is made more widely available through the developing malware ecosystem and is paired with other malware to exponentially increase destructive impacts.
While there is no quick fix to ensure your organization stays protected, there are steps you can take to minimize risks. One important development is the convergence of cybersecurity and networking or security-driven networking, which can ensure advanced security postures, maintain network performance, and offer the flexibility to meet changing business needs. Achieving convergence is best done through the consolidation and integration of your security products into a cybersecurity mesh platform that offers greater visibility and control as well as advanced detection and response capabilities.
Organizations can take steps to prevent APT-style intrusions through segmentation, which can prevent attacks from spreading and infiltrating unprotected devices. Secure your applications by adopting zero-trust network access (ZTNA) approaches and investing in behavioural-based detection powered by AI and machine learning to identify abnormalities. Paired with actionable threat intelligence and advanced endpoint detection and response (EDR), all the edges of your hybrid network can be secured.
Finally, do not feel like you must go it alone. Working in lockstep with your partners, seek out vendors to support your in-house security team. For example, companies can outsource Disaster Recovery Planning services, use digital risk protection services (DRPS) for external threat surface assessments, or to provide insights on current and imminent threats. Bringing in experts to support your security needs will mitigate the demands on your in-house team so they can stay focused on business deliverables.
Managing constantly evolving threats and new adversaries can seem daunting, especially when dealing with limited human resources or traditionally siloed security products. But knowledge is power. As the threat landscape in 2023 and beyond continues to evolve and take advantage of technology advancements, organizations must keep up. Only by understanding the nature of the threat outside can we adequately prepare to defend from the inside.
Jaime Chanaga is Field CISO for Canada, Latin America, and the Caribbean at Fortinet