By Brad Liggett, Technical Director, Americas for Cybersixgill
Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. The year promises a “Spy vs. Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies.
Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals. In those same technologies they find new breach pathways and targets, and more sophisticated intrusion techniques.
The result can be a cat-and-mouse game in which we run in circles without either actually getting ahead.
For cyber professionals, awareness is the first and perhaps most important step toward breaking out of this cycle. While predictions are always risky – perhaps even more so in the unpredictable digital realm – we can gird ourselves against the coming year by looking at what’s happening now, knowing our adversaries will be sure to step up their game.
We see these three cyber trends looming in 2023:
- Advanced Persistent Threat (APT) software will level the playing field between less-experienced, profit-driven cybercriminals and more politically motivated state-backed groups. As a result, these disparate perpetrators will work together, irrespective of where they’re located, as supporting governments look the other way.Even as nation-state-supported groups launch APT attacks on their governments’ behalf – such as the China-baked APT5’s recently discovered exploit of a Citrix application – we’re seeing software for sale on the dark web that gives lone wolf and profit-driven groups similar capabilities. We call these threat actors “Quasi-APTs.”
How to prepare: CISOs must be more vigilant than ever before, and make sure their organizations can track, monitor, and remediate threats from multiple points, around the clock. These threats aren’t coming only from state-sponsored APT groups anymore, but also from your garden-variety dark web actor or Anonymous chapter.
Automated threat intelligence and robust vulnerability management programs are now more critical than ever for enterprises. As your technologies proliferate so, too, do your endpoints, each a potential avenue for breach – and they may number in the thousands. Without automation, continuously protecting them all will be impossible.
- Artificial Intelligence (AI) will play an increasingly important role on both sides, as threat actors use malicious AI and enterprises employ the technology to proactively find and preemptively eliminate threats.
Everyone’s talking about ChatGPT, the OpenAI chatbot that can “speak” with users intelligently – answering questions, admitting mistakes and correcting itself, rejecting inappropriate requests, and more. It’s an exciting advance for enterprises wanting to use AI to better serve customers – and it’s most likely exciting for cybercriminals, as well.
Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. The emails don’t have the usual spelling, grammar, and syntax errors that today’s phishing messages composed by non-native-English speakers tend to contain – errors that serve as a tip-off to recipients.
Likewise, this technology could make misinformation and disinformation that much more credible, writing articles and posts using persuasive techniques pretty much reserved for humans now.
How to prepare: Governments and enterprise organizations will need to use natural language processing and AI to shift to a more proactive approach to cybersecurity. Automation using AI will play an essential role. By listening in on chatter among threat actors, AI can determine which threats are most likely to materialize, and send defense and response resources to where they’re needed, before they’re needed.
- The use of “wiper” malware will proliferate, erasing data from government and critical infrastructure systems as well as mobile phones.
Originally intended to help companies erase data from company devices – a security technology – wiper software has morphed into wiper malware.
We’re seeing an increase in dark-web chatter about planting malware in Android marketplaces, including the use of “wiper” malware that erases data.
Many federal agencies already use Android phones, and will need to up their vigilance against this devastating tool.
The “NotPetya” attack of 2017 – the most financially damaging cyberattack in history – and the 2018 “Olympic Destroyer” attack, which took down the entire technology system of the Winter Olympics in Seoul, South Korea, used wiper malware.
These attacks, both attributed to cybercriminals in Russia, almost certainly weren’t motivated by money, since the attackers didn’t deploy ransomware or demand pay. This emerging tactic warrants the attention of not only governments but critical infrastructure providers, as well, and possibly even individuals as criminals move to wiping clean mobile phones.
The good, the bad, and the ugly
As the new year progresses, it’s important to remember that pretty much everything has a good side and a bad side. Technology offers many upsides, including helping us to work and live more efficiently and securely. But cybercriminals pay attention to technological trends perhaps even more closely than most. When one catches on, they’ll be there, hoping to cash in.
If these predictions – based on information gleaned from our observations in the areas of the internet most can’t see – tell us anything, it’s this: in 2023, businesses will need to work harder to stay ahead of cybercrime. Old, reactive paradigms won’t do, not anymore, and we all know what happens when you run in circles: you go nowhere.