Threat Predictions for 2023: New Attack Surfaces and Threats Emerge as Cybercrime Expands

Jonas Walker, Security Strategist, Fortinet

By: Jonas Walker, Security Strategist, Fortinet

While “less is more” may be the strategy behind consolidating networks and security, “more is more” seems to be the mantra cybercriminals continue to live by.

And as we look at our threat predictions for 2023 and beyond, there is “more” at every turn. As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction.

As a result, the most troubling trend we’ve observed across the cyber landscape this year that we anticipate will continue into the future­—is that threats of all kinds are becoming increasingly ubiquitous.

From Ransomware-as-a-Service (RaaS) to new attacks on nontraditional targets like edge devices and virtual cities, the growing volume and variety of increasingly sophisticated cyberthreats will surely keep security teams on their toes in 2023 and beyond.

How Our 2022 Predictions Fared (and will Evolve)

Last year we made numerous predictions about how the threat landscape would evolve—from attackers spending more effort on pre-attack activities to an increasing number of attack attempts impacting Operational Technology (OT). Unfortunately, many of those predictions did show promise. Let’s look at what is coming up to help CISOs and security leaders prepare in advance.

New Threat Trends in 2023 and Beyond

It’s not surprising that cyber adversaries will continue to rely on tried-and-true attack tactics, particularly those that are easy to execute and help them achieve a quick payday. However, FortiGuard Labs predicts that several distinct new attack trends will emerge in 2023.

Here’s a glimpse of several attack developments we’ll be watching for in the next year:

The Explosive Growth of CaaS: Given cybercriminals’ success with RaaS, we predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service offerings, we’ll also start to see new a-la-carte criminal solutions.

Money Laundering Meets Machine Learning: We also expect that money laundering will get a boost from automation. Setting up money mule recruitment campaigns has historically been a time-consuming process. We anticipate that cybercriminals will start using machine learning (ML) for recruitment targeting, helping them to identify potential mules better while reducing the time it takes to find these recruits. Over the longer term, we expect that Money Laundering-as-a-Service (LaaS) is also on the horizon, which could quickly become part of the growing CaaS portfolio.

Deep Web Destinations Welcome a Wave Cybercrime: And while newer online destinations like virtual cities that take advantage of augmented reality (AR), virtual reality (VR), and mixed reality (MR) technologies open a world of possibilities for users, they also open the door to an unprecedented increase in cybercrime. From virtual goods and assets that can easily be stolen to potential biometric hacking, we expect this attack surface will result in a new wave of cybercrime.

Wipers Become Rampant: We’ve already witnessed the alarming growth in the prevalence of wiper malware, but we don’t expect attackers to stop there. Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today.

Protecting Your Organization Against the Evolving Threat Landscape

While keeping up with the volume and velocity of threats can often feel like an uphill battle, the good news is that most of the tactics they’re using to execute these attacks are familiar, which better positions security teams to protect against them.

Understanding the lifecycle of an attack can go a long way in helping you protect your networks—the MITRE ATT&CK framework is an excellent resource. Implementing network segmentation is also critical in protecting your organization against cybercriminals. Segmentation improves security by preventing attacks from spreading across a network and infiltrating unprotected devices. In the event of an attack, segmentation also ensures that malware can’t spread into your other systems.

“Consolidation and integration into a single cybersecurity platform is crucial, especially considering the increasing ubiquity of all types of threats today, no matter your industry or the size of your organization.”

Yet the most important action you can take to enhance your organization’s security posture is to adopt a broad, integrated, and automated cybersecurity mesh platform. Cybersecurity defenses have traditionally been deployed one solution at a time, usually in response to an emerging challenge. But a collection of point solutions simply doesn’t work in today’s growing threat landscape. Consolidation and integration into a single cybersecurity platform is crucial, especially considering the increasing ubiquity of all types of threats today, no matter the industry or the size of an organization.

Using an inline sandbox service is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.

Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and to help gain contextual insights on current and imminent threats before an attack takes place.

Editor