Five cyber threats to watch out for in 2023

As the economy digitizes at a rapid pace and information systems become increasingly complex, cybercriminals are exploiting a growing number of vulnerabilities, despite advances in cybersecurity solutions. Here’s a closer look at the top trends to watch out for when it comes to cyber threats.

• Ransomware: the rise of triple extortion

The ransomware threat is as present as ever, as the attacks are becoming more complex and sophisticated. « We’re seeing the rise of double and even triple extortion. To force ransomware victims to pay the ransom, hackers encrypt the data and threaten to sell it on the dark web (this is double extortion). Triple extortion is when the victim company is pressured into launching a DDoS attack against its website(s), » said Maxime Clay, Senior Solutions Engineer at Acronis.

In addition, most ransomware is opening up to MacOS and Linux operating systems, as well as to cloud environments, and not just to Windows systems, which were the main target of these attacks until now. Moreover, new programming languages, such as Go and Rust, are becoming more widespread and require adjustments to analysis tools.

« The number of attacks continues to grow, knowing that they remain lucrative especially when cyber insurance policies partially cover the losses. Whenever possible, attackers will want to uninstall security tools, remove backups, and disable disaster recovery plans. To do this, they will willingly use ‘living off the land’ techniques, » explains Samy Reguieg, Regional Manager France for Acronis. In « living off the land » attacks, cybercriminals use the victim company’s technological resources against itself.

• MFA and IAM: the pressure is mounting

Multi-factor authentication (MFA) and Identity Access Management (IAM) solutions are in the crosshairs of cybercriminals. « We are already seeing multiple attempts to steal or bypass multifactor authentication (MFA) tokens. The desire to overwhelm targets with requests, in the case of so-called ‘MFA fatigue’ attacks, can also lead to the establishment of connections without there even being a prior vulnerability, » says Samy Reguieg.

MFA fatigue attacks fall into the category of social engineering. Hackers repeatedly send MFA requests to a user. « Fed up with this flood of requests to their smartphone, the user eventually disables the MFA function, thinking it’s not working properly. Or they fall into the trap set by the cybercriminal who poses as a member of the support department, and gives them the code to access their account, » adds Maxime Clay.

This is in addition to the problems posed by weak or reused passwords. Recent attacks on Okta, Twilio, and Uber have also demonstrated that external services can be compromised. « It is therefore extremely important to understand how the authentication mechanisms in place work and who has access to what data, » notes Maxime Clay.

• Phishing: beyond emails

Malicious emails and phishing attacks still number in the millions. Attackers will continue to use illegally obtained data to customize and automate attacks. « Social engineering scams, such as Business Email Compromise (BEC) attacks, i.e. President Fraud, will expand to other messaging services, text messages, Slack, Teams chats, to fool filtering and detection mechanisms, » says Maxime Clay.

As for phishing attacks, they will continue to use proxies to capture session tokens, steal MFA tokens, and use QR codes as a diversion to move forward in disguise.

This evolution of phishing attacks should be viewed in conjunction with another phenomenon: large-scale data compromise. « Malware used to steal data, such as Racoon and Redline, is becoming the norm. Often, credentials are stolen and sold to perpetrate new attacks via initial attack brokers. This large-scale, high-volume data theft, these millions of phone numbers or email addresses, are then used for phishing mailings, » adds Maxime Clay.

• Browser-based attacks: beware of extensions

Attacks from or through the browser will increasingly propagate during sessions. « We are seeing deceptive browser extensions that swap transaction recipients or steal passwords in the background. Some cybercriminals are hacking into the source code of these tools to add backdoors via the GitHub repository, » notes Samy Reguieg.

« Websites will also continue to track users with JavaScript tracking scripts and share HTTP session IDs with marketing services. Formjacking / Magecart techniques will also become more common with the addition of small snippets designed to suck all the information out of the original website. In the context of serverless computing, it will be even more complicated to analyze such attacks, » comments Samy Reguieg.

• The omnipresence of AI

Artificial intelligence and machine learning algorithms will soon be used by companies of all sizes and in all sectors. « Advanced techniques for creating synthetic data will facilitate identity fraud and disinformation campaigns based on falsely credible content will become more common, » explains Samy Reguieg.

Even more worrisome will be direct attacks on AI and ML models aimed at exploiting model weaknesses, deliberately skewing data or using alert triggers to drown out IT operations. « Imagine a piece of malware that could learn over time, using AI. If it is detected by antivirus software, it could determine what caused its detection and understand how to thwart it by modifying its behavior or computer code, for example, » concludes Samy Reguieg.