In 2021, the average number of global cyberattacks increased by 15.1%. In 2022, it was predicted that the cost of cybercrime would be projected to hit $8 trillion dollars in the next year.
With 2023 now in full swing, the cybersecurity world must contend with an altered threatscape that continues to evolve in complexity and scope. Developments in the cybersecurity and technology sphere, such as the rise of generative AI models, are watched with interest by cybercriminals looking to elevate their own operations. Businesses and organizations must plan for resiliency in the face of these ever-present, increasingly sophisticated cyberattacks.
68% of business leaders feel that cybersecurity risks are getting worse. As the world becomes more interconnected and digitalized, more bad actors are introduced to the hacking scene, increasing the overall risk of being targeted. Attacks are increasingly being perpetrated not just by lone hackers or small groups, but also by large, established criminal organizations. These criminal networks use practices such as ransomware and illegal data selling as their business model, extracting money from businesses of all sizes, often while damaging their reputation among consumers.
It is critical for businesses and their IT teams to keep on top of these attack trends. Knowing what new methods hackers are using & the types of attacks that are increasing in volume helps teams to prepare for and mitigate the risk of a data breach or malware intrusion. These are some of the top attack trends to watch out for in 2023:
Attacks on 5G Devices
The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure and usage becomes more common, you can expect this to be a high-attack area.
One vulnerability is 5G-specific hardware, used in routers, mobile devices, PC, and other devices. New technologies are bound to have some code vulnerabilities as kinks are ironed out - these vulnerabilities are exactly what hackers are looking to exploit. You can prepare by being aware of the firmware security in the devices you buy. Some manufacturers will build better firmware security into their designs than others. Make sure to clarify about this when purchasing new devices, and ask what update services they offer to ensure the latest security patches will be put into place.
One-time Password (OTP) Bypass
This alarming new trend is designed to get past one of the best forms of account security: multi-factor authentication (MFA). MFA is well-known as an effective preventative for fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password, due to its nature of requiring an external sign-in device..
However, hackers have discovered many ways to try and bypass MFA. These include:
Reusing a token: Gaining access to a recent user OTP and trying to reuse it
Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
Leaked token: Using an OTP token leaked through a web application.
Password reset function: A hacker uses phishing to fool the user into resetting a password. They then trick them into handing over their OTP via text or email.
Attacks Surrounding World Events
During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams, typically because they are already distracted by the crisis and may be desperate for a way to improve their situation. It is critical to be mindful of scams surrounding events like these, as cyberattacks will often use social engineering tactics to play on the receiver's emotions. This can fool even people who generally keep cybersecurity in mind. Should a phishing attack strike one of your employees, for example, the damage can spread to other employees and systems in the blink of an eye.
"Smishing" & Mobile Device Attacks
Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cybercriminals. Watch for more mobile device-based attacks, including SMS-based phishing (i.e. “smishing”).
Many people have become familiar with spam texts to their cell phones, attempting to "inform" them of breached accounts or leaked banking details. While many have wised up to this tactic, some of these fake texts can look very convincing, posing as things like innocuous shipping notices or receipts. Savvy spammers will often target individuals within a company with texts appearing to be from a supervisor or coworker. One accidental click can be all it takes for an account compromise or data breach.
Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile anti-malware, as well as other protections on your devices, such as a DNS filter. This extends to workplace-issued devices.
Elevated Phishing Using AI & Machine Learning
These days, phishing emails can be difficult to spot. Long gone are the days when nearly all phishing emails contained spelling errors or grainy images, making them easy to distinguish from the real thing. While some still bear these characteristics, modern phishing emails can look nearly identical to official publications, managing to slip past security filters. AI and machine learning assist criminals in creating these fakes. Practices such as credential scraping and automatic personalization assist in sending out targeted phishing messages, which increase the likelihood of an interaction. This leads to stolen logins, bank details, and more.
Video deepfakes and voice synthesizers are also of particular concern when it comes to the practice of social engineering. A voice synthesizer could be easily used to impersonate a coworker or official, demanding access sensitive data or systems. While still in comparatively primitive stages, these generative programs are rapidly advancing with the help of artificial intelligence. It is critical to add them to your security plan proactively as they improve and become harder and harder to distinguish from real life video and voice recordings.
Your Managed Services Provider
Despite the many forms of cyberattacks projected to increase in 2023, there are ways for your business to combat hackers and keep your operations monitored and secured.
Contact Twenty20 Solutions today to learn more about our solutions in the Managed It and cybersecurity space and how we can assist you with your business.
Article modified and used with permission from The Technology Press.