Looking Back, Looking Forward - 4
From Securonixa leader in next-gen Security Information and Event Management (SIEM), some thoughts on cybersecurity in the new year
December 31, 2022: It’s that time of year again! After a tumultuous year that featured sustained economic volatility, global unrest, and increased cyber threats to information, operations, and controls, we wanted to process what we learned in 2022 and share our 2023 predictions. As we emerge from the pandemic and look ahead to what’s on the horizon, here’s what we believe we’ll see next year:
A growing number of attacks successfully bypass fundamental security technologies and defenses.
Building upon their efforts with LAPSU$$ and other high-profile attacks, malicious actors will successfully target and expose the shortcomings of various security technologies, such as MFA and zero trust, on a much greater scale. Attacks related to MFA bypass, including those specifically targeting Okta and other similar vendors, will increase. Any credentials obtained from such a breach will allow threat actors to launch attacks that seemingly originate from within an organization’s cloud ecosystem. Increased cloud migration, ease of use of cloud infrastructure, and greater availability of compromised credentials will enable attackers with historically small capacities to operate with advanced resources in 2023 and beyond.
Insider threats continue to evolve and increase in volume due to societal and organizational stressors.
Insider threats persist and will further evolve due to global, societal, and organizational stressors. Global economic prospects remain volatile in a post-pandemic world and there is increasing uncertainty within financial markets. Gallup’s Economic Confidence Index has fallen sharply since 2020 and research has shown that most Americans believe the country is currently in, or will soon enter, a recession.
These conditions will undoubtedly create a perfect storm in 2023, and stressors such as sustained inflation, an ongoing cost of living crisis, and the geopolitical threat landscape will weigh on individuals. As concerns about the future grow, individuals may look to relieve financial stress by perfidious means. This will primarily impact the Frontline Fraudster and Entitled Independent insider threat profiles, as they will take action to ensure their needs are supported. There will be an increase of insider incidents driven by psychosocial stressors – specifically with respect to sensitive data – because the perception of stalled growth tied to a downturn in the business cycle will cause the Ambitious Leader to find additional avenues for advancement. Individuals who voluntarily leave a role or seek opportunities with competitors may exfiltrate proprietary corporate data from their current organizations to improve their performance in a new organization.
Employers are also facing headwinds in a challenging macroeconomic environment and must make difficult decisions to ensure long-term profitability. This will lead to an increase in non-technical factors associated with insider threats that need to be reviewed and monitored in a continuous manner. The organizational restructures and workforce reductions permeating across industries and verticals may cause individuals to take proactive steps to protect themselves, even if their current organization has not undertaken cost-cutting measures yet. More acutely, organizations that have endured these reductions will likely become increasingly vulnerable to insider risk as individuals are subject to increased workload, concerns of financial stability, and organizational misalignment.
Rates of accidental insider risk will grow due to workforce fatigue and burnout.
Many organizations looking to reduce costs have issued salary or benefit cuts while simultaneously increasing workloads for their employees. The ramifications of these decisions will have the greatest impact on the already challenged Millennial and Gen-Z demographics, and surveys show that 80% of these workers are already searching for additional sources of income. When paired with financial stressors, fatigue and burnout can lead to emotional imbalance and prevent employees from maintaining their usual level of attention and care. This will increase instances of human error, such as clicking on malicious links or failing to adhere to security policies, and exacerbate the rate of accidental insider risk.
Increased use of adversarial machine learning.
The broad adoption of AI and statistical methods in defensive security use has forced threat actors to adapt and will usher in a new era of adversarial machine learning in 2023 and beyond. Attackers will increasingly deploy techniques to inject bad training data into online defensive learning systems, allowing for new attack techniques that avoid detection. Threat actors will also begin automating multi-step attack processes, such as account and service enumeration followed by lateral movement, to increase attack speed. This will begin with hardcoded logic and evolve into attack code that learns from the environment to make dynamic decisions autonomously. Organizations will increase their adversarial machine learning research budgets to counter this emerging threat, looking to build defensive AI that can thwart these methods.
More successful major cloud provider-level attacks.
There were several successful attacks and vulnerabilities recently discovered in major cloud provider environments, such as the Azure Service Fabric exploit and the Azure Cosmos DB vulnerability. The increasing concentration of data and assets in those environments, coupled with the breakneck pace of innovation from providers, will create the perfect scenario for high-impact breaches to occur. Organizations with a heavy cloud presence must prepare for scenarios where data is exposed or accessed from outside of their tier of responsibility. Data protection solutions, such as encryption and external key management systems, will be necessary steps to increase resiliency against these scenarios. Organizations should extensively monitor for abnormal behavior in their cloud infrastructure to compensate for the visibility challenges for threat detection in these cases.
More devastating ransomware attacks targeting cloud, containers, and other attack surfaces for bigger impact.
Ransomware attacks will continue to grow in volume and take advantage of the expanding attack surface. “Blended” attacks will increasingly move from on-premises to cloud environments due to the higher density of sensitive victim data, creating more opportunities for attackers to extort their victims and gain leverage as part of the ransom negotiations. Older ransomware families such as Lockbit, Revil, Blackbyte, and Conti will return with new TTPs and IOCs. New threat actors will either leverage existing infrastructure or use their own means to target essential service providers. These include healthcare organizations, medical establishments, governments, financial services, and other industries that are critical to the supply chain.
OT/IoT security will become a greater cross-sector priority.
While the OT-IT convergence presents an unprecedented potential for significant returns, it also increases the potential for damaging cyberattacks on systems that were previously isolated and harder to reach. Attacks are becoming more common because these systems – often consisting of critical infrastructures – are becoming more interconnected in a larger ecosystem. As cybersecurity continues to embrace a holistic approach, organizations, regardless of industry, will make OT/IoT security a much greater priority to defend against attacks. OT network information, including visibility and monitoring of assets and process control information from sensors and actuators, will deliver greater insights into how attacks are initiated and determine how deeply the infiltrator has penetrated the system.
Threat actors will continue to take advantage of micro- and macro-level trends to target their victims throughout the next year. New advanced campaigns will be deployed globally through both tried-and-true techniques and new approaches that have yet to be seen. While 2023 will present new challenges, organizations that secure coverage across their extended environments and the cloud will be more prepared.