Increase in cyberattacks in the home office, software supply chain and cloud.
What will happen in 2023? It remains to be seen whether the companies’ forecasts will come true. The editorial team recommends taking a close look at who is making the predictions. Self-interest could influence the trend compass – ;-).
Episode 15: Trend Micro
According to security researchers at Trend Micro, VPNs in particular are an attractive target for cybercriminals. This is because several corporate networks can be attacked at once with the breach of a single solution. Home devices such as routers are also easily targeted because they are often unpatched and not managed by a central IT department.
In addition to the threat to hybrid workforces, IT security managers should pay particular attention in 2023:
A growing threat comes from supply chain attacks on managed service providers (MSPs). Through them, threat actors gain access to a larger number of customers and can further increase the penetrating power of ransomware, data theft and other types of attacks.
For cybercriminal groups targeting cloud infrastructures, “living off the cloud” techniques represent a way to hide from conventional security solutions. For example, an existing backup solution can be misappropriated to store stolen data on a different location in the attackers’ cloud.
Connected cars will also increasingly become the target of cyber attacks in 2023. This will happen, for example, via cloud APIs that lie between the permanently installed SIMs in the vehicle (eSIMs) and the application servers in the back end. In a worst-case scenario (such as the successful hacking of the Tesla API in early 2022), a successful cyberattack gives threat actors access to the entire vehicle. Malware lurking in open source repositories also poses a threat to connected vehicles and the automotive industry.
Ransomware-as-a-service (RaaS) groups will rethink their business model as the penetrating power of double-extortion attacks wanes. Security forecasters predict that a portion of the players will focus on the cloud in the future, while another portion will turn its back on ransomware altogether in order to make money via other forms of extortion, such as data theft.
Social engineering attacks are becoming even more successful with Business Email Compromise (BEC)-as-a-Service and the increasing use of deepfakes.