Trends Episode 7: Even Attackers Make Mistakes

How will cybersecurity evolve in 2023? Whether our readers agree with these predictions is up to them to decide. The editorial team recommends taking a close look at who is making the predictions. Vested interests could influence the trend compass ;-).

Episode 7: CyberArk

IT security remains one of the top issues in business and society. What are the key threats and challenges in the coming year? There are also new opportunities for defenders.

Web3 promises more data protection and bigger paydays

Awareness of data protection has grown among the population, but even though many consumers are more conscious of their personal data, they often struggle to protect it reliably. The desire for greater transparency in the handling of personal data and more control over its use will continue to grow in 2023. The blockchain-based Web3 could experience a boost as a result. However, decentralized infrastructures, for which security best practices are not always fully mature, increase the attack surface on financial applications. Cybercriminals will exploit this and target crypto exchanges and the vulnerable connections to the digital world outside the blockchain. The successful heist on payment service provider Ronin, which netted $615 million worth of cryptocurrencies, was just the beginning.

Winter fuels attacks on energy infrastructure

The war in Ukraine could bring decentralized infrastructures into even sharper focus, after some criminal groups have already stepped up their financially motivated attacks and are constantly looking for new worthwhile targets. For the time being, however, winter is just around the corner, and it is likely that as temperatures drop, attacks on critical infrastructure will increase in order to drive up energy prices even further.

Attackers rely on tried-and-true tricks

Ever since Log4j rocked the world, speculation about what’s next continues to run rampant. But the “next big thing” is unlikely to be a massive zero-day vulnerability, as leading hacker groups and nation-states compete fiercely for coveted exploits, which easily cost tens of millions of dollars or more on the darknet and underground marketplaces. Most attackers will therefore use alternative ways to infiltrate companies and work their way inside infrastructures to the actual target. Why spend big bucks on a new exploit when phishing, stolen credentials, social engineering, and older kernel and memory exploits still work well?

Session cookies are becoming more attractive

The good news is that most companies no longer classify multifactor authentication as just a “nice to have” for their Web-based business applications. Users today typically need another authentication factor in addition to a username and password to establish a session. The bad news is that attackers have become quite adept at tapping into session cookies. This also allows them to bypass multifactor authentication, gain access to third-party apps and hijack accounts. As enterprises increasingly deploy SaaS applications, most of which are accessed through the browser, session cookies become even more critical and vulnerable. As a result, the popularity of marketplaces like Genesis Store that specialize in stolen session cookies is on the rise. Attackers will try to expand and automate their session hijacking attacks more in the coming year to make them more profitable.

Attackers make mistakes – fortunately

Internet marketplaces make it convenient for would-be attackers to gather stolen credentials and cookies, ready-made ransomware, and phishing and exploit kits – they don’t need extensive skills or to spend time scouting their targets. Enterprises are thus facing more attacks, and two-factor or multifactor authentication is not enough protection. But there is a silver lining: in pursuit of quick riches, many cybercriminals will make rookie mistakes and behave conspicuously on the network, allowing security teams to detect them. For example, if 20 authorization requests arrive in rapid succession, they will show up in security solution logs and should set alarm bells ringing because they indicate “MFA bombing.”