Trends Episode 8: Security by Design and Deepfakes

How will cybersecurity develop in 2023? Our readers will have to decide for themselves whether they agree with these predictions. The editorial team recommends taking a close look at who is making the predictions. Self-interest could influence the trend compass ;-).

Episode 8: ESET

Hybrid work models will become the gateway for criminals to enter corporate networks. In addition to the classic vectors such as zero-day attacks or phishing emails, attacks via Teams, Slack and Co. will also be firmly in the hacker’s arsenal. Endpoint detection and response, or EDR for short, should no longer be a foreign concept. Deepfakes are also increasingly becoming a problem for private users and companies.

Smart helpers finally no longer a security risk?

Analyst firm Gartner predicts that 43 billion smart devices with Internet connectivity will be in use worldwide by 2023. IoT devices – from smart wearables to home appliances, cars, building alarm systems and industrial machinery – have often proven to be troublesome for IT security managers. Manufacturers have often failed to protect these devices with security patches and updates. In their view, this was not necessary because smart devices in many cases do not store sensitive data. But hackers have often used them as a gateway to other networked devices.

In recent years, it has become rarer for a device to ship with a default password or PIN, for example, without requiring users to set their own. In 2023, a number of government initiatives are set to take effect around the world aimed at increasing the security of networked devices, as well as the cloud systems and networks that connect them all.

Hackers angling for collaboration tool

Hybrid work models have firmly integrated so-called collaboration tools such as Slack or Microsoft Teams into everyday business life. While phishing attempts are also a common threat in the corporate environment, criminals will expand their range of attack tools in the coming year and specifically target these programs. This is where sensitive data can be captured because many employees continue to work remotely or do so permanently.

Ransomware remains a perennial threat

Ransomware has been bullying businesses and individuals for years. Such encryption Trojans are now being used by criminals in an even more targeted manner. The business model is and remains attractive. ESET experts currently see a shift away from the mass distribution model toward precise attacks on lucrative targets and “ransomware-as-a-service,” in which cybercriminals develop ransomware and rent it out for attacks.

Deepfakes are becoming a threat

In October 2022, a deepfake of US President Joe Biden was circulated. In this video, instead of singing the national anthem, he sings the song Baby Shark. Such recordings, faked with the help of artificial intelligence, deceptively imitate faces and voices. Even experienced laymen are able to manipulate media content such as audio recordings, images and videos using this technology. In the worst case, biometric systems can be bypassed. Such attacks are particularly promising in the case of remote identification procedures (e.g., video identification). Deepfake methods can also be used in spear phishing attacks to obtain financial resources or data. Similarly, these methods can be used for disinformation campaigns to create and distribute fake media content of key people.

“Security by design” in the automotive industry

Companies in the automotive industry have also increasingly fallen victim to cyberattacks. For some time now, cybercriminals have been targeting production systems and processes, as well as vehicle software. The automotive industry has already introduced measures to protect vehicle owners’ data (e.g., ISO 21434) and is now also legally required to do so in Germany. These new standards are also necessary with regard to autonomous driving. However, these measures must be constantly reviewed and adapted to the current situation. This example will be followed by other divisions in which consumer goods store and process data. Also, in the future, manufacturers will be held more accountable for vulnerabilities in their products in the event of violations.