IT Security Predictions for 2023

All posts
Posted on 4 min read

I know, I know, we are a bit late with this one, but better late than never 🙂 

What everyone writing these predictions loves is that no one ever goes back to the predictions you made a year ago and changes your salary based on all the incorrect guesses you made. It really is closer to a freestyle art than engineering: there’s always an assumption that something might not work out in practice. 

With this in mind, let’s see what we see whenever we look into our magic crystal ball.

Security Predictions for 2023

System Complexity Will Continue to Grow and It’s Bad for Security

Every year, new layers are added to existing systems, and new systems are created and connected without proper asset management, while people leave organizations without appropriate documentation on how things work. Systems are becoming more complex, but secure systems are simple. Complexity is the enemy of security.  

a geek & poke single-panel comic titled 'A GOOD ARCHITECT LEAVES A FOOTPRINT', showing a vertical list above a database, going from 'persistence', 'business logic', business logic', 'business processes' to 'Marc', 'Judy' and 'John'. Two characters are looking at the list and one says: 'We gave up finding proper names for the layers long ago, since then we just name them after their architects'
Source: https://geek-and-poke.com/geekandpoke/2013/7/13/foodprints

Low-tech, High-loss Attacks Using Unfiltered Channels

As e-mail spam filters become increasingly sophisticated, attackers use new, unfiltered channels to contact their victims. From text messages to encrypted chats like WhatsApp or Telegram, to new and obscure platforms, attackers find new ways to spam people every day. End-to-end encrypted chat messages are stimulating these activities, as running any central spam filtering solution is impossible. It is possible to run the spam filter on the device after the message is decrypted, but it has drawbacks like performance, storage, and security. 

Meanwhile, scams like “Business E-mail Compromise“, or “Pig Butchering” liquidity scams can do a lot of damage to their victims. While many low-tech attacks require a lot of involvement from the attacker, they are quite efficient ways of gaining a lot of value from the victims.

A geek & poke single-panel comic 'The History of "free"', showing two characters looking at a wooden horse statue. One of them says: "I have no idea! But it's free!" Under the panel is a phrase "It always worked"
The History of “free”. Source: https://geek-and-poke.com/geekandpoke/2013/10/13/the-history-of-free

Rise and Fall of Ransomware

As it was predicted years ago, more and more people have proper backup solutions with tested recovery procedures. This means fewer and fewer ransomware victims are willing to pay for the decryption keys after a ransomware attack. This forces ransomware groups to change tactics. Now, before encrypting crucial data, attackers also steal important company information, such as e-mails, and try to extort the companies. If they don’t pay, the stolen e-mails are published. This tactic has already worked in some cases, but we expect this to be a less lucrative business than ransomware used to be. 

A CommitStrip four-panel cartoon where a manager looks through the expenses and suggests getting rid of the backup system, since it is never used and is a 'useless expense'. The manager rejoices and says he loves saving money
The Price of Backups. Source: https://www.commitstrip.com/en/2018/04/11/the-price-of-backups/?

Cyber Insurance vs. Ransomware

Many companies have started looking at the ransomware threat problem straightforwardly: let’s pay for cyber security insurance, and if the company gets hacked, we pay the ransom and move on. Unfortunately, ransomware threat groups quickly figured out what was going on and started collecting information on which companies are insured and the maximum amount they could pay. This changed the game, as cyber insurance fueled ransomware payouts in the past, and some insurance companies started seeing that this was not a good business for them. We’ll need to wait and see how companies deal with this challenge. For a start, we suggest following the basic principles and not getting lost in the daily hysteria. Asset management, network segmentation, and least privilege are not trendy, yet, they can save the day. 

A geek and poke single-panel comic with a caption 'Simply explained' and one character saying to the other: "Good point! Put it in Risks.xlsx", with a caption below the image: "Risk management"
Source: https://geek-and-poke.com/geekandpoke/2016/11/17/simply-explained

Insider Threats

Did you know that more and more threat actors have started to pay insiders to get access to company resources? Combine this trend with poor identity management, unrevoked access priviledges, and a single disgruntled/fired employee can become a ticking time bomb. 

IoT Attacks on the Rise

Managing IoT devices is complicated because the ecosystem is highly heterogeneous: different types of devices, manufacturers, models, and CPU architectures. Luckily, this means that attackers also have a hard time creating attacks that would work against a significant amount of devices. Nevertheless, we see a trend that IoT devices increasingly use the same 3rd party components, the same operating system (Linux / Busybox), and share the same vulnerabilities. 

A geek and poke three-panel comic strip with two characters. One says that he already updated the toaster, the doorknobs and a little thingy he still doesn't know the purpose of. The other character responds: "Don't forget your dad's cardiac pacemaker!" to which the first one replies: "Oh please!". The caption below the comic says 'A shell shocks the internet of things'
Bashing. Source: https://geek-and-poke.com/geekandpoke/2014/9/29/bashing

Conclusion

No crystal ball can predict the future of cybersecurity, but one thing is certain: attackers will not take a break in 2023, and you should stay vigilant as well. 

 

Zoltan Balazs
Linkedin

Ethical hacker and IT security researcher with more than 15 years of experience. Apart from an MSc Degree, ten technical certs, including OSCE or CISSP. Former speaker at DEFCON, SAS, AusCERT, Shakacon, and many more.

More like this

5 min read

Rapid Response: the Rise of Suspicious Websites at the Start of the Israel-Hamas War

By Leonardas Marozas
Cybersecurity Labs
9 min read

The Anatomy of a Spear Phishing Attack With OSINT Tips and an Almost Disappointing Ending

By Zoltan Balazs
Cybersecurity Labs
5 min read

I Sent Glitter, an AirTag, and Some Love to Facebook Marketplace Scammers

By Zoltan Balazs
Cybersecurity Labs

Other posts by Zoltan Balazs

header image
8 min read

The Story About Three Million Toothbrushes Used in a DDoS Attack Is Not True

By Zoltan Balazs
IoT Labs
9 min read

The Anatomy of a Spear Phishing Attack With OSINT Tips and an Almost Disappointing Ending

By Zoltan Balazs
Cybersecurity Labs
9 min read

SpeedHacking CTF at Hacktivity 2023 – Behind the Scenes

By Zoltan Balazs
Labs
All posts by Zoltan Balazs