There are certain constants that one defends against when planning critical infrastructure cybersecurity. One example would be vulnerabilities. These are an ongoing issue every time there is an OS or software update. Another would be phishing emails, which remain the main conduit for a wide variety of different types of attacks.
But, while defending against these common security concerns, companies can’t get complacent about keeping an eye out for rising trends. Just as many organizations continually upgrade and expand their business, criminal groups do the same.
For example, one recent occurrence in the cyberattack “business model” in just the last 5 or so years is Ransomware as a Service (RaaS). This is where criminal groups set up shop with sites that mimic Software as a Service (SaaS). They offer a full ransomware attack package with their version of customer support for a subscription fee.
It’s estimated that RaaS now accounts for approximately two-thirds of ransomware attacks.
Trends like this need to be prepared for, otherwise, organizations and mission-critical facilities are caught off-guard. This leaves them exposed to attacks while they’re playing catch-up with their security apparatus.
Now is the time to prepare for what is expected to be trending in 2023. Experts warn to be on the lookout for the following cybersecurity threats in the coming year.
One-time Password (OTP) Bypass Services
Multi-factor authentication (MFA) is often promoted as one of the best ways to prevent a password breach. This method is touted as being 99.9% effective at stopping fraudulent sign-in attempts. One of the most common factors of authentication MFA uses is the one-time password (OTP) that is sent to a user’s device, often by SMS.
Rather than just watching everyone adopt MFA to thwart their attempts, hackers have developed an OTP bypass and are selling this as a service to other cybercriminals.
Bots have been created that can bypass the OTP protections by stealing those SMS messages and distributing them to a bad actor. They do this by automating the sending of social engineering voice calls or text messages to the targets. The goal is to get the target to send the OTP back to the bot.
One bot that has been advertised over certain social media networks is named “SMSBypassBot” and is just one that will likely be more prevalent in the coming year.
Attacks Through 5G
The promise of a much faster internet through 5G hasn’t quite been fulfilled yet. But those building the wireless infrastructure to enable the service to reach its full potential have been making progress.
2023 promises to fulfill more of the potential of 5G, with not only phones benefitting. Internet service providers are also beginning to offer 5G internet connections to homes and businesses.
This speed is great for connectivity, but it also holds a lot of opportunities for hackers to take advantage of the new 5G infrastructure. Without the benefit of maturity, be wary of the security of any new 5G network infrastructure and ensure you’re applying zero-trust standards to mitigate risk.
Data Leakage Issues Through Social Media
Social media companies are not known for their privacy, but they are known for their popularity. If you asked your employees how many use one or more social media apps, it will likely be nearly (if not) everyone.
If these apps are on devices that have access to business data and network infrastructure, it can mean leakage of data. This is data that isn’t maliciously stolen, but rather “leaked” unintentionally to unauthorized parties through poor security practices or overreaching applications.
Facebook’s data sharing and gathering recently gained a spotlight when the company rolled out its new “Off-Facebook Activity” tool, which allows users to see exactly which third-party apps and websites Facebook gathers information from. Users are often completely unaware that an unrelated website they visit is being caught in the net of data mining, sharing, and selling by social media giants.
Cyberattacks Connected to Global Events
The pandemic kicked off a big trend that continues with hackers taking advantage of global events. They use messages related to these events in social engineering attacks. They also look for weaknesses due to organizations being distracted by world happenings and exploit them to launch attacks.
During the pandemic, the cyberattack volume increased by 600%. There have also been multiple phishing scams launched that take advantage of the war in Ukraine, many of which prey on people’s desire to help those in need.
This trend is expected to continue as cybercriminals continue to find it lucrative to take advantage of disruptive world events.
Faster & More Personalized Attacks Thanks to AI
Artificial intelligence and machine learning are revolutionizing the technology experience. They’ve given us things like predictive typing and smart threat monitoring and response.
Look for hackers to also be diving into the time-saving and efficiency advantages of AI, with more personalized attacks and larger attack volume. AI allows things to be automated, with software taking over tasks that used to be done manually. This enables large criminal groups to launch more targeted attacks at a higher rate of speed.
When Was Your Last Vulnerability Assessment?
Is your cybersecurity strategy ready for the threats coming in 2023? Schedule a vulnerability assessment today with WizNucleus to make sure!
Contact us today to schedule a free consultation! Call +1 (646) 558-5577 (New York, NY) or +1 (469) 481-1726 (Carrollton, TX) or reach out online.
