New year, new trends – cyber security is no different.
We had a chat with our Threat Intelligence team to see what patterns they saw last year and what new or existing trends are predicted to surface going into the new year.
Here are 4 cyber security trends in 2023 you should be aware of:
Search Engine Optimization (SEO) is a well-known technique used across businesses, usually by marketing, to boost website ranking on search engines, such as Google. It has, however, become a notorious tactic for cyber criminals simultaneously. Through building malicious websites and using specific keywords, cyber criminals increase their online reputability, some criminal websites even appearing on the first page of search results.
One particularly significant SEO poisoning campaign that appeared in late 2022 involved compromising almost 15K websites to redirect visitors to fake Q&A discussion forums. Researchers believe the intention of this was to generate enough indexed pages to increase the domain authority of the fake Q&A site and its ranking in search engines, potentially driving more users to the site. The bots scrawling the internet simply can’t tell the difference between a safe business webpage and a malicious one, and this is where the problem lies.
Natalie Page, Threat Intelligence Analyst at Talion, says “SEO poisoning has been a big one in 2022 and doesn’t look to be going anywhere any time soon. I imagine we shall see adversary get even more creative with this infection method in 2023.”
The shift to new pen testing tools has been a clear trend in 2022 as many cyber criminals have left behind the once positive Cobalt Strike to use new tools, such as Brute Ratel C4. These commercial adversary simulation softwares are built for red teams to emulate potential attacks and exploitation capabilities to evaluate in-house security processes, but year upon year they’re abused by threat actors to distribute ransomware or espionage-focused Advanced Persistent Threats (APTs) with the goal of “staying under the radar”.
Exploitation kits are currently selling widely online to support hackers. Therefore, it wouldn’t be a surprise if the shift to new pen testing tools continues to increase throughout 2023.
The business world no longer revolves solely around a laptop. Mobile phones have become all-encompassing, fusing together both our personal and work lives. As a result, cyber attackers are understanding a truer picture – that more and more businesses allow employees to use their phones for work, so targeting these smaller yet arguably more powerful remote devices could be a better use of time, energy and money.
Since cyber criminals are shifting their focus towards mobile phones, Multi Factor Authentication (MFA) bombing attacks have become particularly prevalent – this involves bombarding a user with multiple MFA prompts, increasing stress and overwhelm in the hope that they will eventually accept one. Uber were hit hard with an MFA bombing attack back in September 2022 where a cyber criminal pretended to be Uber IT Support to convince the employee to accept the MFA request.
One issue we’ve highlighted at Talion this year to our clients is that user awareness is often focused on email-based phishing – which is still a cause of concern, and we always recommend staying up to date on the phishing landscape – however employees are not being made aware of attacks targeting mobile devices too and they should, because this is something that will be pivotal in 2023.
Over the last 2 years, world events such as the COVID-19 pandemic and the Russia/Ukraine conflict have really shaken up the cyber threat landscape. In 2023, the predicted recession will once again follow this trend. There is likely to be an uptick in criminals using hack-for-hire services in search of quick cash, meanwhile CISO’s will be under an immense amount of pressure to improve their security budgets to derive more value for money, meaning expensive tooling may not always be feasible.
Knowing security budgets may be at an all time low, cyber criminals won’t fall short in taking advantage. Taking the hit of a security breach during a recession could be crippling for most organisations and unfortunately the reality is that many businesses will go bust next year. Cyber security prevention is going to be key for business survival over the next couple years and for this reason, investing in managed cyber security services with additional services, such as Threat Intelligence, may become more desirable.
Find out how we prepare you for future cyber security threats here.
Start 2023 as you mean to go on.
Book a consultation with us to discuss where you want to take your cyber security strategy this year.
And we’ll help you tackle the above 4 cyber security trends in confidence.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.