Barracuda Networks, a trusted partner and a leading provider of cloud-first security solutions, revealed threat predictions that would leave the organisations exposed in 2023. As part of the threat forecast, Barracuda turned to the professionals on the security frontline and asked them about the things they witnessed in 2022 and to identify a series of vulnerabilities and attacks that shook large enterprises.
In 2022, geopolitical conflicts further reminded that cyberthreats have no borders and just how vulnerable the world is to cyberattacks. Against this backdrop, some of the top cyberthreat trends that organisations need to be ready for in 2023 are:
- Ransomware is still an issue: 2022 was the first time when targeted ransomware attacks were witnessed against individuals based on their personal social media profiles.
We have witnessed an increased use of wiperware. In 2023, this wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue.
With the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight in 2023. During the year, organisations will experience an increased frequency of ransomware attacks with new tactics.
- More zero-day vulnerabilities: In 2022, there were 21,000 CVEs registered. Many of them were classed as ‘critical’, and many were actively exploited by attackers. There were also a number of popular third-party software libraries that had critical vulnerabilities reported. Organizations need to have a team in place ready to patch software and remediate as soon as possible.
- Supply chain attacks will continue: 2022 was the year of the supply chain attack with a large number of high-profile incidents occurring around the world and it has led more attackers to look for the weakest link in attacking companies.
- Credential theft remains a top target for attackers: Account takeover continues to be a low-hanging fruit for attackers and a top-of-mind risk for organizations. These credentials open the door for remote access, email and corporate web applications storing customer data. We have seen impersonation techniques and spear phishing attacks constantly evolve and with multifactor authentication (MFA) fatigue attacks, they are having more and more success.
- MFA is not the answer: 2022 was the year we saw that MFA is not the answer to all security concerns with the increased abuse of MFA. With the growing ease of two-fact and multifactor authentication fatigue attacks and with TOTP (time-based one-time passwords) susceptible to social engineering, security practitioners will be taking a new look at authentication measures.
- Expanding attack surfaces: In 2023, the number of potential attack surfaces in organizations will continue to increase as more of them adopt cloud-based and Software-as-a-Service offerings as remote work continues. This is forcing organizations to rethink security.
Sharing his insights on the predictions, Parag Khurana, Country Manager, Barracuda Networks India, “In 2023, organizations need to be ready to be targeted by every kind of cyberthreat, regardless of their size or industry sector. As existing authentication methods are challenged by attackers, security practitioners need to look at alternatives, and we expect to see password-less and FIDO U2F (Universal 2nd Factor) single security key technology receiving a lot of consideration. The growing use of artificial intelligence (AI) in threat detection will make a significant difference to security, and we expect to see more companies invest in 24/7 human-led threat hunting and response, making use of an expert SOC-as-a-Service if they don’t have the resources in house. It is also important to enhance employee security awareness in order to mitigate human risk. ”