Brace Yourself: More Ransomware and Extortion in 2023

With 2022 wrapping up a year full of ransomware attacks and data leaks, we look ahead to the evolving threats of 2023. While I predict a new set of challenges, I think many of the major cybersecurity issues we’ve seen throughout the year won’t be going away. From ransomware to extortion, organizations in all industries need to consider 24x7x365 coverage – a massive challenge for organizations forced to do more with less in the current economic climate.

Here are my predictions around the biggest threats we’ll see in 2023:

  1. Watch for these assaults to continuously become more interactive, with attackers gaining access to targets via stolen credentials or phishing emails and moving laterally before deploying the ransomware. Also beware of attackers continuing to target critical infrastructure and those organizations more likely to pay the ransom to recover their data or minimize downtime.
  2. Ransomware itself will also evolve. While traditional ransomware encrypts the data and demands a ransom, attackers have become frustrated with network-captured keys allowing free data recovery. Look for an increase in ransomware that exfiltrates data before destroying it, forcing organizations to pay a ransom to get their data back, not just unencrypt it.
  3. Extort much? With double, triple and quadruple extortion working so well, many attackers will decide to skip the encryption and go straight to the extortion, demanding a payment with the threat of data disclosure.
  4. Outside of ransomware, nation-state sponsored activity is up with the invasion of Ukraine and increased tensions with China. While Russia may seek to destroy, China will continue its onslaught of intellectual property theft from multiple sectors including biomedical, manufacturing, and technology – specifically military-oriented. Not limiting themselves to external cyber-attacks, China has been known to implant operatives at targets of interest, meaning many organizations will likely face an increase of insider-threat attacks.

Turning to MDR During Economic Uncertainty

While budget cuts are a natural part of a volatile economy, cyber-attacks will rage on. Many organizations recognize the potential risk of a successful attack far exceeds the savings by cutting spending to accommodate budget constraints. Some organizations may look to cut headcount for savings, which may drive greater demand for Managed Detection and Response (MDR) providers to maintain the security of an organization at a lower cost than an in-house team.


Cyber Regulations and National Security

The continuous increase in high-profile cyber-attacks has not gone unnoticed by both state and federal government bodies, though the focus may be slightly off-center. With multiple states passing or pushing forward legislation aimed at protecting the personally identifiable information of its constituents or combatting disinformation, there seems to be an absence of focus on increasing the resiliency of organizations against attacks that seek to steal intellectual property.

Although there is some focus on potentially catastrophic damage to critical infrastructure, most governmental regulations seem indifferent to attacks affecting organizational profitability, even at the expense of national security.


Cybersecurity Lessons Learned in 2022

2022 was not a great year for cybersecurity, with data breaches rising globally by 70% in Q3 alone (Infosecurity-Magazine.com), but “In all things, learn a lesson.” So, what do we take away from this past year?

Here’s what your organization can learn from 2022 and apply as best practices and focus areas for 2023:

  1. Focus on posture management. With many attacks exploiting configuration errors and mistakes, examining the attack surface and infrastructure from an attacker perspective has become easier with newer technology and helps to focus resources on initial-infection vectors that’ve been previously overlooked.
  2. Layer 8 is still vulnerable. Phishing emails are still the number 1 attack vector for deploying malware or stealing credentials. Focusing on emails isn’t enough anymore, with many attackers pivoting to smishing (SMS Phishing) or professional social media sites like LinkedIn. User awareness training has become more effective over the previous years. Combined with increased publicity of data breaches and punishment for repeat offenders, users may actually start to realize their individual actions can impact the entire organization. Additionally, user-based security controls like conditional access can restrict potential impact while providing detection and response capabilities if credentials are compromised.
  3. Resolving “Critical” alerts isn’t enough. With many attackers using LOLbins (live-off-the-land binaries) to carry out attacks, there is a growing necessity to also investigate medium and low-priority alerts. The adversary is returning to the days of “low and slow” attacks to circumvent prevention controls and avoid detection. To combat the volume of medium and low-priority alerts, many organizations are turning to products with advanced correlation capabilities, additional human-led investigation or outsourcing to Managed Detection and Response companies to even the playing field and provide 24×7 coverage.
  4. I’d be remiss if I didn’t provide some kudos to many organizations that have reverted to a risk-based security approach, leveraging frameworks to provide guidance around security initiatives. For too long, we’ve played Whack-a-Mole with threat actors, constantly falling behind the attackers’ advancing tactics, techniques and procedures. A risk-based framework-oriented approach provides structure to roadmaps without waiting for a successful attack to identify the next security project.

No matter the threat, we know you want to minimize cyber risk in the new year. And we can help. Get in touch with us to discuss your cybersecurity challenges and learn more about how we can help you simplify breach prevention and stop business disruption in 2023 and beyond.



You may also be interested in…

Stay Connected on Today’s Cyber Threat Landscape

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
Join us at RSA Conference - booth #449 South!
This is default text for notification bar