With the end of 2022 fast approaching, Forescout’s research team, Vedere Labs, has looked ahead to what the cybersecurity landscape will look like next year.
Here are the top five predictions for 2023:
Ransomware groups will expand into more IoT devices and continue evolving their extortion campaigns
Now that cross-platform ransomware is the norm, several groups have shown the profitability of attacks leveraging IoT devices (e.g. Lorenz on VoIP, Conti on routers and DeadBolt on NAS) and organisations have increased protections on their IT networks. As a result, the stage is set for an explosion of ransomware attacks using these devices for initial access or impact.
Threat actors will focus on exposed devices with a weak security posture (e.g. default/weak credentials and easy-to-exploit vulnerabilities) for initial access into organisations and on-critical devices for impact and new extortion techniques.
Probable favourite targets will be IP cameras and VoIP systems. We could also see the emergence of Initial Access Brokers (IAB) specialising in IoT access.
Hacking groups that appeared or became more active during the war in Ukraine will continue to act, regardless of what happens with the war
The war in Ukraine brought a lot of hacking groups to the scene or made groups that already existed focus on politically-motivated attacks.
Regardless of whether the war continues or ends, these groups will remain active. The people who gained offensive skills, and the groups that formed, will continue attacking politically-motivated targets or transition into the cybercriminal underground for financial gain.
State-sponsored actors will continue to expand their arsenal with new sophisticated malware
2022 has seen the emergence of state-sponsored ransomware, the use of wiper malware on satcom modems and out-of-band management technology, as well as new OT/ICS-specific malware.
In 2023, state-sponsored actors will continue to expand their arsenal and target other types of devices in espionage or disruption campaigns.
Medical device cybersecurity challenges will persist
On September 12, the FBI released a private industry notification about a growing number of vulnerabilities in medical devices that can be exploited by threat actors to ‘impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity.’
This notification came after the discovery of significant vulnerabilities this year, affecting medical devices, such as infusion pumps, medication dispensing systems and electrocardiographs. It also follows a wave of ransomware attacks that have targeted healthcare organisations over the past few years, some of which have rendered medical devices unusable.
The challenges with medical device security – long lifespans, difficulty in patching and customised software/firmware – will remain.
2023 could also be the year where we see attacks not only spill over to medical devices, but actually target them (potentially their insecure-by-design features as in OT), although it would require specific attacker motivation to purposefully target devices that could directly harm people.
Attacks on critical infrastructure will continue to increase
2022 saw dozens of notable attacks on utilities and critical infrastructure organisations, either directly targeting OT or via ransomware starting on the IT network.
These types of attacks will continue in 2023, with ransomware being the most popular type of attack. In many cases, ransomware gangs are refraining from encrypting data on critical infrastructure, instead resorting to exfiltration and extortion.
Next year, some of this leaked data, which often contains sensitive OT data, could be used for disruptive OT attacks by other groups with different objectives than financial gain.
The cybersecurity space will undoubtedly continue to evolve next year, at the same rapid pace we’ve experienced this year. IoT devices, particularly IP cameras and VOIP systems, will be particularly compromised, as will medical devices. At the same time, ransomware will pose an even greater threat to utilities and critical infrastructure organisations, further compromising the IoT device space. Meanwhile, state-sponsored ransomware will cause widespread disruption and the activity of hacking groups will proliferate.
Every organisation must stay alert to the areas outlined above and keep security top of mind. Otherwise, they run the risk of bad actors exploiting vulnerabilities. Above all else, they must heed the fact that no business, irrespective of industry or location, is immune from the growing threat of a successful cyberattack.
About the Author
Daniel dos Santos is Head of Security Research at Vedere Labs. Forescout Technologies actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing. Fortune 1000 companies trust Forescout as it provides the most widely deployed, enterprise-class platform at scale across IT, IoT, and OT managed and unmanaged devices. Forescout arms customers with more device intelligence than any other company in the world, allowing organizations across every industry to accurately classify risk, detect anomalies and quickly remediate cyberthreats without disruption of critical business assets. Don’t just see it. Secure it.
Featured image: rafael/EyeEm