Share this article on:
Opinion: 2022 has been one of the most consequential on record for the global cyber security sector. Mike Sentonas, chief technology officer at CrowdStrike, pens his predictions for the cyber security industry in 2023.
Across the world, CrowdStrike’s own data found that the volume of interactive intrusions — those that involve hands-on-keyboard adversary — grew by 50 per cent versus the previous year. In the Asia-Pacific, this growth was 60 per cent, but in Australia, the needle was really shifted by a number of high-profile data breaches that put businesses in the spotlight over how they protect, and keep private, sensitive information. These incidents brought home to business leaders and policymakers that, when personal data is breached, the consequences are reputational as well as financial, and could take years to recover from.
In 2023, the cyber criminal landscape will continue to evolve. Because of the enormous value of data, whether it be company IP, personal data or state secrets, the pace of cyber warfare is unlikely to ever slow down. I expect that the tactics, techniques, and procedures (TTPs) used by cyber criminals will become ever more sophisticated to match the value of the prize at hand. Here’s what I predict 2023 to have in store for cyber professionals and organisations combating cyber criminals:
1. In 2023, adversaries will leverage identity-based attacks for initial access and lateral movement, driving down breakout time: Throughout 2022, we have seen an increase in identity-based attacks and development of sophisticated, file-less techniques bypassing traditional multi-factor authentication (MFA) defences. And it’s not just stolen credentials, as pass-the-cookie, golden-SAML, and even social engineering with MFA fatigue add to the ever growing ways to compromise an identity. In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure, or exfiltrate critical data from Azure, GCP, or AWS public cloud infrastructure.
2. APIs are the next attack vector: With the proliferation and use of SaaS applications, API usage has grown exponentially year-over-year, and, as with any growth area, the associated risk is also increasing. APIs connect critical data and services that drive today’s digital innovation. As a result, APIs have proven an extremely valuable target for cyber criminals. It is imperative for security teams to have thorough understanding and clear visibility into their full attack surface. This surface includes all APIs in your environment, including undocumented (shadow) APIs as well as unused/deprecated APIs that have not been disabled. On the heels of several recent high-profile API-related incidents — the trend is expected to accelerate into 2023.
3. In 2023, dedicated data leak marketplaces will see a massive expansion as extortion becomes the No. 1 e-crime TTP: In 2023, we will see a growth in the weaponisation of data as extortion becomes the most common TTP used by e-criminals. Data extortion will surpass traditional data encryption and provide threat actors the ability to victimise organisations repeatedly with such tactics as double or triple extortion. This will be demonstrated through lock-and-leak operations, where e-crime actors will target organisations with high value data — such as in the technology, manufacturing and financial sectors — locking target networks and subsequently threatening to leak victim information. In industries such as healthcare that must comply with various regulatory requirements, such an attack can be devastating. As a result of this increase in data theft and extortion, there will be explosive growth of new criminal marketplaces dedicated to advertising and selling victims’ data.
4. The vicious zero-day Tuesday/hack Wednesday cycle will continue: The patch panic that seizes security teams the second Tuesday of every month will persist and increase in 2023 as adversaries grow the sophistication of their TTPs and continue their feverish targeting of zero-day vulnerabilities. As we have seen, the number of zero days and critical vulnerabilities has continued to increase, and, concurrently, the time between the disclosure of those vulnerabilities and threat actors actively attempting to exploit them has narrowed. In fact, in 2022, we witnessed many cases of threat actors exploiting announced vulnerabilities immediately. The continued growth in zero-day threats will underscore the importance for proactive threat hunting solutions capable of addressing threats at scale. Until then, organisations will spend more time pushing critical patches as soon as they’re available or focusing on workarounds when the patches aren’t available.
5. Organisational constraints in the uncertainty of 2023 will result in high-profile cyber incidents: Uncertainty is pervasive around the world, and it will provide an environment ripe for threat actors to exploit. In the current, rapidly changing economic and geopolitical climate, organisations are under increased pressure to do more with less, securing their business with similar or potentially fewer resources against the ever-increasing volume and severity of cyber attacks. A high-profile cyber attack will have even greater consequences to the victimised organisation, as one major data breach threatens to cripple the entire business when organisations cannot afford any downtime. Cyber security incidents are expensive and can go on for years, including the cost of cleaning up after a breach, paying for incident response and forensic investigations, legal costs, changing security providers through to notifying customers and regulators. In 2023, we will see even more high-profile incidents as a result of the increased pressure on organisational constraints in these times of uncertainty.
Mike Sentonas is the chief technology officer at CrowdStrike.