ARTICLE
The cybersecurity threat landscape is constantly in flux, with new threats emerging and old ones evolving. Over the past six months we have seen cyberattacks on critical infrastructure affecting industries ranging from transportation to healthcare. Based on activity monitored by Nozomi Networks researchers, we’re also expecting cyber criminals, hacktivists and nation-state actors to continue to hone their skills and evolve their craft for greater success.
Latest cybersecurity threats and trends in attacks in 2023
Security professionals must be prepared to face a variety of threats, as criminals can also use the simplest proven methods. But special attention should be paid to the following:
1. Hybrid threat tactics
The lines that once categorized different types of threat actors have blurred, which could significantly changes the threat actor landscape. For example, November’s Continental ransomware attack was launched by hacktivists who used nation-state tactics to cause a physical disruption to railroads. Meanwhile, nation-state threat actors have been leveraging cyber-criminal tactics, such as ransomware, to cause disruption in critical environments. It will become increasingly difficult to categorize threat groups based on TTPs and motives, which have aided in attribution efforts in the past.
2. Quantum cybersecurity threats
As threat actors use the “store now, decrypt later” (SNDL) technique in preparation for quantum decryption, governments are taking steps to defend against this future threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its post-quantum cryptography initiative on July 6, 2022, to prepare and safeguard critical infrastructure companies during this transition. As CISA rolls out this guidance, more companies will shift their focus to safeguarding their data now to reduce the risks of quantum decryption later.
3. Medical device exploits
Many medical devices are susceptible to cyberattacks due to the fact that the legacy systems they are using are no longer being manufactured and/or the software no longer supported. Threat actors use scanners and other types of tools to identify and exploit vulnerabilities in these devices and perform manipulative tactics or even launch cyberattacks. Apart from using scanners to exploit vulnerabilities, threat actors can access medical systems used to aggregate device data for broader analysis and monitoring. This manipulation could lead to malfunctions, misreadings, or even overdoses in automatic release of medication.
4. Cyber insurance inflection point
Cyber insurance is an important part of a comprehensive cybersecurity strategy. However, cyber criminals are conducting reconnaissance on cyber insurance policies and tailoring their ransom requests to match the amount of a cyber insurance payout. This could either cause premiums to significantly increase, or even dry out cyber insurance resources, making it more difficult to file serious claims and receive payouts. Cyber insurance is not a cure for cyberattacks; in fact it could motivate cyber criminals. Companies should invest in cyber prevention, protection, and remediation as a first line of defense.
5. Malicious AI-driven chatbots
ChatGPT is a variant of the Generative Pre-trained Transformer (GPT) language model that is specifically designed to generate human-like text based on a given prompt. While ChatGPT can be used in a variety of applications, such as generating chatbot responses or creating content for social media, it can also be used in social engineering and phishing attacks. For example, a hacker could use ChatGPT to generate a phishing email that appears to be from a legitimate company or individual, complete with personalized greetings and specific details about the recipient. As these systems become more sophisticated, malicious threat actors could use them to write malicious code or develop exploits for vulnerabilities.