2022 has been another year of high-profile data breaches, mirroring the years before in the growing number and sophistication of cyber threats. Cyber-attacks have become part of a boiling cauldron and some of the brining liquid has seeped over into the corporate and government digital landscapes.
Consistently, phishing, insider threats, business email compromise, lack of skilled cybersecurity workers, and misconfigurations of code have been common trends throughout the past decade. They still will be trends in the coming year, but other factors and developments will also permeate a precarious cybersecurity ecosystem. Let us explore some of them.
2023 Cyber Trends:
Geopolitics and Critical Infrastructure And Supply Chain Attacks:
The 2020 World Economic Forum’s (WEF) Global Risks Report listed cyberattacks on global Critical Infrastructure (CI) as a top concern. WEF noted that “attacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation.” ] The Global Risks Report 2020 | World Economic Forum (weforum.org)
That global risk was exemplified in the Russian invasion of Ukraine which set a new stage for the use of cyber weapons aimed at disabling critical infrastructure. In accordance with the kinetic attacks, Russia has incessantly attempted to target key Ukrainian critical infrastructures to help enable their war efforts. Russian cyberattacks have succeeded in shutting down Ukraine’s power grid in the past and Ukraine’s power grid is still under bombardment from both physical and digital missiles. For the most part, the attacks have been thwarted by a well-trained and prepared Ukrainian cyber force. Bust Russian and Russian proxy cyber capabilities are still significant and pose threat not only to Ukrainian infrastructure but to the West in general as evidenced by the Colonial Pipeline attack and by the Solar Winds breach. They will intensify and spread in the coming years.
State threat actors do pose significant threats. Admiral Mike Rogers, former head of the National Security Agency and U.S. Cyber Command, has stated that at least two or three countries could launch a cyber-attack that could shut down the entire U.S. power grid and other critical infrastructure.
The new reality is that most critical infrastructures operate in a digital environment that is internet accessible. The trends of integration of hardware and software combined with growing networked sensors are redefining the surface attack opportunities for hackers across all digital infrastructures.
Protecting Critical infrastructure and supply chains are not an easy task for any country, especially democratic societies that are by their nature open and accessible. In the U.S., most of the critical infrastructure, including defense, oil and gas, electric power grids, ports, shipping, health care, utilities, communications, transportation, education, banking, and finance, is mostly owned by the private sector and regulated by the public sector.
In government, securing critical infrastructure and the supply chain has been an evolving priority. In recent months, the White House, the Department of Homeland Security (DHS), and the Department of Defense (DOD) all have enacted initiatives (and sought assistance) on supply chain security. Supply chains are often composed of a variety of parties linked to networks.
Cyber-attackers will always look for the weakest point of entry and mitigating third-party risk is critical for cybersecurity. Supply chain cyber-attacks can be perpetrated from nation-state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain.
Created as a civilian counter-terrorism agency back in 2003, The Department of Homeland Security (DHS) has become the lead U.S. agency on the civilian side of government for cybersecurity. Also, the DHS role has significantly evolved in correlation with the growing and complex threat to critical infrastructure. Largely because of that responsibility and cybersecurity threat to CI and the need to coordinate with the private sector, the Department of Homeland Security (DHS) embarked on creating the Cybersecurity and Infrastructure Security Agency (CISA) in 2018 as an operational component.
CISA’s stated role is to coordinate “security and resilience efforts using trusted partnerships across the private and public sectors, and delivers training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide”
The Cyber Frontier of Protecting Space Assets:
Space, while not yet listed as a critical infrastructure by DHS, certainly is a priority asset for industry and for national security. An ominous incident in conjunction with the Russian invasion of Ukraine was the attack that disrupted Ukrainian satellite communications provider ViaSat at the onset of the invasion. In our new digital era, satellite and space security is of budding importance because of the reliance on space, and especially satellites, for communications, security, intelligence, and commerce.
More and more satellites have been launched in the past few years. Thousands of satellites currently operate in low Earth orbits, and they are subject to cyber vulnerabilities from above and from below. Many communication networks are now changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. There are more satellites circling in low earth than ever as launch costs have significantly lowered, which has created more targets and thus a wider attack surface for hackers to potentially attack both in space and at land-based control centers.
Space is an emerging and mission critical frontier that countries are becoming increasingly dependent on for monitoring and information sharing. They also play a vital national security role by watching geopolitical movements and tracking adversarial threats. Satellites are at a growing risk from cyber-threats, and this has come to the attention of the national security establishment. As a result of those threats, the US Space Systems Command recently announced beta testing for cybersecurity guidance around commercial satellites.
Russia and China are two of the most formidable threat actors to space communication systems but other countries such as Iran and North Korea are also viable threats. Cyber expert Josh Lospinoso in a recent and informative article in The Hill noted that “Attacks have been going on for many years and have recently ramped up. He called attention to the fact that back in 2018 hackers infected U.S. computers that control satellites. And a year later, Iranian hacking groups tried to trick satellite companies into installing malware in 2019. See Space race needs better cybersecurity | The Hill
Industry and Government Collaboration Grows
Information sharing on threats and risks is one of the most principal functions of government and industry collaboration. Sharing such information helps allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, and insider threats. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes.
Mitigating evolving threats and being resilient to breaches are paramount for critical infrastructure protection. Successful industry government collaboration is dependent on information sharing, planning, investment in emerging technologies, and allocation of resources (and roles and responsibilities) coordinated by both the public and private sectors in special working cybersecurity partnerships.
Collaboration is important for remediation of cyber-attacks too. Both Solar Winds and the Colonial pipeline breaches highlighted the government’s assistance in mitigating breaches and moving toward resilience. The government was directly collaborating with the companies to discover the extent of the breaches and options for amelioration.
CISA under the leadership of Jen Easterly created the Joint Cyber Defense Collaborative (JCDC) last year to fundamentally transform how cyber risk is reduced through continuous operational collaboration between government and trusted industry partners. “The Cybersecurity and Infrastructure Security Agency established JCDC—the Joint Cyber Defense Collaborative—to unify cyber defenders from organizations worldwide. This diverse team proactively gathers, analyzes, and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response.” The JCDC also is supported by other government agencies including the FBI, NSA, and U.S. Cyber Command to help drive down risk in partnership with industry.
The cornerstone of industry/ government should be based on information sharing and knowledge transfer; sharing of cybersecurity tools, and sometimes combining mutual funding resources to build prototypes and build and fortify technologies that enhance security.
An enhanced and streamlined government and industry partnership should continue to be a priority for cybersecurity strategies in 2023, as threats can morph, especially with the emergence of technologies such as artificial intelligence, machine learning, 5G, and eventually quantum computing.
Predictions for 2023
Machine Learning and Artificial Intelligence Assimilate into the Cyber Ecosystem
We are currently in a disruptive era of technological advancement labeled The Fourth Industrial Era. It is characterized by exponential connectivity of people and devices and involves the meshing of physical, digital, and biological worlds. This includes a multitude of innovative technologies (among others) such as artificial intelligence (AI) & machine learning (ML), robotics, sensors, 5G nanotechnologies, biotech, blockchain, and quantum.
The cyber-attack surface has significantly worsened in 2022 because of the growth of connectivity. Covid 19 and remote work have contributed exponentially to this expansion via home offices. The advent of emerging and fused technologies 5G, IoT and Supply Chain security pose significant challenges.
Threat actors, especially state-sponsored, and criminal enterprises are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating) enabling machine learning, deep learning, artificial intelligence, and other analytic tools. The Solar Winds breach was more than a wakeup call for those realities.
When it comes to adapting to new, sophisticated digital environments, AI and ML become key tools or innovative chess pieces in a cybersecurity strategy game. It will depend on the accuracy, speed, and the quality of the algorithms and supporting technologies to survive and thrive. To be competitive in a sophisticated game we need to be vigilant, innovative, and one step ahead.
AI, ML, and augmented reality technologies are no longer things of science fiction. AI and ML may become new paradigms for automation in cybersecurity. They enable predictive analytics to draw statistical inferences to mitigate threats with fewer resources.
Some of the basic activities computers with AI and ML are designed for include Speech recognition; Learning / Planning; and Problem solving. For cybersecurity, synthesizing data is surely an advantage in mitigating threats. In a cybersecurity context, AI and ML can provide a faster means to identify new attacks, draw statistical inferences and push that information to endpoint security platforms. This is especially important because of the major shortage of skilled cybersecurity workers and growing attack surface.
Artificial intelligence is really a catalyst for cybersecurity. Everything you do is based on the threat horizon. You need to know what is in your system, and who may be doing things that are anomalies. Automated cybersecurity tools of threat detection, information assurance, and resilience can be the glues that will enable business to optimally utilize emerging technologies to operate safely in a world of converged sensors and algorithms in 2023.
While AI and ML can be important tools for cyber-defense, they can also be a double-edged sword. While they can be used to rapidly identify threat anomalies and enhance cyber defense capabilities, threat actors can also use them. Adversarial nations and hackers are already using AI and MI as tools to find and exploit vulnerabilities in threat detection models. They do this through a variety of methods. Their preferred ways are often via automated phishing attacks that mimic humans, and with malware that self-modifies itself to fool or even subvert cyber-defense systems and programs.
Cyber criminals are already using AI and ML tools to attack and explore victims’ networks. Small business, organizations, and especially healthcare institutions who cannot afford significant investments in defensive emerging cybersecurity tech such as AI are the most vulnerable. Extortion by hackers using ransomware and demanding payment by cryptocurrencies may become and more persistent and evolving threat. The growth of the Internet of Things will create many new targets for the bad guys to exploit.
Investments in areas of artificial intelligence are a good barometer of both the importance and promise of the technologies. According to IDC, a research firm, global spending in AI is forecasted to grow to more than $110 billion by 2024. Worldwide AI spending to reach more than $110 billion in 2024 – Help Net Security.
It is difficult to both detect and mitigate malware if it is constantly morphing. That is what polymorphic malware can do. A good definition is below:
“Polymorphic malware utilizes the concept of polymorphism not for efficiency but for the purpose of evading detection. “The idea behind polymorphic malware is that if a particular malware strain is known for having certain properties, then new versions of that malware can avoid detection if slight changes are made. This allows endless malware files, which all perform the same function, to appear sufficiently unique that they are not recognized as malware.
Polymorphic code has been found in all types of malwares. This means that it can be used for:
- Ransomware that encrypts your files and asks for a ransom payment in exchange for their return.
- Keyloggers that record your keystrokes for the purpose of stealing your passwords.
- Rootkits that provide remote access to your computer.
- Browser manipulation that redirects your browser to malicious websites.
- Adware that slows down your computer and advertises questionable products.”What Is Polymorphic Malware? (makeuseof.com)
Polymorphic malware enabled by machine learning algorithms and eventually artificial intelligence. It could be used to bypass two-factor authentication and other authentication security measures. This type of malware is being shared more often by criminal hacking groups and could pose a genuine problem for businesses in 2023.
More BOTs on the Warpath
Botnet attacks are not new, but they are proliferating and becoming more dangerous as they are often automated. Look for more attacks by Bots in 2023. Bots are not only cyber-threat tools used by state sponsored intelligence actors, but also by organized criminal hacking groups.
Botnets are often comprised of a collection of internet-connected computers and devices that are part of a network controlled by hackers. A bot can spread malware and/or ransomware to devices that can be self-perpetuating and destructive, much like a biological virus. Attackers will often target computers not safeguarded with firewalls and/or anti-virus software through Wi-Fi routers, web servers, and network bridges. Bots scrape IP, steal PII, overload platforms, and more while impersonating real users.
Unfortunately, there are plenty of tools available for criminal hackers to use and share, including for key logging to steal passwords, and the forementioned phishing attacks that can also be used to steal identities by impersonating companies. Hackers are also using botnets successfully for crypto mining stealing unsuspecting computers bandwidth and electricity. Many of these more pernicious botnet tools are sold openly and shared on the dark web and hacker forums.
With advances in artificial intelligence and machine learning, bot nets can now readily automate and rapidly expand cyber-attacks. There is also a growing Bot-as-a-Service being used by cyber-criminals to outsource attacks. And while there are a variety of botnet options, Distributed Denial of Service (DDoS) type attacks are still considered the most common threat.
One cybersecurity firm called Human (About Us | HUMAN Security) has had a series of successes in stopping botnets in cooperation with law enforcement and industry. HUMAN has taken an aggressive collective approach using top line signature and behavioral detection techniques that builds on hacker intelligence. They synthesize that data with a real-time decision engine that combines technical evidence and machine learning to offer rapid and accurate ‘bot or not’ decisions that ensure human only interaction.
IoT Expands Everywhere in 2023
As the rate of IoT attacks grows, especially when the trends of teleworking and remote offices are considered. It is important to know and understand the threat. Each IoT device represents an attack surface that can be a pathway to your data for hackers.
The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, located, addressed and / or controlled via the Internet. This includes physical objects that communicate with each other, including the machine for the machine and the machine for humans. It covers everything from edge computer devices to home appliances, from wearable technology to cars. IoT is the fusion of the physical and digital worlds.
Some of the industry verticals IoT are impacting include facilities and infrastructure management, industrial applications, energy (smart grid, medical and healthcare, transportation, building/construction (smart buildings), environment (waste management), water resources, retail and supply chain, communications, and education (learning analytics).
By 2025, there are expected to be more than 30 billion IoT connections, averaging 4 IoT devices per person, which also amounts to trillions of sensors that connect and communicate on those devices. Balance of IoT 2020: 12 billion IoT connections (iot-analytics.com). According to The McKinsey Global Institute, 127 new devices connect to the Internet every second. McKinsey Global Institute | McKinsey & Company
It is a whole host of IoT devices and protecting such a huge area of attack is not an easy task, especially when there are so many diverse types and security standards on devices. From the perspective of security operations on these billions of IoT devices, the prevailing perspective is that anything connected can be hacked.
Also, there are unique challenges to IoT devices. Unlike laptops and smartphones, most IoT devices possess fewer processing and storage capabilities. This makes it difficult to employ anti-virus, firewalls and other security applications that could help protect them. At the same time, edge computing intelligently aggregates local data, making it a concentrated target for sophisticated threat actors.
Another aspect of IOT is that there is really no one regulation or manufacturer standard for security. So, you are getting devices manufactured all over the world, put together and usually without much security. People do not change the default passwords on their devices.
The IoT security challenge really comes down to understanding what devices are connected in the IoT landscape, knowing how to best protect the most important assets and effectively mitigating and remediating security incidents and breaches.
Ransomware Will Continue To Be A Prime Concern
Ransomware is not a new threat; it has been around for at least two decades. Experts estimate that there are now over 124 separate families of ransomware in the library. Success for hackers does not always depend on using the newest and most sophisticated malware. It is easy for a hacker to do. In most cases, they rely on the most opportune target of vulnerability, especially with the ease of online attacks.
For companies, ransomware has become an ever-growing reality. The firm ESET disclosed that there were over 71 billion ransomware attacks on remote access between January 2020 to June 2021. A typical ransomware attack will involve the encryption of victims’ data and demands for payment, usually in the form of cryptocurrencies, before release of the data. Criminal gangs, in conjunction with encryption, often steal sensitive corporate data and threaten to publish it publicly or sell the data outright in Dark Web forums.
In many cases a ransomware hack can cripple a company’s systems and networks and cause panic and confusion. Companies and organizations who depend on logistics planning and supply chain coordination to operate are particularly at risk. Ransomware malware is designed so it can rapidly spread across a company’s or organization’s computers and networks.
The industries most vulnerable to ransomware cyber-attacks have been small businesses, healthcare institutions, and higher education facilities largely because they lack cybersecurity expertise and strong security budgets.
More recently, there has been a sure of ransomware attacks on high-profile targets such as Colonial Pipeline where the breach disrupted gasoline supplies and supply chains throughout the Eastern corridor of United States. Others have followed similar tactics on meat processing plants.
There are remedies for mitigating ransomware. primarily, patching and updating of software vulnerabilities must be current. Unfortunately, many companies and organizations are slow, and in many cases, negligent on the update of patches that would prevent breaches.
A recent study by Accenture highlighted how Ransomware actors are growing bolder and sophisticated in their attacks on OT and IT environments. The report noted that criminal gangs cooperate and share commercial hacking tools (such as the pirated Cobalt Strike malware) via the Dark Web. Their targets include critical infrastructure sectors, including manufacturing, finance, energy, and agriculture. The study also says that hackers are using more aggressive high-pressure tactics to escalate infection consequences and that often they deploy multiple pressure points at once to extract ransom payments. In some cases, they are also using double and triple extortion threats. Ransomware attackers are growing bolder and using new extortion methods – TechRepublic
As long as hackers can profit from extortion and receive financial benefits, ransomware will continue to be a blight. And as long as they continue to receive payments from victims, hackers have become even more aggressive in their illicit activities.
A Quick Look Back At Chuck Brook’s 2022 Cybersecurity Predictions:
My predictions for 2022 were mostly on point. A summary published by the AT&T Cybersecurity Blog is below.
Industry and organizations will continue to move to Cloud, Hybrid Cloud and Edge Platforms to better optimize and secure data. This is a process that has been happening over the past several years. It will still be a major focus of budget spending for 2022. And in 2023!
Updating of legacy systems and assimilation of emerging technologies such as 5G and artificial intelligence into security platforms will be prioritized. There are many shiny new toys and tools for cybersecurity operators. The challenge will be knowing how to best orchestrate those tools and understanding what is available to best mitigate industry-specific threats.
OT and IT convergence and vulnerabilities will need to be addressed. Security by Design: OT and IT networks for industrial systems will need to be designed, updated, and hardened to meet growing cybersecurity threats. Security by design will require building agile systems with operational cyber-fusion between OT and IT to be able to monitor, recognize, and respond to emerging threats. It has become a big priority for DOD and DHS and will continue to be in 2023
More attention will be applied to Zero Trust risk management strategies. There will be more of a focus on vulnerability assessments and securing code from production throughout the life cycle. Zero trust will become more of a prevailing theme for government agencies, cybersecurity too. True For 2023 too!
Protecting supply chains is still an area of key focus for CISOs. Sophisticated ransomware groups like REvil and Darkside were particularly active in 2021 against such targets. According to Microsoft, the SolarWinds hackers are already attacking more IT supply chain targets. SolarWinds hackers attacking more IT supply chain targets (techtarget.com) The security challenge comes down to understanding what is connected in the supply chain landscape, knowing how to best protect the most important assets, and effectively implementing strategies for mitigating and remediating a security incidents and breaches.
More automation and visibility tools will be deployed for expanding protection of remote employee offices, and for alleviating workforce shortages. Automation tools are being bolstered in capabilities by artificial intelligence and machine learning algorithms.
Cybersecurity will see increased operational budgets because of more sophisticated threats and consequences of breaches (and especially ransomware) to the bottom line. Cybersecurity becomes more of a C-Suite with every passing year as breaches can be disruptive and devastating for business. In government too. Budgets In both the private and public sectors for cybersecurity are significantly higher in 2023 Cybersecurity in 2022, Predictions for digital ecosystem facing more challenges and sophisticated threats | AT&T Cybersecurity (att.com)
There are many other interesting trends to look out for in 2023. These trends will include the expansion of use of a Software Bill of Materials (SBOM), the integration of more 5G networks to bring down latency of data delivery, more Deep Fakes being used for fraud, low code for citizen coding, more computing at the edge, and the development of initial stages of the implementation of quantum technologies and algorithms.
When all is said and done, 2023 will face a boiling concoction of new and old cyber-threats. It will be an especially challenging year for all those involved trying to protect their data and for geopolitical stability.
About the Author:
Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also an Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. He is also IEEE Cyber Security for Next Generation Connectivity Systems for Quantum IOT Vice-Chair and serves as the Quantum Security Alliance Chair for IOT. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.