Bring them on, say the savvy cyber defenders — but will they have the resolve, resentment and resources that hungry cyberattackers have?
Gaps in cybersecurity have emerged as a result of rapid digital transformation, making the region highly attractive to cybercriminals and today, a hotspot for cybercrime.
This trend is expected to persist as digitalization remains central to the growth strategies of regional economies.
Moving ahead, we anticipate threat actors to adopt increasingly sophisticated methods and deploy attacks in tandem with current trends to maximize success rates. In the spirit of proactive strategy, experts at Forescout have put together five of the biggest threat- and security- challenges organizations should be aware of in 2023.
Ransomware groups will increasingly target IoT devices
Following increasing adoption rates of IoT devices in enterprises, we are observing ransomware groups targeting vulnerabilities in connected devices for initial access, allowing them to launch further attacks on other areas of the organization’s network.
Notable examples in 2022 have been the activities conducted by the Lorenz and Deadbolt ransomware groups that exploited flaws in VoIP and NAS systems respectively. Our research has also identified IP cameras, VoIP, and video conferencing systems as IoT devices that pose the highest levels of risks for organizations, usually compromised as a result of weak credentials or unpatched vulnerabilities.
Next year, we can also expect ransomware attackers to develop and adopt more sophisticated and effective extortion techniques, leveraging exposed devices with weak security postures for espionage, distribution, financial gain, or on critical devices for impact.
Security teams will need to be prepared to defend against the multiple extortion methods increasingly utilized by ransomware groups such as ALPHV, where data is both exfiltrated and encrypted to maximize impact.
State-sponsored actors will continue to wage cyber cold wars
In 2022, we witnessed the rise of state-sponsored actors deploying ransomware for financial gains or to facilitate espionage activities, with examples such as Bronze Starlight, Maui, and H0lyGh0st. State-sponsored actors typically have far more funding and resources at their disposal than their regular counterparts, and thus have the ability to cause greater disruption that goes beyond exfiltrating or encrypting files.
In 2023, we expect these threat actors to continue to expand their arsenal, targeting other types of devices in espionage or disruption campaigns.
Examples in recent years that demonstrate the outsized impact that state-sponsored malware can deliver include AcidRain which is designed to wipe modems and routers; and iLOBleed, which obstructs firmware updates. We have also observed the emergence of Industrial Control System-specific malware in the form of Industroyer2 and INCONTROLLER, which could point to a focus on Operational Technology among threat actors looking to cause real-world disruption.
Attacks on critical infrastructure will continue to increase
The rise in attacks on critical utilities and infrastructure in 2022 portends even more incidents next year.
The increasing convergence of IT and Operational Technology (OT) networks for enhanced efficiencies has created significant risks for organizations via vectors such as compromised IoT devices and other connected IT or OT devices.
Our research has also found insecure design to be prevalent today, affecting products from some of the largest manufacturers of OT products today.
With ransomware attacks set to be one of the leading cyber threats to organizations, we foresee similar attacks on critical infrastructure happening into 2023. A key differentiator will be a focus among threat actors on the exfiltration and extortion of data on critical infrastructure instead of encryption, with LockBit 3.0 being a prime example. The leaked data could also be re-used for disruptive OT attacks by other groups.
The Russia-Ukraine war
The war prompted the rise of new hacking groups and polarized existing cybercrime gangs. According to our research, most of these attacks are in the form of Distributed Denial of Service attacks and also include data breaches, data wipers and PsyOps such as propagating insidious propaganda on social networks.
We have observed more than 100 groups conducting cyberattacks since the outbreak of war, with some of these groups being hacktivists such as Killnet, state-sponsored entities such as Sandworm, and ransomware gangs such as Conti. Regardless of the conflict’s outcome, we anticipate these groups to remain active, continuing their attacks on politically motivated targets or look to other sectors they can most effectively monetise their offensive cyberattack skills honed during the war.
Medical device cybersecurity challenges will persist
With the increased adoption of Internet of Medical Things (IoMT) devices, attack surfaces have been expanded and cybercriminals can leverage on devices being poorly segmented and run on legacy software for their ease of attack.
Deloitte estimates that 70% of medical devices will be connected by next year — which, if it is accurate, will lead to healthcare cybersecurity becoming an industry focal point. Our own experts have found electrocardiographs, CT scanners, imaging devices, medication dispensing systems and DICOM workstations to be among the Asia Pacific region’s riskiest connected medical devices.
Moving into 2023, the challenges that come with medical device security are set to remain —we may go as far as to see attacks not only spill over to medical devices but actually target them due to their insecure designs.
Preparation is still key
The threat landscape will continue to become increasingly complex but, one thing that will remain constant is that preparation is key.
Organizations need to not only remain vigilant in carrying out cyber hygiene practices, but also have a reliable action plan to stop the new generation of attacks. Effective protection means continuous cybersecurity innovation and improvement.
While current economic uncertainties and the ongoing cybersecurity talent crunch in the region may introduce challenges, implementing the right solutions can ease internal pressures and vastly improve an organization’s overall security posture.
Beyond traditional cyber hygiene practices, processes such as asset inventory, patching, credential management, network segmentation, and automated visibility and monitoring solutions must be implemented to eliminate cybersecurity blind spots.
For truly comprehensive security, these measures should also be extended to encompass the organization’s entire digital terrain.