This year’s cyberattacker innovations have put the writing on the wall for next year’s advanced persistent threat agendas
The political turmoil of 2022 has brought about a shift in the cybersecurity landscape for years to come that will directly shape the development of future sophisticated attacks, according to Kaspersky’s Global Research and Analysis Team (GReAT) after tracking more than 900 advanced persistent threat (APT) groups and campaigns.
The firm asserts that, statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines in 2017. In 2023, Kaspersky researchers believe the likelihood of the next WannaCry-level cyberattack happening is high. One potential reason is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance a ShadowBrokers-style hack-and-leak disaster could take place.
Drones are predicted to be used by bold attackers and specialists adept at mixing physical-and cyber-intrusions for proximity hacking. Some of the possible attack scenarios include mounting drones with sufficient tooling that would allow the collection of WPA handshakes used for offline cracking of Wi-Fi passwords or even dropping malicious USB keys in restricted areas in a hope that a passer-by would pick them up and plug them into a machine.
Other threat predictions for 2023
- SIGINT-delivered malware
This is one of the most potent attack vectors imaginable, whereby threat actors use servers in key positions of the internet backbone to launch man-on-the-side attacks. Such attacks are extremely hard to spot, and the firm’s experts believe that they will become more widespread next year.
- More civilian infrastructure to be targeted under our noses
Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks, affecting both the government sector and key industries. It is likely that a proportion of them will not be easily traceable to cyber-incidents and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for the real authors. High profile cyberattacks against civilian infrastructure (such as energy grids or public broadcasting) as well as underwater cables and fiber distribution hubs, may be launched, which are challenging to defend.
- Mail servers to become priority targets
Mail servers harbor key intelligence and have the largest attack surface imaginable, so they are of interest to APT actors. The market leaders of this type of software have already faced exploitation of critical vulnerabilities, and 2023 is expected to be the year of 0-day attacks for all major email programs.
- APTs to target satellite ecosystems
With the recent Viasat incident as an example, APTs are capable of attacking satellites. It is likely that these threat actors will increasingly turn their attention to disrupting satellite technologies in the near future.
- Stimulating scandals by leaking secrets
A new form of advanced persistent threat in 2022 involved a large number of hack-and-leak operations where sensitive information is intentionally stolen and then leaked to create public scandals. In 2023, APTs are expected to leak data about competing threat groups, governments, national security agencies and other secret entities.
- More APT groups will move away from CobaltStrike
The world is so familiar with this attack approach now, that cybercriminals will likely switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja — all offering new capabilities and more advanced evasion techniques.
According to one of the firm’s senior security researchers, Ivan Kwiatkowski: “A portion of our predictions focus on how this instability will translate into nefarious cyber activities, while others reflect our vision of which new attack vectors will be explored by attackers. Better preparation means better resilience, and we hope our assessment of the future will enable defenders to strengthen their systems and repel cyberattacks more effectively.”