Cybersecurity Predictions for 2023

The world of cybersecurity is rapidly changing, and it’s important for the industry to accurately forecast the trends of the future in order to stay ahead of evolving threats in the new year. Predicting the future might seem hard and inaccurate but not Cybersecurity. Grab your drink and watch this session to have a more secure year 🙂

Cybersecurity Predictions for 2023 based on Hacking Trends of 2022 …

Hacking Trends of 2022

So, what happened last year, in summary :

• Cyber Attack on Australia’s largest telco’s Telstra, Optus (and even TPG – Vodaphone) 

Australia telecoms giant Optus said current and former customer data was accessed following a cyberattack on its systems. The telco giants have confirmed the attacks, about 1.2 million Optus customers were compromised.  The breach affected 10 million customers, equivalent to around 40% of Australia’s population, attracted harsh criticism from the government.

The other giant Telstra were also “breached” and more then 30.000 employee details has been shared in a Hacking Forum 🙁 You can read more about it here

• NewsCorp hit with cyberattack, allegedly from China

NewsCorp confirmed that their data was taken by a foreign government. Mandient is alleging China is involved.  Read more about this incident here 

• Cash App data breach

More than 8 million users of the mobile payment application CashApp have been impacted by a data breach, according to a filing through the U.S. Securities and Exchange Commission by parent company Block Inc. Based on the filling those details has been breached : full names and brokerage account numbers as well as stock activity on Cash App .

• Binance , bitcoin stolen in ‘large scale’ hack

Cryptocurrency exchange Binance has confirmed a “large scale” data breach, In a statement, the company said hackers stole API keys, two-factor codes and other information in the attack.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”

“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said. You can read the statement here 

• PressReader Suffers Cyber-Attack

World’s largest digital newspaper and magazine distributor Pressreader were a victim of a cyber breach too. Here is a summary of their statement

“Our security teams have now classified this as a cyber security incident. This situation comes as companies across North America have seen an increase in security incidents over the past several weeks.” You can read the full statement here 

• Samsung confirms data breach, personal customer data stolen

Samsung has confirmed it suffered a data breach which led to the personal information of customers being leaked online, In a blog post. Samsung shared that added that an “unauthorized third party” had acquired information from some of Samsung’s US systems, including names, contact information, dates of birth and product registration details. However, no credit card numbers, or social security numbers were breached. You can read the full blog post here 

• Uber CISO has been arrested over failure of disclose a cyber breach

Uber’s former security chief has been found guilty of not disclosing a data breach at the ridesharing giant, in what is believed to be the first time a company executive has been charged over a hack. Joe Sullivan, the former security lead at Uber, guilty on two counts in relation to the covering up of a breach of customer data in 2016.

• US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability. Read the details in Bleeping Computer’s web site 

• The North Face Credential Stuffing Attack Compromises 200,000 Accounts

The North Face suffered a credential stuffing attack that compromised over 194,905 accounts. The North Face sent out data breach notification letters and initiated password resets for impacted accounts, according to Bleeping Computer. You can read the details here 

• Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft it in this alert.

• Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data

Cisco confirms hacking as Yanluowang ransomware group publishes a partial list of files it claims to have exfiltrated.

• Okta Cyber Attack: Another Major Supply Chain Incident

On March 21st, 2022, the digital extortion group Lapsus$ claimed it had gained access to an administrative account for Okta, the identity management platform. According to Okta, thousands of organizations worldwide use its identity management platform to manage employee access to applications or devices. A breach of Okta’s systems represents a significant risk to Okta’s customers and the broader supply chain.

• What is Spring4Shell?

Spring4Shell is a vulnerability in VMWare’s Spring Core Java framework – an open-source platform for developing Java applications. Spring is a highly-popular framework with 60% of Java developers depending on it for the production of their applications. Because of the framework’s dominance in the Java ecosystem, many applications could potentially be impacted by the Spring4Shell zero-day. In comparison, the Log4J framework is used by almost all Java-based web apps and cloud services, so though Spring4Shell is categorized as a critical vulnerability, it’s still significantly less dangerous than Log4Shell. The Spring4Shell vulnerability is being tracked as CVE-2022-22965.

• Microsoft Digital Defense Report 2022

“Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure.”. Download the report here

Supply Chain Attacks

Software supply chain attacks, such as the headline-making incidents that impacted SolarWinds and Kaseya, have brought the importance of understanding your software dependencies into sharp focus. In 2021, U.S. President Joe Biden issued an executive order on improving the nation’s cybersecurity that requires software sellers to provide federal procurement agents with a Software Bill of Materials (SBOM) for each software application. An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions and extensions.

Private sector companies are also increasingly required to have SBOMs as many large enterprises now demand them as a part of their Master Service Agreement (MSA) with a software provider. Security industry analysts believe SBOMs will soon become standard practice as part of the procurement process.

A more recent memorandum from Office of Management and Budget (OMB) goes even deeper and includes new security requirements that federal agencies must comply with on software supply chain security matters. The memo requires software producers to attest to compliance with NIST Guidance, so companies that want to sell their software to the government will need to assess and attest their

To watch more Video Tutorials , click here 

Keywords

gartner cybersecurity trends 2023 – cybersecurity trends 2023 pdf – cybersecurity challenges 2023 – cybersecurity threats 2023 – cyber security in 2025 – Assume Breach – Cybersecurity Predictions for 2023 : free video tutorial – cybersecurity predictions – predictions for cybersecurity –

Is there a future in cybersecurity?

What will cybersecurity look like in 2023?