Cybersecurity Predictions for 2023
The world of cybersecurity is rapidly changing, and it’s important for the industry to accurately forecast the trends of the future in order to stay ahead of evolving threats in the new year. Predicting the future might seem hard and inaccurate but not Cybersecurity. Grab your drink and watch this session to have a more secure year 🙂
Cybersecurity Predictions for 2023 based on Hacking Trends of 2022 …
Hacking Trends of 2022
So, what happened last year, in summary :
- Cyber Attack on Australia’s largest telco’s Telstra, Optus (and even TPG – Vodaphone)
Australia telecoms giant Optus said current and former customer data was accessed following a cyberattack on its systems. The telco giants have confirmed the attacks, about 1.2 million Optus customers were compromised. The breach affected 10 million customers, equivalent to around 40% of Australia’s population, attracted harsh criticism from the government.
The other giant Telstra were also “breached” and more then 30.000 employee details has been shared in a Hacking Forum 🙁 You can read more about it here
- NewsCorp hit with cyberattack, allegedly from China
NewsCorp confirmed that their data was taken by a foreign government. Mandient is alleging China is involved. Read more about this incident here
- Cash App data breach
More than 8 million users of the mobile payment application CashApp have been impacted by a data breach, according to a filing through the U.S. Securities and Exchange Commission by parent company Block Inc. Based on the filling those details has been breached : full names and brokerage account numbers as well as stock activity on Cash App .
- Binance , bitcoin stolen in ‘large scale’ hack
Cryptocurrency exchange Binance has confirmed a “large scale” data breach, In a statement, the company said hackers stole API keys, two-factor codes and other information in the attack.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said. You can read the statement here
- PressReader Suffers Cyber-Attack
World’s largest digital newspaper and magazine distributor Pressreader were a victim of a cyber breach too. Here is a summary of their statement
“Our security teams have now classified this as a cyber security incident. This situation comes as companies across North America have seen an increase in security incidents over the past several weeks.” You can read the full statement here
- Samsung confirms data breach, personal customer data stolen
Samsung has confirmed it suffered a data breach which led to the personal information of customers being leaked online, In a blog post. Samsung shared that added that an “unauthorized third party” had acquired information from some of Samsung’s US systems, including names, contact information, dates of birth and product registration details. However, no credit card numbers, or social security numbers were breached. You can read the full blog post here
- Uber CISO has been arrested over failure of disclose a cyber breach
Uber’s former security chief has been found guilty of not disclosing a data breach at the ridesharing giant, in what is believed to be the first time a company executive has been charged over a hack. Joe Sullivan, the former security lead at Uber, guilty on two counts in relation to the covering up of a breach of customer data in 2016.
- US govt: Iranian hackers breached federal agency using Log4Shell exploit
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability. Read the details in Bleeping Computer’s web site
- The North Face Credential Stuffing Attack Compromises 200,000 Accounts
The North Face suffered a credential stuffing attack that compromised over 194,905 accounts. The North Face sent out data breach notification letters and initiated password resets for impacted accounts, according to Bleeping Computer. You can read the details here
- Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft it in this alert.
- Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data
Cisco confirms hacking as Yanluowang ransomware group publishes a partial list of files it claims to have exfiltrated.
- Okta Cyber Attack: Another Major Supply Chain Incident
On March 21st, 2022, the digital extortion group Lapsus$ claimed it had gained access to an administrative account for Okta, the identity management platform. According to Okta, thousands of organizations worldwide use its identity management platform to manage employee access to applications or devices. A breach of Okta’s systems represents a significant risk to Okta’s customers and the broader supply chain.
- What is Spring4Shell?
Spring4Shell is a vulnerability in VMWare’s Spring Core Java framework – an open-source platform for developing Java applications. Spring is a highly-popular framework with 60% of Java developers depending on it for the production of their applications. Because of the framework’s dominance in the Java ecosystem, many applications could potentially be impacted by the Spring4Shell zero-day. In comparison, the Log4J framework is used by almost all Java-based web apps and cloud services, so though Spring4Shell is categorized as a critical vulnerability, it’s still significantly less dangerous than Log4Shell. The Spring4Shell vulnerability is being tracked as CVE-2022-22965.
Microsoft Digital Defense Report 2022
“Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure.”. Download the report here
Cyber Attacks Per Minute
- Password Attacks 34.740
- IoT Based Attacks 1.902
- DDoS Attacks 1.095
- Phishing Attacks 7
- Malware Treats 18.265
- Brute Force Authentication Attacks 48.706
- SQL Injection Attacks 1 per 2 minutes
- New threat detection 1 per 35 minutes
- Supply Chain Attacks 1 every 35 minutes
- Ransomware Attacks 1 Every 195 minutes
Cost of Cybersecurity Per Minute
- Worldwide economic impact $1,141,553
- Global cybersecurity spends $ 285,388
- E-commerce payment fraud loss $38,052
- Global ransomware damages $38,051
- Amount lost to cryptocurrency cost $4,566
- Average cost of breach $8
- Average cost of a malware attack $5
Cybersecurity Highlights from 2022
- There have been more than 6.3 billion attack attempts
- White hat hackers earned over $19 million in bounties
- You can purchase a consumer account for
- Hackers create 400,000 new pieces of malware daily
- $1 on the dark market
- Phishing attacks make up over 80% of reported security activities.
- Russian hackers can infiltrate a computer network in 18 minutes.
- More than 6,000 online criminal marketplaces sell ransomware products and services.
Predictions for 2023
- Web Application and API Attacks will rise
- Ransomware business models will continue to evolve
- Misconfiguration attacks will not go away
- Supply Chain attacks will be increased
- Data privacy laws are getting more strict
- Cloud Attacks will not decrease
- Social Engineering is also not going anywhere
- APIs will cause Unforeseen Breaches
- Hackers will find a way to breach MFA
- Firmware attacks will be even more popular
Summary of Cyber Recommendations for 2023
- Adopt Assume Breach mentality
- Implement Defense in Depth
- Adopt Zero Trust
- Utilize AI
- Build a better Cyber Reslince Program
- Think like a hacker
- DevSecOps will become business-critical
- Use EDR where possible if not use Open EDR
- Invest in Cyber Threat Intelligence
- Adopt a Vulnerability management which is risk-based
- Invest in Security Awareness Training
Supply Chain Attacks
Software supply chain attacks, such as the headline-making incidents that impacted SolarWinds and Kaseya, have brought the importance of understanding your software dependencies into sharp focus. In 2021, U.S. President Joe Biden issued an executive order on improving the nation’s cybersecurity that requires software sellers to provide federal procurement agents with a Software Bill of Materials (SBOM) for each software application. An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions and extensions.
Private sector companies are also increasingly required to have SBOMs as many large enterprises now demand them as a part of their Master Service Agreement (MSA) with a software provider. Security industry analysts believe SBOMs will soon become standard practice as part of the procurement process.
A more recent memorandum from Office of Management and Budget (OMB) goes even deeper and includes new security requirements that federal agencies must comply with on software supply chain security matters. The memo requires software producers to attest to compliance with NIST Guidance, so companies that want to sell their software to the government will need to assess and attest their
To watch more Video Tutorials , click here
gartner cybersecurity trends 2023 – cybersecurity trends 2023 pdf – cybersecurity challenges 2023 – cybersecurity threats 2023 – cyber security in 2025 – Assume Breach – Cybersecurity Predictions for 2023 : free video tutorial – cybersecurity predictions – predictions for cybersecurity –
Is there a future in cybersecurity?
What will cybersecurity look like in 2023?