“Threats evolve, attackers constantly change their tactics, techniques and procedures, and defenders must adapt and stay relentless if they want to keep up,” Mandiant wrote in its 2023 forecast. What can we expect in the coming year? Based on current trends, Mandiant cybersecurity researchers have predicted more intrusions by young and independent threat actors, ransomware attacks shifting to Europe, an escalation in China’s cyber-expansionist tendencies, and more risks to the global supply chain. Cybercriminals are expected to grow more dangerous as they continue to educate themselves, and traditional passwords may soon be phased out, Mandiant added.
Teenage Hackers, Ransomware, Russian Threats
In March this year, authorities discovered that the major cybercriminal group Lapsus$ was run by teenagers, and Mandiant’s Nov. 2 Cyber Security Forecast 2023 report‘s first prediction seems to follow suit. Researchers noted that there would likely be a rise in younger American and European hackers (not state-sponsored cybercriminals) chasing bragging rights rather than financial gains in the coming year. “They want to be able to brag to their friends or boast online that they’ve hacked into and brought embarrassment to prominent organizations,” Mandiant said. “While they will be happy to achieve financial gain, that may not necessarily be their lead motivation.” Europe may also surpass the U.S. as the region most targeted by ransomware attacks in the world. Ransomware activity is increasing in Europe and falling in the U.S, in part due to the U.S.’s focus on cyber defense, Mandiant said. There will also be reduced traditional ransomware deployments in 2023. Instead, Ransomware-as-a-Service (RaaS) providers will be tuning their software to suit “leak sites” for public shaming and data exfiltration. Mandiant also said the after-effects of Russia’s invasion of Ukraine and the barrage of cyberattacks would be felt globally. There will also be an uptick in Russian cyberattacks in 2023 on Asia Pacific countries that have sanctioned the nation. “We expect that Russia’s willingness to use disruptive tactics as well as false or coopted hacktivist fronts — to claim credit for data leaks and data destruction — to increasingly expand outside of Ukraine and its immediate neighbors.”
Chinese Cyber-Expansion, Asia Pacific
Chinese, Iranian, and North Korean cyber operations will escalate in a “high-magnitude” fashion, posing a threat to all global sectors, driven by expansion, political turmoil, and economic influence, Mandiant said. North Korea’s isolation and public health challenges will make it a threat to military, financial, diplomatic, and pharmaceutical targets. “We consider this broader targeting of private sector entities to be notable, and we may see global competitors to Chinese firms in other industries targeted by such information operations.” In 2023, Mandiant also expects cyber espionage activity around elections in Cambodia, Malaysia, Myanmar, and Thailand, while semiconductor manufacturers in the Asia Pacific are likely to experience elevated threat levels, endangering the global supply chain.
IO, Passwords, Identity Theft
Next year, politically motivated Information Operations (IO) distorting the truth and shelling out misinformation could be leveraged into a “hack-for-hire” trend, giving hackers plausible deniability as well as “lower the barrier of entry for some threat actors and obfuscate the identities of more sophisticated ones.” There will also be more corporate credential theft, Mandiant said. With threat actors now finding ways to bypass multi-factor authentication, organizations will prefer passwordless access. In May, Big Tech leaders announced just that — plans to adopt passwordless FIDO authentication standards — while payments giant PayPal rolled out an alternative “Passkey” login for Apple users in the U.S. last month. 2023 will also see criminals find new ways to steal user credentials and accounts. “They will combine stolen credentials with new techniques to bypass multifactor authentication (MFA) and abuse Identity and Access Management (IAM) systems.”
Smarter Attackers, More Malware, Critical Infrastructure
In 2023, cybercriminals will be more focused on learning from security blogs and analysts to develop their offensive and defensive tactics, the firm’s forecast states. “A trend observed in 2022 is expected to increase: Threat actors will continue to study the blogs and research of analysts in the security community,” Mandiant said. This way, cybercriminals will gather information online on how to better exploit vulnerabilities and break into organizations. Mandiant’s forecast said info stealers such as REDLINESTEALER and RACOONSTEALER are now freely available on the dark web, where stolen credentials are already sold for low prices. It will become increasingly easy to “access organizations with lower cost, complexity and time” in 2023. Mandiant also noted that concerns over energy prices and supply within Europe are likely to manifest in energy-focused cyber attacks in the upcoming winter months. “We could see critical infrastructure being targeted in ransomware campaigns focused on disrupting energy and power supply.”
Scammers Will Use ‘Everyday Physical Support’ Items
Mandiant said scammers would be increasingly using physical items such as fake ads, USB keys, and receipts to initially deceive victims and lead them towards digital financial crimes. “For example, in 2022 we observed a campaign in which victims received a receipt for the delivery of packages in their physical mailboxes. The receipt included a QR code directing them to an identity and credit card number theft site. In 2023, we expect to see more schemes like this, where the attacker uses everyday physical support devices to deceive their victims.”
Cyber Threats Remain the Number One Global Risk
The U.S. will continue its consistent stream of policies, such as the 2021 Executive Order on Improving the Nation’s Cybersecurity and the 2022 National Security Memorandum, which reflect the U.S.’s path to improved national cybersecurity, Mandiant said. Global insurance leader Allianz also pegged cyber threats as the number one risk to global security in 2022. A more recent press release by the insurer on Oct. 26, 2022, said ransomware would remain a top cyber risk while rising state-sponsored attacks, evolving phishing techniques, third-party vulnerabilities, and a shortage of cyber security talent will shape the 2023 cybersecurity landscape. As a result of cybercrime, cyber-insurance claims have skyrocketed, also making it difficult for firms to renew their cyber insurance, the report said. Mandiant is a high-tier cybersecurity firm recently acquired by Google for $5.4 billion. It’s most well-known for assisting in cybersecurity incidents like the U.S. Colonial Pipeline attack last year and what most consider the biggest cyberattack in history — the 2020 SolarWinds hack that dumbfounded the U.S. government. The firm rose to fame in February 2013 when it released a report that implicated China in cyber espionage.