Happy New Year everyone! As we rush headlong into the new year planning our resolutions we should also take this opportunity for reflection- What has your business done in 2022 that was AWESOME! What will your business do in 2023 to continue that trend? If cybersecurity isn’t on that list, now is the best time to create your company’s new “Cybersecurity New Year’s Resolution“- It’s simple: if you’re a business located in New Jersey, Maryland, Texas, or Washington DC resolve to improve your cybersecurity posture!
Sixty-eight percent of surveyed business leaders believe that cybersecurity risks are getting worse. Insurance companies would agree with them; attacks are becoming more sophisticated and cybercriminals are becoming increasingly bolder. Organized crime is investing in new cybercriminal empires. Shakedowns and protection money of the past have evolved into mass coordinated ransomware attacks in 2023.
In 2021, the average number of global cyberattacks increased by 15.1%.
Chuck Brooks– Global Thought Leader in Cybersecurity | Forbes
To protect your business in the coming year, it’s crucial to stay up to date. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps your organization as a whole better update your IT security to mitigate the risk of a data breach or ransomware event.
Our AMAZING team of cybersecurity experts and researchers here at Ikigai One (seriously I love all of you: we never get to showcase all your hard work behind the scenes enough) have collectively put their metaphorical noses and ears to the ground to prepare us for what’s coming in 2023. Here are the top cybersecurity attack trends that you need to prepare your organization for:
Attacks on 5G Devices
5G technology has been a hot topic in recent years and is finally delivering on its promise of extremely fast internet speeds. As 5G networks continue to expand, it is expected to become a prime target for cyber attacks.
Cybercriminals are exploiting the vulnerabilities in 5G-enabled routers, mobile devices, and PCs, as new technologies often have security weaknesses that can be exploited. To protect yourself, it is important to be aware of the firmware security in the devices you purchase, particularly those that are 5G-enabled. Some manufacturers have stronger firmware security than others, so it’s crucial to ask about this when buying new devices.
One-time Password (OTP) Bypass
Cybercriminals are getting serious about their aims to bypass one of the most secure forms of account protection: multi-factor authentication (MFA). MFA is widely recognized as an effective method to prevent unauthorized sign-in attempts and thwart account takeovers, even when the hacker has obtained the user’s password.
In 2023 we’ll start to see an increase in attackers using various methods to bypass MFA, such as:
- Reusing a token: A hacker will attempt to reuse an existing and present authentication token or cached data available on a compromised endpoint to bypass the MFA checks used by most sites.
- Sharing unused tokens: Some companies do not properly generate new OTP tokens for each new account, thus allowing for the reuse of existing tokens associated with legitimate accounts on compromised ones.
- Leaked token: Cybercriminals can use an OTP token that has been leaked via a compromised or malicious web application.
- Password reset function: We saw it in 2022 and it’s going to ramp up in frequency this year- Scammers are using phishing to trick users into resetting their password and then convincing them to provide the OTP via text or email. We’ve had a ton of calls from our New Jersey clients regarding scammers impersonating QuickBooks in an attempt to “restore access to their account” usually because “the account was shutdown due to fraud”.
It’s important to be aware of these tactics and to implement security measures, such as regularly updating your account’s password and not sharing your OTP with anyone, to protect your account from these types of attacks.
Attacks Surrounding World Events
During the pandemic, the cyberattack volume increased by approximately 600%. Criminal organizations of all sizes have realized that global events and disasters provide ample opportunities to profit from the chaos and devastation they cause.
These groups launch phishing campaigns related to world events, from hurricanes and typhoons to conflicts like the war in Ukraine. Unknowing individuals are often susceptible to these scams, as they may be preoccupied with the crisis and not as vigilant about potential fraud.
It is important to be extra cautious when it comes to scams related to such events as cybercriminals often use social engineering tactics such as emotional images to manipulate and trick individuals. People should be mindful of these types of scams and not fall for the tactics that these cybercriminals use to take advantage of global events.
Smishing & Mobile Device Attacks
Mobile devices have become an essential part of daily life, and cybercriminals have taken notice of this direct connection to potential victims. As a result, mobile device-based attacks are on the rise, including SMS-based phishing, also known as “smishing.”
Many individuals may not expect to receive fake messages on their personal phone numbers, but cell numbers are now more accessible to hackers, who can purchase lists of them online. These cybercriminals then create convincing fake texts that resemble shipping notices or receipts, and just one click on a link in these messages can result in an account or data breach.
Mobile malware is also increasing; during the first months of 2022, malware targeting mobile devices rose by 500%; cybersecurity experts are expecting this figure to rise as 2023 progresses. Now more than ever we’re recommending business’s enroll their employee’s mobile devices into their cybersecurity program which should include monitoring, anti-malware, and DNS filtering. If your organization doesn’t already have one- consider partnering with a Managed Security Services Provider like Ikigai One- shameless plug sure, but seriously, protect your mobile devices.
Elevated Phishing Using AI & Machine Learning
Phishing emails have become more sophisticated and difficult to detect. In the past, they often contained spelling errors and low-quality images, but many phishing emails today do not have these telltale signs.
Criminal organizations are using advanced technologies such as AI and machine learning to make phishing emails even more convincing. These emails can closely mimic those of legitimate brands and even include personalization, making them more likely to trick victims. These tactics also allow hackers to send out more targeted phishing messages at a faster rate than in the past.
Low Effort Low Skill Cyberattacks using AI Generated Malware
Cybercriminals are increasingly using artificial intelligence (AI) and machine learning (ML) to automate the generation of functional malware and malicious code. These technologies allow them to create and distribute malware at a much faster rate and with less effort than traditional methods.
Malware generated by threat actors using AI and ML is becoming sophisticated enough that it can evade detection by traditional anti-virus software. By training AI and ML models on known malware and anti-virus software, they can create new malware that has a high probability of slipping past security defenses. This malware can then be used to infiltrate systems and steal sensitive information. This new breed of AI and ML created malware is not only capable of flying under the radar, but has been shown to be more adaptable and easier to “evolve” giving it distinct advantages in evading detection while increasing it’s ability to propagate throughout a network.
Cybercriminals are also using AI and ML to automate the process of creating malicious code. This can include code that can be used to exploit vulnerabilities in software or systems, or to create malware payloads that can be delivered via phishing emails or other means.
The use of AI and ML by cybercriminals is a growing concern and has made it more challenging for organizations to defend against cyberattacks. It is important for organizations to stay informed about the latest developments in the use of AI and ML by cybercriminals and to invest in advanced security solutions that can detect and respond to these new threats. The new minimum is quickly becoming EDR- the new standard is XDR with a SIEM and SOAR backing it up.
Overwhelmed? Schedule a Cybersecurity Check-Up Today
Cybersecurity can be overwhelming and draining on an individual level and for an organization; it’s not something your business needs to take on by itself, nor should it. 2022 was a hard year for many and as an MSSP we fear it’s only going to get worse, but we are hoping there’s light at the end of the tunnel: That’s why we’re encouraging businesses just like yours to start putting cybersecurity first on your list of priorities in 2023. If you need help, have questions, just want a chat we are making it a policy this year to help as many small businesses as possible develop and maintain enterprise cybersecurity at an affordable cost with minimal effort- We’re doing this by offering free 45 minute consultations (valued at over $499) to anyone that wants one with no obligation to buy, no commitment. We will use that 45 minutes to learn about your business and suggest things that you can do, with, or without us to help your organization be successful in 2023.