IT security is and will remain one of the top issues in business and society - also in 2023. CyberArk looks at the most important threats and challenges in the coming year - and also sees new opportunities for defenders.
The public's awareness of data protection has grown, but even if many consumers are more aware of their personal data, they often find it difficult to protect it reliably. The desire for greater transparency in the handling of personal data and more control over its use will continue to increase in 2023.
Web3 promises more privacy and bigger paydays
The blockchain-based Web3 could experience a boost as a result. However, decentralized infrastructures, for which security best practices are not always fully developed, increase the attack surface for financial applications. Cyber criminals will take advantage of this and target crypto exchanges and vulnerable connections to the digital world outside of the blockchain. The successful heist of payment processor Ronin, raking in $615 million worth of cryptocurrencies, was just the beginning.
Winter fuels attacks on energy infrastructure
The war in Ukraine may bring even more focus to decentralized infrastructure, after some criminal groups have already ramped up their financially-motivated attacks and are constantly looking for new worthwhile targets. In the meantime, however, winter is just around the corner and it can be assumed that the falling temperatures will increase attacks on critical infrastructures in order to drive energy prices up further.
Attackers rely on proven tricks
Ever since Log4j shook the world, there has been speculation about what comes next. But the "next big thing" is unlikely to be a massive zero-day vulnerability, as leading hacker groups and nation-states compete fiercely for the coveted exploits, which easily cost tens of millions of dollars and more on the dark web and underground marketplaces . Most attackers will therefore use alternative routes to infiltrate companies and work their way within the infrastructure to the actual target. Why spend big bucks on a new exploit when phishing, stolen credentials, social engineering, and legacy kernel and memory exploits still work well?
Session cookies are becoming more and more attractive
The good news is that most companies no longer consider multifactor authentication just a "nice to have" for their web-based business applications. Today, users usually need another authentication factor in addition to the user name and password in order to set up a session. The bad news is that attackers are now quite adept at stealing session cookies.
It also allows them to bypass multi-factor authentication, gain access to third-party applications, and hijack accounts. Since companies are increasingly using SaaS applications and these are mostly controlled via the browser, session cookies are becoming even more critical and vulnerable. As a result, marketplaces like Genesis Store, which specialize in stolen session cookies, are growing in popularity. Attackers will look to scale up and automate their session hijacking attacks in the coming year to make them more profitable.
Attackers make mistakes – fortunately
2023 is a good year to start a cybercrime career. Online marketplaces make it easy for would-be attackers to source stolen credentials and cookies, ready-made ransomware, and phishing and exploit kits—without the need for extensive skills or time to scout out their targets. As a result, companies are faced with more attacks and two-factor or multi-factor authentication are not sufficient protection.
But there's a silver lining: In the pursuit of a get-rich-quick scheme, many cybercriminals will make rookie mistakes and behave suspiciously on the network, allowing security teams to spot them. For example, if 20 authorization requests arrive in quick succession, they show up in security logs and should set off alarm bells as an indication of MFA bombing.
"Cybersecurity remains a constant challenge for companies because well-known attack vectors unfortunately still work well and new techniques can bypass even modern security solutions such as multi-factor authentication," says Lavi Lazarovitz, Head of Security Research at CyberArk Labs. "Companies therefore need security solutions that interact optimally and offer multi-layered protection in order to detect attackers quickly and leave them as little room for maneuver as possible."
More at CyberArk.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.