Mandiant, part of Google Cloud, releases its Cyber Security Forecast for 2023. The forecasts are based on developments that experts on the cyber frontline have observed over the past few months and which they believe will also determine the coming year .
According to the experts, in 2023 Europe will focus primarily on cyber operations in connection with the energy crisis and the Russian war of aggression, as well as ransomware attacks and the threat to the "Big Four" Iran, Russia, North Korea and China.
Cyber Security Forecast 2023: Forecasts for EMEA
Russia is expanding its targets in Europe
Since the beginning of the conflict, much of Russia's cyber activity has focused on Ukraine. In 2023, Russia could expand its cyber operations within Europe. Physical clashes are likely to decrease during the winter months, which could give Russian cyberattackers more capacity to operate. Over the past year, Russia has typically conducted intelligence-gathering campaigns against European organizations outside of Ukraine, while most disruptive and destructive attacks have taken place within Ukraine.
This could change in 2023, with Russia deploying more of its (possibly increased) disruptive cyber capabilities against European organizations. This could affect a range of organizations, including energy and military suppliers, logistics companies involved in delivering goods to Ukraine, and organizations involved in imposing and enforcing sanctions.
Europe's energy concerns will migrate to cyberspace
Concerns about energy supplies and prices in Europe are likely to take the form of malicious cyber operations. Mandiant has already seen an increase in energy-related phishing campaigns. Ransomware groups are known for targeting industries that are under pressure. The relentless attacks on healthcare during the pandemic have shown this. European energy companies could come under increasing attack in the coming winter months.
European energy suppliers are also a target for Russian state-backed attackers. They will continue to try to put pressure on countries involved in Russian sanctions regimes or trying to reduce their dependence on Russian energy. The pressure on the European energy supply will also increase interest in non-European energy suppliers. The availability of oil and gas, price adjustments planned by organizations such as OPEC, and evolving government energy policies will become important intelligence targets for government intelligence agencies.
Furthermore, the energy crisis in Europe could result in critical infrastructure being increasingly targeted. It is already at risk of devastating cyberattacks when nations are in conflict. The energy crisis amplifies the threat. Critical infrastructure could become the target of ransomware campaigns designed to disrupt energy and power supplies.
Ransomware: Europe could surpass the US as the most targeted region
Ransomware continues to have a significant impact on businesses around the world. While the US is reported to be the top target for ransomware attacks globally, there are indicators that ransomware activity is declining in the US and rising in other regions. In Europe, the number of victims is increasing and if this increase continues, Europe will probably be the hardest hit region in 2023. The United States has been very vocal about policies, sanctions, and the possibility of a counter-response in cyberspace regarding ransomware and other attacks. However, it is difficult to say whether the aggressive attitude towards ransomware actually deters attacks.
Predictions for the "Big Four" of nation-state hackers
Russia's cyber aggressions
Russia's invasion of Ukraine has created an unprecedented situation for cyber threats. It is likely the first time that a major cyber power has conducted disruptive attacks, cyber-espionage and information operations alongside wide-ranging kinetic military operations. Mandiant anticipates that disruption attacks will continue in Ukraine in the future and that these will be accompanied by intelligence operations. Furthermore, Russia can be expected to use disruptive operations and fake or frontline hacktivist groups beyond Ukraine and its immediate neighbors. These hacktivists are often blamed for data leaks and destruction, and some have been suspected of being invented or controlled by Russian intelligence agencies in the past.
China's vigorous action
Chinese cyber espionage poses a common and major threat to organizations worldwide in both the public and private sectors. Drivers of Chinese cyber threat activity in 2023 will include territorial integrity, internal stability, regional dominance, and expanding political and economic influence. Cyber espionage and intelligence operations in support of China's national security and economic interests will continue to escalate. In 2022, a pro-China information campaign directly targeted commercial firms in an industry strategic to Beijing. We think it is possible that competitors of Chinese companies around the world will be targeted by such information operations.
Iranian escalation
Mandiant anticipates that Iranian cyberespionage groups will continue to conduct large-scale intelligence activities. This would particularly affect government agencies and destinations in the Middle East, as well as the areas of telecommunications, transport and other facilities. We expect Iranian hackers' willingness to use disruptive and destructive cyberattacks to remain high unless there is a significant change in Iran's current international isolation.
North Korea seeks revenue and intelligence
Mandiant believes with a high degree of certainty that North Korea will continue to conduct operations that provide the regime with both foreign exchange earnings and strategic intelligence. International political and economic isolation, as well as public health challenges, are likely to set the stage for North Korean cyberespionage against diplomatic, military, financial, and pharmaceutical targets. We anticipate activity will primarily focus on South Korea, Japan and the United States. However, operations in Europe, the Middle East and North Africa, and South Asia can also be observed.
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.