The cybersecurity trends for 2023 show that attackers will only significantly change their methods if they are forced to do so by stricter security measures such as MFA. Therefore, new approaches such as zero trust or behavioral analyzes in real time are necessary to improve the security situation.
Attackers' methods are slowly evolving and continuously adapting to security measures. With these assumptions, experts from F5 have predicted the most important cybersecurity trends for the new year.
Prediction 1: Shadow APIs will lead to unforeseen incidents
With all aspects of cybersecurity, you can only protect what you know exists. Many companies today do not have an accurate list of their APIs. This enables a new threat vector known as the "Shadow API". Companies with a mature API development process keep an inventory, called the API inventory. It ideally contains information about all available API endpoints, details about allowed parameters, authentication and authorization information, and so on. However, many companies do not have such an inventory of APIs - or APIs in production use evolve and no longer correspond to their original definition in the inventory. Many applications are attacked via shadow APIs that companies have little or no knowledge of.
Prediction 2: Multi-factor authentication will become ineffective
MFA bombing attacks are becoming more numerous and effective. They inundate their victims with so many authentication requests that they accidentally or out of frustration approve them. Employees are the most vulnerable threat vector for social engineering. Often companies overlook stolen passwords or allow simpler passphrases because there are other controls like MFA in place. MFA-enabled phishing kits and MFA bombing bypass these controls, emphasizing the importance of passphrases, defense-in-depth, and the use of a zero-trust architecture. Perhaps the FIDO Alliance's passkey solution is the first truly effective method for mitigating social engineering attacks. Because the passkey for authentication on the respective website is based on the method used by the user to unlock the device.
Prediction 3: Cloud troubleshooting issues
Cloud application incidents are on the rise and can be huge. Therefore, companies should strengthen their existing security measures. Whether accidentally or for troubleshooting, many cloud users struggle with properly configuring access control, both at the user and network level. In 2022, the F5 SOC has repeatedly observed companies creating “temporary” service users and assigning them very broad permissions, often to troubleshoot problems. This emergency often becomes a permanent solution because it is difficult to reverse. Also, using long-term rather than short-lived credentials is more likely to be stolen.
Prediction 4: Open source software libraries in focus
In recent years, more and more attack vectors have been targeting software libraries used in companies: developer accounts were often compromised due to a lack of MFA, which allowed malicious code to find its way into widely used libraries and Google Chrome web browser extensions. In Trojan and typo attacks, cyber criminals develop tools that sound useful or have very similar names to popular libraries. Malicious code is sometimes intentionally injected by the true author of a library as a form of hacktivism or political protest. Many modern applications use Software-as-a-Service (SaaS) offerings, for example for centralized authentication, databases or data leakage prevention (DLP). If an attacker compromises the open source software (OSS) code base or a SaaS offering, they have access to the "inside" of the respective application, bypassing protections such as web application firewalls and API gateways. He can use this for various forms of sideways movement such as remote shell, monitoring or data exfiltration. Therefore, developers need better insight into the software components that make up an application and a list of all those components. Then the user is also informed faster and more efficiently about known weak points of the product.
Prediction 5: Ransomware will continue to spread
Attackers not only encrypt data, but also steal it to make money. Aditya Sood, Senior Director of Threat Research at the F5 Office of the CTO, observed that ransomware is increasingly targeting databases directly: “Ransomware attacks targeting cloud databases are on the rise in the coming year. This is where the business-critical data of companies and authorities is located. Unlike traditional malware, which encrypts them at the file system level, database ransomware can encrypt them within the database itself.”
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.