Trend Micro publishes its cyber security predictions for 2023. In it, the company predicts an increase in cyber attacks in the areas of home office, software supply chain and cloud. And that MSPs, the hybrid working world and connected cars will increasingly be targeted by cyber attacks.
According to the security researchers at Trend Micro, VPNs (Virtual Private Networks) in particular are an attractive target for cybercriminals, because the breach of a single solution can attack several corporate networks at the same time. Home devices such as routers are also an easy target for attack, as they are often unpatched and not managed by a central IT department.
Study: Trend Micro Security Predictions for 2023
In addition to the threat to the hybrid workforce, the Future/Tense: Trend Micro Security Predictions for 2023 study identifies several trends that IT security leaders should pay particular attention to in 2023:
- A growing threat comes from supply chain attacks on managed service providers (MSPs). Threat actors use these to gain access to a larger number of customers and can thus further increase the power of ransomware, data theft and other types of attacks.
- "Living off the cloud" techniques provide a way for cybercriminal groups targeting cloud infrastructures to hide from conventional security solutions. For example, an existing backup solution can be misused to store stolen data in a different storage location in the attacker's cloud.
- Connected vehicles will also increasingly become the target of cyber attacks in 2023. This happens, for example, via cloud APIs, which are located between the permanently installed SIMs in the vehicle (eSIMs) and the application servers in the backend. In a worst-case scenario (such as the successful hacking of the Tesla API in early 2022), a successful cyberattack gives threat actors access to the entire vehicle. Malware lurking in open source repositories also poses a threat to connected vehicles and the automotive industry.
- Ransomware-as-a-Service (RaaS) Groups will reconsider their business model as the power of double-extortion attacks diminishes. The security predictions assume that some players will focus on the cloud in the future, while others will turn their backs on ransomware entirely in order to make money through other forms of extortion, such as data theft.
- Social Engineering Attacks are becoming even more successful with Business Email Compromise (BEC)-as-a-Service and the increasing use of deepfakes.
How organizations should address threats in 2023
- A zero trust strategy, which is based on the mantra “never trust, always verify”, can minimize damage without impacting user productivity.
- Training and the comprehensive sensitization of employees turn a weak link in the security chain into an effective line of defense.
- Consolidation onto a unified security platform for monitoring the entire attack surface and Detection & Response improves an organization's ability to detect suspicious activity on its networks, reducing the burden on security teams and maintaining their efficiency.
- Stress tests for IT infrastructures can improve defensive capabilities - especially where a perimeter gateway has already been breached.
- A Software Bill of Materials (SBOM) for each application improves vulnerability management. In this way, companies have an overview of all code, regardless of whether it was developed in-house, purchased from commercial vendors, or obtained from third-party sources.
"Even with the decline of the corona pandemic, working from home will remain part of our working lives," says Richard Werner, Business Consultant at Trend Micro. “This means that in 2023, threat actors will once again focus on unpatched VPNs, connected, home office devices, and backend cloud infrastructure. However, companies can take countermeasures by freeing up their security teams, gaining a comprehensive overview of their attack surface and consolidating detection and response into one comprehensive platform.”
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.