The Kaspersky experts present their predictions in the area of Advanced Persistent Threats (APTs) for the next year: they fear attacks on satellite technologies and mail servers, an increase in destructive attacks and leaks, hacking via drones and a WannaCry-like cyber epidemic. Observations from over 900 APT groups and campaigns serve as the basis
The political changes of 2022 will also have an impact on cybersecurity in the years to come, leading to more sophisticated attacks. The annual forecasts now released by Kaspersky are based on research by the Kaspersky Global Research and Analysis Team (GReAT) and are based on the knowledge and experience of monitoring more than 900 APT groups and campaigns.
The next attack à la WannaCry is imminent
Statistically, the largest and most consequential cyber epidemics occur every six to seven years. The last major global incident was WannaCry, in which the EternalBlue vulnerability was exploited to automatically spread to vulnerable computers and use ransomware to encrypt data and systems there. According to Kaspersky experts, there is a high probability that the next WannaCry-like attack will take place in 2023. They figure that the world's most advanced threat actors likely have at least one viable exploit; current global tensions also increase the likelihood of a ShadowBrokers-style hack-and-leak.
Hacking via drones
Furthermore, according to Kaspersky experts, major changes in attack targets and scenarios are imminent. According to this, hybrid attacks – a mixture of physical and cyber-related attacks – will take place via drones using proximity hacking. Some of the possible attack scenarios include drones that, with appropriate tools, enable the collection of WPA handshakes used to crack WiFi passwords offline. It would even be possible to place malicious USB sticks in restricted areas in the hope that a passer-by would find them and connect them to a device.
Further predictions for the year 2023
About SIGINT-Deployed Malware: One of the most powerful attack vectors imaginable, leveraging servers in key locations of the internet backbone to enable man-on-the-server attacks, could come back stronger next year. Although these attacks are extremely difficult to detect, Kaspersky experts believe they will continue to spread and lead to more detections.
Increase in destructive attacks
Given the current political situation, Kaspersky experts expect a record number of disruptive and destructive cyber attacks that will affect both the government sector and key industries. It is likely that some of these attacks will not look like cyber incidents but will appear like random accidents. The rest will disguise themselves as pseudo-ransomware attacks or hacktivist operations to distract from the real actors. Civilian infrastructure, including power grids or public service broadcasters, could be targeted, as could undersea cables and fiber optic distribution nodes, which are difficult to defend.
Mail servers as priority targets
Mail servers house key intelligence and offer an enormous attack surface, which is why they are of interest to APT actors. The market leaders of this type of software have already faced exploits of critical vulnerabilities; Kaspersky experts assume that 2023 will be the year of zero days for all major email programs.
APTs against satellite technologies, manufacturers and operators
The Viasat incident proved that APT actors have the capabilities to attack satellites. Kaspersky anticipates that future APT threat actors will increasingly turn their attention to manipulating and disrupting such satellite technologies.
Hacker vs. hacker – hack and leak
The new form of hybrid conflict that emerged in 2022 involved a large number of hack-and-leak operations. These will continue into the coming year as APT actors leak or disseminate information about competing threat groups.
APT groups are moving from CobaltStrike to alternatives
Red teaming tool CobaltStrike has become the tool of choice for APT actors and cybercrime groups, which is why corporate defense strategies are focused on it, among others. It is likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja that offer new features and more advanced evasion techniques.
"The year 2022 has brought major shifts in the geopolitical world order and ushered in a new era of instability," said Ivan Kwiatkowski, Senior Security Researcher at Kaspersky. “Some of our forecasts focus on how this instability could be leveraged for malicious cyber activity, while others reflect our vision of what new attack vectors attackers will exploit. Better preparation means better resilience; We hope that our assessment will help cyber defenders to protect their own systems even better and stronger in the coming year and thus ward off cyber attacks even more effectively."
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/