Kaspersky: What are the threats to business in 2023? Media blackmail, fake data leaks, and cloud attacks on the rise
Kaspersky Security Services researchers have shared their predictions of the cyber threats that large companies and government structures may face this year. These threats include cybercriminals who use the media to blackmail organizations, those who report alleged data leaks, and malicious agents who buy initial access to companies already compromised on the dark web. Other trends to watch: the rise of the Malware-as-a-Service model and attacks via the cloud. This report is part of Kaspersky Security Bulletin (KSB), an annual series of forecasts and analytical reports on major changes in the world of cybersecurity.
Repeated attacks can target individuals, harm businesses, and even threaten entire countries — and not just financially. The media regularly report incidents and data protection breaches, which are made publicly available on the deep web. These violations represent a clear attack on respect for privacy, but also on the reputation of companies. As part of Kaspersky Security Bulletin, experts from Kaspersky Security Services, a group that helps companies improve existing security systems and equip them to deal with new threats, examined the risks most likely to affect large companies and the public sector in the coming year.
Blackmail: Public statements by hackers announcing the countdown to data disclosure
Ransomware authors are increasingly posting blogs about attacks on businesses and their success. Indeed, the number of such jobs increased in 2022, exceeding 500 per month several times between the end of 2021 and the first half of 2022. In comparison, the experts listed only between 200 and 300 per month per month. beginning of 2021. Activity peaks were also recorded in September and November 2022, with 400 and 500 posts respectively recorded by Kaspersky’s Digital Footprint Intelligence.
Evolution of the number of blog posts concerning ransomware in 2020-2022
Previously, it was customary for attackers to contact the victim directly to inform them of the attack, but today cybercriminals operate differently: they announce publicly, for example via a blog post, that they have compromised the security of a system, and set a countdown to the disclosure of stolen data rather than asking for a private ransom. This trend is predicted to increase in 2023 because this tactic is profitable for cybercriminals whether the victim pays the ransom or not. The data is often auctioned off, with the final bid sometimes exceeding the requested ransom.
Cybercriminals fake fake news leaks to increase their notoriety
Extortion-related blog posts are attracting media attention, and some lesser-known actors could take advantage of them in 2023, by claiming they have violated a company. Whether or not the hack took place, the mere suspicion of a leak can help damage a company’s reputation. The best way to manage this strategy is to identify these messages in a timely manner and initiate a response process similar to that used in information security incidents.
No more personal data leaks and risky business email addresses
Experts predict that the increase in the number of personal data leaks will continue in 2023. In addition, users often use their work email address to register on third-party sites, which may be prone to data leaks. When sensitive information, such as email addresses, becomes publicly available, it can pique the interest of cybercriminals and spark discussions on the dark web about potential attacks on the company. Additionally, the data can be exploited in phishing and social engineering approaches.
Malware-as-a-service, cloud attacks and compromised data from the dark web
Experts also predict that ransomware attacks will look more and more alike, due to the boom in malware-as-a-service (MaaS) offerings. The complexity of the attacks will increase, which means that automated systems will not be sufficient to provide maximum security. Additionally, cloud technology will become a primary attack vector as digitization increases cybersecurity risks.
Additionally, cybercriminals are more likely to use unsecured websites to purchase initial access from already compromised organizations.
“The threat landscape is changing rapidly and organizations have no choice but to adapt. To protect a large enterprise or government agency from trending threats, its digital footprint needs to be monitored. It’s important to be prepared to investigate and respond to an incident, as it’s not always possible to stop cyber attackers before they enter your organization’s perimeter. However, preventing the development of an attack and limiting the potential damage is an absolutely doable task,” explains Bertrand Trastour, CEO of Kaspersky France.
This report is part of Kaspersky Security Bulletin (KSB), an annual series of forecasts and analytical reports on major changes in the world of cybersecurity. Go here to view other KSB articles.
To protect an organization from threats, Kaspersky researchers recommend implementing the following measures:
• Always keep the software up to date on all the devices you use, to prevent cybercriminals from infiltrating your network by exploiting existing vulnerabilities. Install patches for new vulnerabilities as soon as possible. Once downloaded, threat actors can no longer exploit the vulnerability.
• Use the latest Threat Intelligence insights to stay abreast of the actual TTPs used by threat actors.
• Use Digital Footprint Intelligence to help security analysts see an adversary’s perspective on their business assets, quickly discover potential attack vectors available to them, and adjust their defense accordingly