2023 - Threat Intelligence Predictions

Uploaded on 2023-01-11 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

As we look forward to 2023, EclecticIQ’s Intelligence and Research team started by looking back on last year’s growth and change in cybersecurity. 2022 brought about changes in malware so-called “Tactics, Techniques, and Procedures” (TTPs) and threat actor groups.

The shock of the Russian invasion of Ukraine also played out in the cyber realm in several ways. At the end of the year, the deployment of ChatGPT and its broad future potential had cyber enthusiasts looking toward the future.

Access Tactics Of Threat Actors Evolved To Include New Technology 

Evolution of initial access tactics and techniques used in malware drove further cyberattacks this year. Threat actors demonstrated their ability to incorporate new technology, including deepfake media, into their attacks. They also showed their ability to quickly resurface despite increasing pressure from coordinated infrastructure takedowns. 

In the coming year, mobile malware should get more attention as a vulnerable part of a company’s attack surface. With the increasing use of mobile as a primary communication means, threat actors and even some governments have used malware specifically engineered for mobile devices. 

Over the next year, ever more convincing deepfake media will pose another increasing threat as it has the potential for it to be convincingly deployed in both targeted cyberattacks against privileged individuals, and in cyberattacks against broader audiences.

Extortion Techniques Will Continue Dominating The Cybercriminal Landscape In 2023

Criminal groups increased their use of extortion techniques to increase the likelihood of pay-out. LAP$U$, an “extortion-only” group, was responsible for some of 2022’s most high-profile breaches. Extortion techniques dominated the cybercriminal landscape with double and triple extortion techniques becoming commonplace among ransomware groups. 

The most active group during Q1-Q3 2022, based on leak site activity, Lockbit, shifted towards a triple extortion model. Stolen credentials and session tokens played a major role in providing initial access and privilege escalation in criminal operations. 

EclecticIQ analysts assess “extortion-only” groups will play a more predominant role in the criminal ecosystem in 2023.

The Russia-Ukraine War Prompted Threat Actors To take Sides

The Russia-Ukraine war exacerbated tensions between threat actor groups in ways that showed the malleable nature of the cybercriminal ecosystem. Russia’s February 2022 invasion of Ukraine led the ransomware group Conti to announce their support for the Russian government on their data leak site. The group quickly retracted their initial statement, but within weeks a Twitter account with the handle ‘@ContiLeaks’ began leaking internal Conti communications publicly, citing Conti’s alignment with Moscow as the motivation for the leaks. 

The leaks caused irreparable harm to the Conti brand and ultimately led to its dissolution in its contemporary form.

On the 27th of February, two more ransomware gangs, LockBit and ALPHV, took to social media to pledge their neutrality in the current war between Russia and Ukraine. Siding with Russia, the TrickBot Group, known for their banking trojans and data theft campaigns, was spotted deploying various ransomware families such as Conti, Ryuk and Diavol against targets in Ukraine. This is a deviation from their modus operandi as they never targeted Ukrainian organisations before the Russian invasion of February 2022. 

Russia’s Cyber Warfare Efforts Fail To Deliver Strategic Objectives

The Russia-Ukraine conflict demonstrates Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. 

EclecticIQ analysts assess the effects of cyber operations during the war provided few if any, tactical advantages for Russian military forces.

While Russian forces attacked Ukraine by land, air, and sea, Russian cyber actors conducted operations to damage systems and services of institutions in Ukraine, hinder civilians’ ability to access information and critical life services and undermine confidence in the country’s leadership. 

The one exception is the cyberattack against satellite internet provider ViaSat that disabled 10.000 modems across Europe between 5 a.m. and 9 a.m. Kyiv time - the same time as Russian forces started in offence on Ukrainian territory.    

ChatGPT Makes A Yearend Splash

One final notable event of 2022 was the late-year introduction of ChatGPT. EclecticIQ analysts assess it presents new opportunities for cyber threat intelligence analysis and has the potential to fundamentally disrupt 2023’s technology landscape. 

Designed to produce human-like answers to prompts, ChatGPT took technologist and security communities by storm for its enhanced accessibility and ease of use compared to previous GPT iterations. 

EclecticIQ analysts experimented with ChatGPT and see potential – albeit currently limited – with applications in the cyber realm ranging from exploit development, malware analysis, and signature development to content generation for information operations.

By the Threat Intelligence Research Team at EclecticIQ

You Might Also Read

From AI to ESG: Key Security Technology Trends Of 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Crypto Currency: From Bitcoin to Blockchain
The FBI’s Advice On Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.