2023 - Threat Intelligence Predictions

Uploaded on 2023-01-11 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

As we look forward to 2023, EclecticIQ’s Intelligence and Research team started by looking back on last year’s growth and change in cybersecurity. 2022 brought about changes in malware so-called “Tactics, Techniques, and Procedures” (TTPs) and threat actor groups.

The shock of the Russian invasion of Ukraine also played out in the cyber realm in several ways. At the end of the year, the deployment of ChatGPT and its broad future potential had cyber enthusiasts looking toward the future.

Access Tactics Of Threat Actors Evolved To Include New Technology 

Evolution of initial access tactics and techniques used in malware drove further cyberattacks this year. Threat actors demonstrated their ability to incorporate new technology, including deepfake media, into their attacks. They also showed their ability to quickly resurface despite increasing pressure from coordinated infrastructure takedowns. 

In the coming year, mobile malware should get more attention as a vulnerable part of a company’s attack surface. With the increasing use of mobile as a primary communication means, threat actors and even some governments have used malware specifically engineered for mobile devices. 

Over the next year, ever more convincing deepfake media will pose another increasing threat as it has the potential for it to be convincingly deployed in both targeted cyberattacks against privileged individuals, and in cyberattacks against broader audiences.

Extortion Techniques Will Continue Dominating The Cybercriminal Landscape In 2023

Criminal groups increased their use of extortion techniques to increase the likelihood of pay-out. LAP$U$, an “extortion-only” group, was responsible for some of 2022’s most high-profile breaches. Extortion techniques dominated the cybercriminal landscape with double and triple extortion techniques becoming commonplace among ransomware groups. 

The most active group during Q1-Q3 2022, based on leak site activity, Lockbit, shifted towards a triple extortion model. Stolen credentials and session tokens played a major role in providing initial access and privilege escalation in criminal operations. 

EclecticIQ analysts assess “extortion-only” groups will play a more predominant role in the criminal ecosystem in 2023.

The Russia-Ukraine War Prompted Threat Actors To take Sides

The Russia-Ukraine war exacerbated tensions between threat actor groups in ways that showed the malleable nature of the cybercriminal ecosystem. Russia’s February 2022 invasion of Ukraine led the ransomware group Conti to announce their support for the Russian government on their data leak site. The group quickly retracted their initial statement, but within weeks a Twitter account with the handle ‘@ContiLeaks’ began leaking internal Conti communications publicly, citing Conti’s alignment with Moscow as the motivation for the leaks. 

The leaks caused irreparable harm to the Conti brand and ultimately led to its dissolution in its contemporary form.

On the 27th of February, two more ransomware gangs, LockBit and ALPHV, took to social media to pledge their neutrality in the current war between Russia and Ukraine. Siding with Russia, the TrickBot Group, known for their banking trojans and data theft campaigns, was spotted deploying various ransomware families such as Conti, Ryuk and Diavol against targets in Ukraine. This is a deviation from their modus operandi as they never targeted Ukrainian organisations before the Russian invasion of February 2022. 

Russia’s Cyber Warfare Efforts Fail To Deliver Strategic Objectives

The Russia-Ukraine conflict demonstrates Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. 

EclecticIQ analysts assess the effects of cyber operations during the war provided few if any, tactical advantages for Russian military forces.

While Russian forces attacked Ukraine by land, air, and sea, Russian cyber actors conducted operations to damage systems and services of institutions in Ukraine, hinder civilians’ ability to access information and critical life services and undermine confidence in the country’s leadership. 

The one exception is the cyberattack against satellite internet provider ViaSat that disabled 10.000 modems across Europe between 5 a.m. and 9 a.m. Kyiv time - the same time as Russian forces started in offence on Ukrainian territory.    

ChatGPT Makes A Yearend Splash

One final notable event of 2022 was the late-year introduction of ChatGPT. EclecticIQ analysts assess it presents new opportunities for cyber threat intelligence analysis and has the potential to fundamentally disrupt 2023’s technology landscape. 

Designed to produce human-like answers to prompts, ChatGPT took technologist and security communities by storm for its enhanced accessibility and ease of use compared to previous GPT iterations. 

EclecticIQ analysts experimented with ChatGPT and see potential – albeit currently limited – with applications in the cyber realm ranging from exploit development, malware analysis, and signature development to content generation for information operations.

By the Threat Intelligence Research Team at EclecticIQ

You Might Also Read

From AI to ESG: Key Security Technology Trends Of 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Crypto Currency: From Bitcoin to Blockchain
The FBI’s Advice On Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.