2023 - Threat Intelligence Predictions

As we look forward to 2023, EclecticIQ’s Intelligence and Research team started by looking back on last year’s growth and change in cybersecurity. 2022 brought about changes in malware so-called “Tactics, Techniques, and Procedures” (TTPs) and threat actor groups.

The shock of the Russian invasion of Ukraine also played out in the cyber realm in several ways. At the end of the year, the deployment of ChatGPT and its broad future potential had cyber enthusiasts looking toward the future.

Access Tactics Of Threat Actors Evolved To Include New Technology 

Evolution of initial access tactics and techniques used in malware drove further cyberattacks this year. Threat actors demonstrated their ability to incorporate new technology, including deepfake media, into their attacks. They also showed their ability to quickly resurface despite increasing pressure from coordinated infrastructure takedowns. 

In the coming year, mobile malware should get more attention as a vulnerable part of a company’s attack surface. With the increasing use of mobile as a primary communication means, threat actors and even some governments have used malware specifically engineered for mobile devices. 

Over the next year, ever more convincing deepfake media will pose another increasing threat as it has the potential for it to be convincingly deployed in both targeted cyberattacks against privileged individuals, and in cyberattacks against broader audiences.

Extortion Techniques Will Continue Dominating The Cybercriminal Landscape In 2023

Criminal groups increased their use of extortion techniques to increase the likelihood of pay-out. LAP$U$, an “extortion-only” group, was responsible for some of 2022’s most high-profile breaches. Extortion techniques dominated the cybercriminal landscape with double and triple extortion techniques becoming commonplace among ransomware groups. 

The most active group during Q1-Q3 2022, based on leak site activity, Lockbit, shifted towards a triple extortion model. Stolen credentials and session tokens played a major role in providing initial access and privilege escalation in criminal operations. 

EclecticIQ analysts assess “extortion-only” groups will play a more predominant role in the criminal ecosystem in 2023.

The Russia-Ukraine War Prompted Threat Actors To take Sides

The Russia-Ukraine war exacerbated tensions between threat actor groups in ways that showed the malleable nature of the cybercriminal ecosystem. Russia’s February 2022 invasion of Ukraine led the ransomware group Conti to announce their support for the Russian government on their data leak site. The group quickly retracted their initial statement, but within weeks a Twitter account with the handle ‘@ContiLeaks’ began leaking internal Conti communications publicly, citing Conti’s alignment with Moscow as the motivation for the leaks. 

The leaks caused irreparable harm to the Conti brand and ultimately led to its dissolution in its contemporary form.

On the 27th of February, two more ransomware gangs, LockBit and ALPHV, took to social media to pledge their neutrality in the current war between Russia and Ukraine. Siding with Russia, the TrickBot Group, known for their banking trojans and data theft campaigns, was spotted deploying various ransomware families such as Conti, Ryuk and Diavol against targets in Ukraine. This is a deviation from their modus operandi as they never targeted Ukrainian organisations before the Russian invasion of February 2022. 

Russia’s Cyber Warfare Efforts Fail To Deliver Strategic Objectives

The Russia-Ukraine conflict demonstrates Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. 

EclecticIQ analysts assess the effects of cyber operations during the war provided few if any, tactical advantages for Russian military forces.

While Russian forces attacked Ukraine by land, air, and sea, Russian cyber actors conducted operations to damage systems and services of institutions in Ukraine, hinder civilians’ ability to access information and critical life services and undermine confidence in the country’s leadership. 

The one exception is the cyberattack against satellite internet provider ViaSat that disabled 10.000 modems across Europe between 5 a.m. and 9 a.m. Kyiv time - the same time as Russian forces started in offence on Ukrainian territory.    

ChatGPT Makes A Yearend Splash

One final notable event of 2022 was the late-year introduction of ChatGPT. EclecticIQ analysts assess it presents new opportunities for cyber threat intelligence analysis and has the potential to fundamentally disrupt 2023’s technology landscape. 

Designed to produce human-like answers to prompts, ChatGPT took technologist and security communities by storm for its enhanced accessibility and ease of use compared to previous GPT iterations. 

EclecticIQ analysts experimented with ChatGPT and see potential – albeit currently limited – with applications in the cyber realm ranging from exploit development, malware analysis, and signature development to content generation for information operations.

By the Threat Intelligence Research Team at EclecticIQ

You Might Also Read

From AI to ESG: Key Security Technology Trends Of 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crypto Currency: From Bitcoin to Blockchain
The FBI’s Advice On Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).