2023 - Threat Intelligence Predictions

As we look forward to 2023, EclecticIQ’s Intelligence and Research team started by looking back on last year’s growth and change in cybersecurity. 2022 brought about changes in malware so-called “Tactics, Techniques, and Procedures” (TTPs) and threat actor groups.

The shock of the Russian invasion of Ukraine also played out in the cyber realm in several ways. At the end of the year, the deployment of ChatGPT and its broad future potential had cyber enthusiasts looking toward the future.

Access Tactics Of Threat Actors Evolved To Include New Technology 

Evolution of initial access tactics and techniques used in malware drove further cyberattacks this year. Threat actors demonstrated their ability to incorporate new technology, including deepfake media, into their attacks. They also showed their ability to quickly resurface despite increasing pressure from coordinated infrastructure takedowns. 

In the coming year, mobile malware should get more attention as a vulnerable part of a company’s attack surface. With the increasing use of mobile as a primary communication means, threat actors and even some governments have used malware specifically engineered for mobile devices. 

Over the next year, ever more convincing deepfake media will pose another increasing threat as it has the potential for it to be convincingly deployed in both targeted cyberattacks against privileged individuals, and in cyberattacks against broader audiences.

Extortion Techniques Will Continue Dominating The Cybercriminal Landscape In 2023

Criminal groups increased their use of extortion techniques to increase the likelihood of pay-out. LAP$U$, an “extortion-only” group, was responsible for some of 2022’s most high-profile breaches. Extortion techniques dominated the cybercriminal landscape with double and triple extortion techniques becoming commonplace among ransomware groups. 

The most active group during Q1-Q3 2022, based on leak site activity, Lockbit, shifted towards a triple extortion model. Stolen credentials and session tokens played a major role in providing initial access and privilege escalation in criminal operations. 

EclecticIQ analysts assess “extortion-only” groups will play a more predominant role in the criminal ecosystem in 2023.

The Russia-Ukraine War Prompted Threat Actors To take Sides

The Russia-Ukraine war exacerbated tensions between threat actor groups in ways that showed the malleable nature of the cybercriminal ecosystem. Russia’s February 2022 invasion of Ukraine led the ransomware group Conti to announce their support for the Russian government on their data leak site. The group quickly retracted their initial statement, but within weeks a Twitter account with the handle ‘@ContiLeaks’ began leaking internal Conti communications publicly, citing Conti’s alignment with Moscow as the motivation for the leaks. 

The leaks caused irreparable harm to the Conti brand and ultimately led to its dissolution in its contemporary form.

On the 27th of February, two more ransomware gangs, LockBit and ALPHV, took to social media to pledge their neutrality in the current war between Russia and Ukraine. Siding with Russia, the TrickBot Group, known for their banking trojans and data theft campaigns, was spotted deploying various ransomware families such as Conti, Ryuk and Diavol against targets in Ukraine. This is a deviation from their modus operandi as they never targeted Ukrainian organisations before the Russian invasion of February 2022. 

Russia’s Cyber Warfare Efforts Fail To Deliver Strategic Objectives

The Russia-Ukraine conflict demonstrates Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. 

EclecticIQ analysts assess the effects of cyber operations during the war provided few if any, tactical advantages for Russian military forces.

While Russian forces attacked Ukraine by land, air, and sea, Russian cyber actors conducted operations to damage systems and services of institutions in Ukraine, hinder civilians’ ability to access information and critical life services and undermine confidence in the country’s leadership. 

The one exception is the cyberattack against satellite internet provider ViaSat that disabled 10.000 modems across Europe between 5 a.m. and 9 a.m. Kyiv time - the same time as Russian forces started in offence on Ukrainian territory.    

ChatGPT Makes A Yearend Splash

One final notable event of 2022 was the late-year introduction of ChatGPT. EclecticIQ analysts assess it presents new opportunities for cyber threat intelligence analysis and has the potential to fundamentally disrupt 2023’s technology landscape. 

Designed to produce human-like answers to prompts, ChatGPT took technologist and security communities by storm for its enhanced accessibility and ease of use compared to previous GPT iterations. 

EclecticIQ analysts experimented with ChatGPT and see potential – albeit currently limited – with applications in the cyber realm ranging from exploit development, malware analysis, and signature development to content generation for information operations.

By the Threat Intelligence Research Team at EclecticIQ

You Might Also Read

From AI to ESG: Key Security Technology Trends Of 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crypto Currency: From Bitcoin to Blockchain
The FBI’s Advice On Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.