2023 - Threat Intelligence Predictions

As we look forward to 2023, EclecticIQ’s Intelligence and Research team started by looking back on last year’s growth and change in cybersecurity. 2022 brought about changes in malware so-called “Tactics, Techniques, and Procedures” (TTPs) and threat actor groups.

The shock of the Russian invasion of Ukraine also played out in the cyber realm in several ways. At the end of the year, the deployment of ChatGPT and its broad future potential had cyber enthusiasts looking toward the future.

Access Tactics Of Threat Actors Evolved To Include New Technology 

Evolution of initial access tactics and techniques used in malware drove further cyberattacks this year. Threat actors demonstrated their ability to incorporate new technology, including deepfake media, into their attacks. They also showed their ability to quickly resurface despite increasing pressure from coordinated infrastructure takedowns. 

In the coming year, mobile malware should get more attention as a vulnerable part of a company’s attack surface. With the increasing use of mobile as a primary communication means, threat actors and even some governments have used malware specifically engineered for mobile devices. 

Over the next year, ever more convincing deepfake media will pose another increasing threat as it has the potential for it to be convincingly deployed in both targeted cyberattacks against privileged individuals, and in cyberattacks against broader audiences.

Extortion Techniques Will Continue Dominating The Cybercriminal Landscape In 2023

Criminal groups increased their use of extortion techniques to increase the likelihood of pay-out. LAP$U$, an “extortion-only” group, was responsible for some of 2022’s most high-profile breaches. Extortion techniques dominated the cybercriminal landscape with double and triple extortion techniques becoming commonplace among ransomware groups. 

The most active group during Q1-Q3 2022, based on leak site activity, Lockbit, shifted towards a triple extortion model. Stolen credentials and session tokens played a major role in providing initial access and privilege escalation in criminal operations. 

EclecticIQ analysts assess “extortion-only” groups will play a more predominant role in the criminal ecosystem in 2023.

The Russia-Ukraine War Prompted Threat Actors To take Sides

The Russia-Ukraine war exacerbated tensions between threat actor groups in ways that showed the malleable nature of the cybercriminal ecosystem. Russia’s February 2022 invasion of Ukraine led the ransomware group Conti to announce their support for the Russian government on their data leak site. The group quickly retracted their initial statement, but within weeks a Twitter account with the handle ‘@ContiLeaks’ began leaking internal Conti communications publicly, citing Conti’s alignment with Moscow as the motivation for the leaks. 

The leaks caused irreparable harm to the Conti brand and ultimately led to its dissolution in its contemporary form.

On the 27th of February, two more ransomware gangs, LockBit and ALPHV, took to social media to pledge their neutrality in the current war between Russia and Ukraine. Siding with Russia, the TrickBot Group, known for their banking trojans and data theft campaigns, was spotted deploying various ransomware families such as Conti, Ryuk and Diavol against targets in Ukraine. This is a deviation from their modus operandi as they never targeted Ukrainian organisations before the Russian invasion of February 2022. 

Russia’s Cyber Warfare Efforts Fail To Deliver Strategic Objectives

The Russia-Ukraine conflict demonstrates Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. 

EclecticIQ analysts assess the effects of cyber operations during the war provided few if any, tactical advantages for Russian military forces.

While Russian forces attacked Ukraine by land, air, and sea, Russian cyber actors conducted operations to damage systems and services of institutions in Ukraine, hinder civilians’ ability to access information and critical life services and undermine confidence in the country’s leadership. 

The one exception is the cyberattack against satellite internet provider ViaSat that disabled 10.000 modems across Europe between 5 a.m. and 9 a.m. Kyiv time - the same time as Russian forces started in offence on Ukrainian territory.    

ChatGPT Makes A Yearend Splash

One final notable event of 2022 was the late-year introduction of ChatGPT. EclecticIQ analysts assess it presents new opportunities for cyber threat intelligence analysis and has the potential to fundamentally disrupt 2023’s technology landscape. 

Designed to produce human-like answers to prompts, ChatGPT took technologist and security communities by storm for its enhanced accessibility and ease of use compared to previous GPT iterations. 

EclecticIQ analysts experimented with ChatGPT and see potential – albeit currently limited – with applications in the cyber realm ranging from exploit development, malware analysis, and signature development to content generation for information operations.

By the Threat Intelligence Research Team at EclecticIQ

You Might Also Read

From AI to ESG: Key Security Technology Trends Of 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crypto Currency: From Bitcoin to Blockchain
The FBI’s Advice On Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

Lenze

Lenze

Lenze are an experienced partner for automation systems, digitalization and cyber security.