Cybersecurity predictions and trends that empower security teams for future success
Cybersecurity’s continuous cat-and-mouse game requires defenders to constantly adjust to technological progress and develop adequate defenses before attackers’ creative ways exploit nascent security gaps.
Though it dates back to the mid-20th century, the OODA loop (Observe, Orient, Decide, Act), created by US Air Force Colonel John Boyd, is an ideal decision-making construct to guide cyber defenders. This four-step continuous process facilitates learning from conflict, adjusting goals, and enacting required modifications faster and more accurately.
The five predictions below aim to provide cybersecurity professionals with data-driven orientation cues on which to base decisions and act.
- Operating Systems will be prime targets
2022 saw a growing attackers’ understanding of operating systems exploitability opportunities. They became experts at exploiting cracks in least privilege configurations to bypass security controls through PowerShell, control panel, registry, DLL Side loading, and service spin-up techniques.
They also took advantage of legacy OS components far beyond Office Macros, such as MSHTA, the legacy Internet Explorer process still lingering on most Windows operating systems, and MSDT, Microsoft Support Diagnostic Tool to exploit systems. Beyond the Windows OS, they added Linux and macOS platforms to their exploit kits, tool kits, and attack vectors.
This coming year, attackers will exploit fundamental operating system issues, poorly configured or absent least privilege policies, and legacy components to circumvent security controls.
Scrutinizing operating systems, verifying least privilege policies segmentation, and phasing out legacy components where possible are sound starting points to remain secure in the coming year.
- Abuse of secrets and elevated accounts management will rise
2022 was brimming with attempted and successful attacks capitalizing on the flaws in secrets and elevated accounts management. The still-prevalent habit of keeping track of critical resources, administrative accounts, crown jewels, and spreadsheets through collaboration tools is a welcome windfall for cyber-attackers. Vulnerabilities inherited from secret management third-party suppliers further weaken resilience. Attackers’ skills in exploiting insufficiently tight least privilege and secret mismanagement will continue to evolve and expand in 2023.
Focusing on implementing a true zero-trust approach should be a 2023 priority.
- Omnichannel phishing and MFA bypassing techniques will improve
Phishing attacks in 2022 saw a massive increase in the use of non-email-based phishing techniques. From established messaging apps like WhatsApp, Facebook Messenger, or LinkedIn to more recent ones like Discord or TikTok, or professional ones like Slack or Microsoft Teams, all were abused to lure users into clicking a compromised link or downloading malware.
To gain control of users’ accounts despite MFA verification, attackers launched MFA fatigue attacks, bombarding users with authentication requests and fake, official-looking login pages. SIM-swapping attacks – transferring a mobile phone account and phone number to a new SIM card under the attacker’s control to impersonate the victim to send or receive SMS, phone calls, messages, and MFA verification codes, skyrocketed in 2022.
Integrating token and biometric factors into MFA procedures and educating employees about these new fishing techniques are two potential strategies organizations may adopt to increase resilience.
- More Nation-State Attacks
The 2022 trend of heightened activities from nation-state-sponsored APTs is likely to worsen in 2023. Critical infrastructures are particularly at risk as successfully disrupting their activity has a nationwide impact. Beyond attempting disruptive attacks, nation-states will continue to develop and deploy hard-to-detect spying malware for espionage ad surveillance purposes. Regardless of their purposes, this increases the risk of undetectable complex unknown-unknown attacks against which detection and response solutions are powerless and will require increased vigilance from cyber-defenders.
Validating security controls’ efficacy and segmentation robustness through automated or semi-automated continuous security validation methods is the recommended prevention to limit these attacks’ escalation reach.
- Off-the-shelf attack tools will become prevalent
The 2022 trend to misuse off-the-shelf attack kits, such as Cobalt Strike, Sliver Framework, or criminal ones like the latest comer Manjusaka will continue to rise. These kits allow attackers to expand the reach of their attacks through automated flaw-finding probes and attached exploits.
Keeping up with attackers’ progress would benefit from incorporating security validation automation tools to identify security gaps before attackers.
(The author is Mr. Shailendra Shyam Sahasrabudhe, Country Manager, India, UAE and South East Asia at Cymulate Ltd., and the views expressed in this article are his own)