Cybersecurity: insights and forecasts for a challenging 2023

There have been some prominent examples of cyberattacks and data breaches in the last 12 months: Toyota suffered a data breach as a third party was able to gain access to a company server using credentials obtained from source code published on GitHub by a third-party vendor. Cisco also confirmed a cyberattack after an employee's credentials were compromised and the attacker was observed using machine accounts for privileged authentication and lateral movement in the environment. These breaches, facilitated by lateral strategies, mass phishing attacks, and sophisticated ransomware, significantly undermined network security. As we reflect on the past year, while it's important to acknowledge the many successes of security teams, it's also important to learn from the high-profile breaches, said Chad Skipper, global security technologist at VMware. He anticipates these five key challenges for enterprise cybersecurity teams in the coming year:

1. innovative instincts tackle evasion tactics

Threat response innovation was the standout growth area in the industry in 2022. VMware's Global Incident Response Threat Report (GIRTR) found that cybersecurity professionals are actively using new techniques such as virtual patching to respond to incidents and combat cybercriminal activity. Although today's threat actors have an impressive portfolio of evasion tactics, the research found that the majority of cybercriminals go undetected in the target environment for only hours (43 %) or minutes (26 %). Because threat response time is critical to network defense, meeting the savvy threat actors on their own terms is very important to protecting systems. Using innovative tactics to update response techniques is the first line of attack to stop malicious intent before it escalates - and one to focus on in 2023.

2. the new battlefield

You can't stop what you can't see, and lateral movement within an environment is an increasingly large area of attack for security teams, forming the basis of a quarter of all attacks reported in VMware's GIRTR. These infiltration techniques have often been overlooked and underestimated by enterprises this year. In April and May of this year alone, nearly half of the attacks contained a lateral movement event, with most involving the use of remote access tools (RATs) or the use of existing services such as Remote Desktop Protocol (RDP) or PsExec. It is likely that cybercriminals will continue to use the Remote Desktop Protocol to masquerade as system administrators in 2023. Looking ahead to the new year, CISOs must prioritize EDR and NDR integration to protect data centers, access points, and critical infrastructure that hackers can infect once they infiltrate external barriers.

3. unsupervised APIs

The next year will continue to see the evolution of first-party access tactics that cybercriminals use to try to gain a foothold in enterprises. A primary goal of such access is to conduct aggressive API attacks against modern infrastructures and exploit workload vulnerabilities within an environment. The majority of traffic within these modern applications is often unmonitored API traffic. This favors lateral movement, as cybercriminals, once they have penetrated the environment, continue to use evasion techniques to bypass detection of VDIs, VMs, and traditional applications. These initial access techniques become more attractive to malicious actors aware of enterprise monitoring limitations, and they will look for vulnerabilities.

4. deepfakes

This year has seen a sharp increase in deepfake attacks. Deepfakes have spread from the entertainment industry to business and enterprises. In fact, two-thirds (66 %) of businesses have reported experiencing a deepfake attack in the last 12 months. Because of this technology, security teams are struggling with false information and identity fraud designed to compromise a company's integrity and reputation. Deepfake attacks identified in emails, mobile messages, voice recordings and social media are flexible enough to become fraudsters' weapon of choice.

In the coming year, the number of deepfakes will continue to rise. Companies need to take proactive measures to mitigate the risk of falling victim to deepfake scams by investing in detection software and employee training to enable them to detect deepfakes.

5. the big red (digital) button

Critical infrastructure faces a year of vulnerability as cybercrime tools will undoubtedly evolve behind the lines. The majority (65 %) of respondents to VMware's GIRTR indicated that the increase in cyberattacks is related to Russia's invasion of Ukraine. Russia's digital offensive has ushered in a new era of warfare aimed at undermining critical industrial services and crippling infrastructure such as power grids. Ukraine's readiness to respond to threats is critical to its defense, and cyber tactics will undoubtedly become a central component of modern military conflict. Cyber warfare therefore illustrates that vigilance is the be-all and end-all of an effective cybersecurity strategy.

Security boot camp for 2023

Chad Skipper concludes, "Even as we move into a new year, the primary goal of cybercriminals remains the same: obtain the key to the enterprise, steal credentials, move laterally, acquire data, and then monetize it. To improve defense effectiveness in the future, security teams must focus holistically on workloads, examine in-band traffic, integrate NDR with Endpoint Detection and Response EDR, adopt zero-trust principles, and conduct continuous threat hunting. Only with this comprehensive guide can organizations empower their security teams to meet the challenges ahead."

Source: VMware