Since we are halfway through 2023, the ongoing surge in cyber threats continues to cause companies to lose hefty financial losses and severe damage to their hard-earned reputations. Therefore, this article intends to explore the new emerging cyber threats in 2023, reflecting the evolving tactics cybercriminals employ.
6 New Emerging Cyber Threats in 2023
According to Cybersecurity Ventures, the annual cost of cybercrimes will go up to $10.5 trillion by 2023, which is 3x times more compared to $3 trillion in 2015. This presents the upcoming devastating potential of cyber threats. Talking specifically about 2023, below are the six new emerging cyber threats:
1. More Sophisticated Phishing Attacks
Phishing attacks have been the favorite tactic of cybercriminals to fool victims into installing malware or exposing sensitive data unintentionally. Just by October 2022, there was an increase of 61% in phishing attacks compared to 2021.
However, since most organizations and employees have become aware of the danger of email phishing or suspicious links, cybercriminals are making phishing attacks more sophisticated. The use of machine learning is getting popular to craft more convincing messages. Besides that, they are also tailoring messages based on seasonal events. For example, you might see tax filing assistance during regional tax seasons or legitimate-looking account resetting emails from technology vendors.
2. Cybercrime-as-a-Service
Cybercrime-as-a-Service (CaaS) is a new emerging cyber practice where experienced cybercriminals provide their services to the highest bidders. They help them conduct malware, ransomware, phishing, or other attacks on their targeted organizations.
According to the report by TrendMicro, there was a 63.2% rise in the Ransomware as a service (RaaS) and extortion groups during Q1 2022. CaaS is making it easy for malicious actors to use their financial resources and recruit skilled hackers to launch devastating and sophisticated cyberattacks. Therefore, CaaS is another concerning threat for organizations in 2023.
3. Increased Cloud Security
Cloud adoption saw a boom with the COVID-19 pandemic, as organizations aggressively shifted their workloads to the cloud to cope with changing workplace structure from onsite to hybrid and remote working schemes. Statistics narrate that 50% of the workload of 70% of organizations is now hosted in the cloud. In fact, the Veritas research even revealed that 94% of enterprises are significantly overspending on public cloud.
With widespread cloud adoption, cloud security has become a concern and an attractive attack medium for cybercriminals. Although companies are seen to deploy effective security measures to protect against cyberattacks, the access points of employees and unpatched web services are still a major threat. As per Orca research, the cloud environment of 36% of organizations has an unpatched web service, which is accessible to hackers easily.
Most cloud-based attacks are leveraging employees' negligence, unpatched services, unsecure sensitive AWS keys, sensitive data in Git repositories, and similar other loopholes to gain access to corporate data and cause significant revenue losses.
4. IoT Attacks with 5G Technology
Internet of Things (IoT) devices are becoming a more integral part of our interconnected world. It is projected that over 75 billion IoT-connected devices will be in use by 2025. Smartphones, laptops, tablets, routers, webcams, smart watches, medical devices, automobiles, and others are all examples of IoT-connected devices.
Although IoT attacks are already in the news, the advent and widespread use of 5G technology has triggered a new wave of IoT device hacks. Just in the first half of 2022, there was a 77% increase in malware attacks on IoT/connected devices. Since 5G technology is about to bring an explosion in connected IoT devices, IoT-based attacks are poised to become even more dominant and damaging.
5. Resurged Ransomware Attacks
Last year, there were some signs of decrease in ransomware attacks because many ransomware groups shut down, and law enforcement agencies also emphasized ransomware protection. However, 2023 has again shown a surge in ransomware attacks with new players such as BianLian, Play, and Royal gangs joining the field, while Lockbit, Clop, and other major players conducting mass-ransomware attacks.
According to the report by Black Kite, the manufacturing sector remained the main target of ransomware attacks from April 2022 to March 2023, while the United States was the top targeted country. The report also highlights that out-of-date systems, recent credential leaks, poor email configuration, public remote access ports, and IP addresses are common ransomware vulnerability indicators. Therefore, the rise of new players and new sophisticated tactics are also set to make ransomware a concerning cyber threat for organizations in 2023 and onwards.
6. MFA Fatigue
Multiple-factor authentication (MFA) has become a common authentication practice where employees have to pass through a second verification stage before getting access to the account. However, attackers have started to exploit it with MFA fatigue.
Imagine an organization has established a push-notification MFA system where employees have to approve the sign-in request from the prompt messages. Now what hackers do is they first obtain an employee's login credentials and then keep sending the employee a non-stop stream of sign-in requests. Unintentionally, the employee may approve one of those requests, thereby giving access to the hackers.
The breach of Uber's corporate systems in 2022 was a glaring example of the potential of MFA fatigue attacks. Besides that, 40,942 MFA fatigue attacks were recorded in just August 2022 alone. Therefore, MFA fatigue is an emerging cyber threat to watch in 2023 and the upcoming years.
Security Auditing – One Effective Solution to Tackle Emerging Cyber Threats
The world dynamics are showing no signs of relief from cyber threats. Although cybersecurity practices have become essential for organizations of all sizes, the global shortage of 3.4 million professionals in the cybersecurity industry poses a significant challenge in effectively combating these threats. Therefore, partnering with a trusted and experienced security auditing service has become more important than ever before. This is where Sunny Security Labs come into action.
Sunny Security Labs is a trusted and experienced security auditing company specializing in assessing the security of a wide range of systems, including websites, applications, servers, HCMs, CRMs, ERPs, and more. The team identifies potential vulnerabilities and risks using AI-powered tools and advanced techniques and provides comprehensive recommendations for improving the security posture. This way, organizations can ensure that they have a solid defense against the emerging cyber threats.
So, if you are concerned with emerging cyber threats and want to evaluate your organization's existing security posture, get in touch with Sunny Security Labs right now and schedule a comprehensive security audit.