This post is part of our 2023 cybersecurity predictions series.
Ziv Mador, VP Security Research, Trustwave
The threat of global cyber warfare will continue into 2023, especially if the Russia/Ukraine war continues. The use of distributed denial-of-service (DDoS) attacks and other services to infiltrate networks for espionage can disrupt government and military sites. Social engineering will also be a primary tactic used against soldiers and other government officials to collect information on locations or plans during times of war.
As more organizations and threat actors adopt machine learning and AI, this will create new challenges for cybercriminals. AI will help organizations quickly identify never-before-seen malicious activity and compromise much faster than any response that relies on human analysis. This will make it more difficult for cybercriminals to be successful in their attack methods and drive down their perceived ROI on their exploits and ransomware tactics.
Shawn Kanady, Director, Threat Fusion & Hunt, Trustwave
Strong supply chain security and third-party vendor audits will be more critical than ever as ransomware groups take advantage of supply chain vulnerabilities. We’ve previously seen supply chains infiltrated with many credit card data breaches where bad actors gained access to one vendor’s system through a phishing attack and poor password management, allowing them remote access to deploy credit card malware across multiple retailers connected to that vendor’s supply chain. Now, ransomware groups are using the supply chain as an attack vector to strategically target vendor organizations on a massive scale.
If organizations do not audit and secure their use of open-source code, in 2023 we’ll see more malware delivered through open source, such as the 29 malicious info-stealing malware packages recently discovered in obfuscated code in Python Package Index (PyPI).
Open source is a common framework for many organizations, but as easy as it is for IT administrators to download and use open-source tools for projects, it’s just as easy for a bad actor to embed malicious code into that open-source project. Organizations need to think twice before downloading open-source tools and consider the risks associated. If and when possible, do a thorough code audit to review and ensure the code is legitimate before using it in production systems.