top of page

2023 Cybersecurity Predictions: More Invaluable Data Backups Get Attacked by Ransomware

This post is part of our 2023 cybersecurity predictions series.

John Pescatore, SANS Institute

John Pescatore, director of emerging security trends, SANS Institute offers some expert insight on what the industry can expect in the new year.

Rise of data backup ransomware attacks:

Ransomware attacks are not going away and will remain a major threat next year. However, many attackers will choose an easier and less obtrusive path to gain the same critical data. We will see more attacks target backups that are less frequently monitored, can provide ongoing access to data, and may be less secure or from forgotten older files. Security tools that typically monitor for these attacks, like Intrusion Prevention Systems (IPS), are also often turned off or ignored because they often trigger false alarms for data backup systems. This makes it even more difficult to distinguish between false and legitimate attacks.

War in Ukraine cyberattacks will increase on dual-use systems:

The war in Ukraine will have broader impacts on the commercial sector as operatives on both sides attack dual-use technologies (i.e., services used by both the military and civilians) to take down communication and critical infrastructures systems. We will see more attacks in 2022 that impact business internet connections, communication, and logistics systems. Increasing attacks on key dual-use technologies like cell towers, GPS, and commercial satellites, (such as Star Link) will damage connectivity and business operations for private sector companies that depend on these technologies, even if they are not directly targeted themselves.

MFA bypass attacks will explode:

We will see a continued movement away from using multiple use passwords and towards adopting multifactor authentication (MFA), passkeys, FIDO 2 authentication and other additional layers of security. Companies like Apple and Google are also developing their own authentication token systems. This will all lead to a badly needed increase in security but also result in an explosion of attacks that aim to bypass such MFA approaches, including using stalkerware to take advantage of company executives and board of directors’ use of mobile phones to record their keystrokes and interactions.

Attackers will hide stalkerware in consumer apps:

While mobile phones are more secure than desktops, we will also see a greater volume of stalkerware included in downloaded apps that target consumers. Pegasus is a key example of this threat, which can install itself on iOS and Android devices with zero clicks. Hackers are also creating malicious stalkerware apps and hiding them in app stores. As people also become more accustomed to downloading family tracking software and giving away app permissions, the risk of having their keystrokes, locations, voice, and even photos and videos recorded for financial theft and other nefarious purposes will also increase.

Organizations must go on the offensive to close the cyber skills gap:

Cyber professionals need to close the skills gap to understand what attackers are exploiting and why. Next year, we will see more offensive training and increased focus on threat hunting to improve hunt-to-detection time and examining endpoints and network traffic for anomalies to detect attacks and prevent them from causing damage. This will be especially important with an expanded attack surface from a continued hybrid workforce. At the same time, organizations won’t be able to hire during the recession and will need to upskill and make their staff better trained to defend against attacks. As such, we will also see a rise in purple teaming so that security professionals can practice with each other on penetration testing, uncovering, and defending against the newest cyberattacks.



bottom of page