This post is part of our 2023 cybersecurity predictions series.
Adrien Gendre, Chief Tech and Product Officer and cofounder at Vade
Productivity suite security will supplant email security in 2023.
“As attacks grow in number and sophistication, SMBs and MSPs will need technology that tightly integrates with modern productivity suites such as Microsoft 365 or Google Workspace and provides comprehensive threat intelligence. Unlike secure email gateways (SEGs) that separate email security from internal networks, API-based alternatives are the future of email security, Gendre says. Organizations need to be able to leverage the threat intelligence from email to protect file sharing applications and other collaborative tools like instant messaging. They also need to be able to leverage information such as user profiles, contacts, and communication patterns to defend against highly targeted attacks, such as those we’re seeing with supply-chain attacks.” SMBs and MSPs don’t have the resources to be managing different products from different companies that are managing different servers simultaneously.
Vade’s Cyber Threat Experts (CTE) team
Ransomware attacks will continue their devastation.
“Like last year, we expect ransomware attacks to get more sophisticated in terms of evading detection, adapting, and exploiting new vulnerabilities to spread. Ransomware groups like BlackCat are fine-tuning their methods.” The CTE team sees two factors maintaining the volume of ransomware attacks: Ransomware-as-a-Service (RaaS) and double extortion. RaaS is still a source of revenue and allows less skilled hackers to turn a profit. Double Extortion gives hackers leverage over their victims – ransomware groups like Hive have been targeting the healthcare sector and will likely continue to do so in 2023. The CTE team has also seen hackers favoring small-to-midsize businesses (SMBs) and managed service providers (MSPs) as targets, given the ease and efficiency of the attack, even though the payout may not be as significant as a major enterprise. All in all, what’s working for ransomware operators now is only going to grow in sophistication and popularity in 2023, as will attacks on SMBs and MSPs.
Romain Basset, Director of Customer Services at Vade
Phishing attacks will target MFA and legitimate servers.
"We’ll see more phishing campaigns that are able to circumvent MFA by acting as a proxy with the real authentication system, or by tricking users who have MFA fatigue.” Basset cites the recent Uber hack as an example of how damaging MFA fatigue can be for even the largest businesses…all it takes is one click on an “approve request” button to put an entire company’s data at risk. Basset also predicts an increase in phishing campaigns that abuse legitimate services to distribute phishing links. For instance, Vade detected a phishing campaign in September that hackers conducted through Pôle Emploi, a career website operated by the French government. Threat actors found a legitimate job posting, submitted a resume with malicious links in it, and if the company conducting the recruiting clicked on those links, they were asked to disclose their Pôle Emploi credentials…which hackers could then use to steal sensitive company and personal information to launch additional attacks. Poorly written emails with sketchy addresses in the “from” field are still prevalent, but phishers are having major successes with entering networks in ways that look legitimate.
Michael Posey, Engineer at Vade
Supply-chain and hijacking techniques will increase.
“As users become more proficient at spotting and reporting common phishing scams from well-known brands, we will see hackers adjust their strategy, including impersonating suppliers or customers. I expect more supply-chain attacks and hijacking,” he says. It’s no secret that major brands like Microsoft and Facebook are impersonated by phishers every day, and as awareness and training programs become more prevalent, users are going to raise eyebrows more than they used to…that’s where phishers innovate. Instead of pretending to be Microsoft or Facebook, Posey predicts hackers will disguise themselves as a supplier or customer of the company to gain access to company networks and wreak havoc to the connected supply chains. Additionally, Posey believes hijacking attacks (where hackers use compromised accounts to join existing email communications or create new ones) will increase and enable bad actors to launch more targeted attacks than have previously been popular.