2023 Cybersecurity Predictions: Threat Groups Will Becoming Increasingly Difficult to Detect

This post is part of our 2023 cybersecurity predictions series.

David Anteliz, Skybox Security

David Anteliz, Senior Technical Director at Skybox Security


The increase in cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies.


The Cybersecurity and Infrastructure Security Agency (CISA) has issued a number of new guidance this year. Most recently, Binding Operational Directive 23-01 mandates federal agencies to take necessary steps to improve their asset visibility and vulnerability detection capabilities in the next six months. In 2023, we will see threat actors ramp up their attacks on before new cybersecurity controls are implemented ahead of 2023 deadlines. This increase in attacks will likely come in the form of supply chain attacks as malicious actors seek to do their worst before they get caught.


Threat groups will be uncovered as long-time dwellers in large organization networks, resulting in a major breach at a Fortune 500 company.


2022 brought many splashy headlines from threat groups like Lapsus$ successfully attacking major organizations like Uber and Nvidia, and state-sponsored Lazarus exploiting Log4j flaws to hack US energy companies. In 2023, we predict a major threat group will be discovered to have been dwelling in the network of a Fortune 500 company for months, if not years, siphoning emails and accessing critical data without a trace. The organizations will only discover their data has been accessed when threat groups threaten to take sensitive information to the dark web.

The threat of spear phishing will be further complicated by the rise of fake LinkedIn profiles.


Spear phishing continues to be a successful form of social engineering plaguing organizations today. Spear phishing is sure to be a prominent attack vector in 2023. We can expect threat actors to place an increased focus on targeting individuals via fake accounts on LinkedIn. LinkedIn is a platform that has traditionally been less frequently associated with malicious behavior and widely trusted by users. Threat actors will seek to take advantage of this sentiment to access critical information.


Threat actors will disguise themselves as professionals looking to conduct surveys leveraging experts in various fields, giving them the perfect opportunity to obtain sensitive information from individuals and their organizations.


Terry Olaes, Skybox Security

Terry Olaes, Senior Technical Director at Skybox Security

A growing target on the retail industry as organizations gear up for PCI DSS 4.0.


Much like changing regulations for government agencies, retailers are preparing to navigate a new standard: the Payment Card Industry Data Security Standard (PCI DSS) 4.0. Effective in 2024, this new standard will impact all organizations that store, transmit or process cardholder data and sensitive authentication data. The new standard allows organizations to customize their approach to proving compliance with each PCI DSS security requirement. If organizations take this direction, there are growing opportunities for threat actors to exploit retailers who may have taken non-standard routes to achieve compliance. Additionally, the long lead time to implement these regulations gives attackers more opportunity to use those requirements as a blueprint to breach retailers before they have time to implement changes to their cybersecurity strategy.


Threat actors will leverage novel programming languages to become untraceable.


Instead of using common programming languages like Python, threat actors will begin leveraging languages like Rust that cybersecurity tools aren't designed to catch, causing attacks to go undetected. Some organizations today continue to neglect to implement cybersecurity basics that detect and prevent basic attacks, let alone attacks built on uncommon languages.


###