New Year, More Complex Threat Landscape

7 minute read

January 2023

by cybergrx

Wouldn’t it be nice to start a new year and think to yourself, “THIS will be the year when cyber risks finally subside.” Unfortunately, we all know that zero risk is impossible and as long as there are cyber criminals in the world, there will always be threats to your organization. 

Whether it’s stealing the bank details of water customers, a Holiday Inn, or Uber, hackers have been ramping up their attacks globally, especially over the last six months. And, the attacks are getting more sophisticated. Even if your company hasn’t been hit, there’s a good chance at least one of your vendors has suffered a breach. It’s not a question of “if” but “when”– and in 2023, “what” new threat tactics you should be concerned about.

While the threats themselves are repeat themes, the conditions surrounding the threats as well as the execution of them makes for a more complex threat landscape in 2023. Here’s what should be on your radar.

The Economic Impact on the Threat Landscape

The economic climate of early 2023 presents some unique conditions that hackers are capitalizing on. Your organization may be impacted– and likely your third parties are too, which means you’ve got to evaluate the security controls they have in place now vs. a year ago. 

How the economy is shaping the threat landscape:

  • Layoffs often result in fewer people handling more responsibilities, diverting their attention away from threat defense. And, if cybersecurity teams were impacted by the downsizing, that means there are fewer people available to detect the incoming attacks and fight them off. As Jeff Hodgin, VP of Product at CyberGRX notes, resource shortages and knowledge gaps may leave many of your vendors vulnerable. What should you be on the lookout for with your third parties? “Turnover and responsiveness times have always been the most prominent indicators for potential emerging issues when it comes to budget cuts. When I think of increasing risk in tough economies, I think of knowledge gaps and resource shortages as two of the primary drivers. Watch for changes in behavior and changes in primary contacts and increase your monitoring or likelihood thresholds to account for the increased risk,” Hodgin advises.
  • Reduced budgets may also mean reduced cybersecurity budgets, as organizations are forced to make tough choices and may opt to fund another initiative instead.
  • Remote work. If a company has recently downsized office space, be sure to verify proper controls are in place and employees are connecting via secure networks vs free networks at coffee shops, shared work spaces, and other public locations. 

Same Threats, Different Approach

The threats we list here aren’t anything new, but much like a contagious germ, they continue to mutate and infect unsuspecting victims. Not only are the attacks increasing in volume, but bad actors are getting more savvy. Based on current trends, it is likely that we will continue to see an increase in the use of AI and machine learning by cyber criminals to make their attacks more convincing and harder to detect. 

Here’s how common attacks are evolving and shaping our threat landscape for 2023:

Malware

Cyber criminals use malware as a tool to achieve various malicious objectives, from infiltrating a network to installing a backdoor for future attacks. One of the more recent trends is delivering malware through cloud applications– in fact, the number of cloud applications hosting malware tripled in 2022. What should you watch for? Inspect all HTTP and HTTPS traffic for malicious content from popular cloud applications. 

Phishing

Phishing attacks will continue to dominate our threat landscape, as they are an effective way for cybercriminals to gain access to sensitive information. Organizations should continue to educate their employees about how to recognize and avoid phishing attempts, which are continually evolving and becoming more convincing. 

How phishing attacks have changed:

Hybrid Vishing: Hybrid vishing is a sly combination of email and voice engineering calls designed to breach corporate networks. The scheme usually involves an email before the call, presenting the victim with a fake subscription and invoice notice, then a callback number answered by phishing actors. The objective? Trick the victim into disclosing sensitive information or installing remote desktop tools onto their system, which installs backdoors to a network or spreads to other machines. CISOs beware– hybrid vishing attacks reached an all-time high in 2022, increasing 625% since Q1 of 2021.

Pig Butchering: Pig butchering is similar to hybrid vishing in that it involves several touchpoints with the recipient, ranging from social media, SMS texts, or other communication platforms. The goal of these scams however, are typically cryptocurrency or financial trading schemes. The scammers start with a simple “hi” or other seemingly friendly and harmless message. Once the attacker has established a rapport with the recipient, they suggest investing in cryptocurrency and will attempt to set the recipient up with a malicious app or website of an impersonated financial institution, luring the victim to deposit funds, tricking the victim into believing they are making money and can withdraw funds as needed, then once more money is deposited, shutting down the account and disappearing from contact.

ChatGPT: Cyber criminals– especially foreign cyber criminals– are using ChatGPT to correct grammar and improve their English writing skills. You can no longer count on the awkwardly worded emails with typos to identify a fake message. Employee security awareness training and testing will become even more important in 2023, as will email filtering to detect and block phishing emails, and using DMARC to help identify and block phishing emails that impersonate a legitimate domain.

Ransomware

We can also expect the number of ransomware attacks to increase as the number of connected devices and the amount of data being stored on the cloud continue to grow. Additionally, some industries are more prone to extortion-based attacks, such as healthcare and critical infrastructure. Why? “The simple reason is they have a higher than normal pressure to pay threat actors. In the case of healthcare the potential impact of a prolonged cyber attack is literally loss of life, “ commented Dave Stapleton, CISO at CyberGRX. Regardless of industry, getting back to the basics, like MFA for all accounts, regular software patching and social engineering training will help your line of defense, plus verify your third parties have similar controls in place. Stapleton also advises, “Organizations must take the time to plan for, and test, their ability to respond to a cyber attack, not only the technical response, but communication to customers, too.”

Zero-day Vulnerabilities

Preventing a zero-day attack can be challenging, as these types of attacks exploit unknown vulnerabilities in software. However, there are several steps you can take to reduce the risk of a zero-day attack:

  • Keep software and systems up to date: Regularly apply software updates and patches to address known vulnerabilities.
  • Use anti-virus and anti-malware software: This can detect and prevent known malware from executing on your systems.
  • Use a firewall: A firewall can help block unauthorized access to your network and systems.
  • Implement security best practices: This includes creating strong passwords, limiting user privileges, and regularly monitoring your systems for suspicious activity.
  • Conduct regular penetration testing: This can help identify vulnerabilities in your systems that may be exploited by attackers. Do the same with your third-party ecosystem– identify where your biggest risks lie and the impact to you, should a third party experience a breach.
  • Implement network segmentation: This strategy can limit the spread of malware or malicious code once it has infiltrated a system.
  • Implement endpoint security, to protect and monitor the devices that connect to your network.

Supply Chain Attacks

Supply chain attacks will also continue to be a concern, as cybercriminals target third-party vendors and partners who may have weaker security controls to gain access to an organization’s networks and data. Additionally, by infiltrating a service provider that caters to many organizations, malicious actors can quickly expand their footprint and collect data from a wider variety of sources. Supply chain attacks have also been part of the Ukraine cyberwar, to disrupt communications and critical infrastructure. 

No industry is immune to supply chain attacks. Further, a survey conducted by JumpCloud revealed 44% of small and medium-sized businesses are expecting security spending cuts. Their cybersecurity budget reductions have a downstream effect on you, as some of the impacted companies may be your vendors with access to your networks and sensitive data. Should they reduce their security, you should expect your third-party risks to grow.

Want to see the risks that your third parties pose to you? Request a CyberGRX demo and we’ll show you your blindspots.

Effective Risk Management in 2023

Understanding the threat landscape enables you to prioritize your risk management efforts, both internally and across your third-party ecosystem. Because 2 out of 3 breaches come through third parties, effectively reducing your risks includes not only evaluating the internal controls you have in place, but how your vendors are navigating the more complex threat landscape, too. Remember: security controls reported a year ago may have lapsed from recent layoffs, budget cuts, or an incident may have occurred. Use your threat intelligence to inform your strategies. By identifying the most likely threats that your organization might face, you’ll be better prepared to respond to them, without disruption to your business.

Interested in how CyberGRX’s risk management platform can help you identify, assess, and monitor your third party risks? Book a demo and we’ll show you your biggest security gaps and the tools you can use to help address them.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.