High-profile data breaches, such as Dropbox’s phishing attack and the Rockstar Games hack, were rarely out of the headlines in 2022, as cyber threats became more sophisticated and malicious.
From the most common mode of attack, phishing, to elaborate hits on a country’s critical infrastructure, cyber threats are ramping up every year. This necessitates entities to not just build their defences, but also raise cybersecurity awareness in organisations to prevent exploitation of any sort.
This is where analysis of upcoming trends becomes crucial. Hornetsecurity has recently analysed over 25 billion emails to understand the threat landscape, present key trends, and make predictions for Microsoft 365 security threats. By understanding upcoming issues we can best protect against cybersecurity threats. Here are five key trends that businesses will need to be alert to in 2023.
Increase in charity fraud cases
It’s an unfortunate reality, but charity fraud is still the oldest method used by threat actors to steal donations meant for victims of conflict or natural calamities. These cases peak during major events such as the war in Ukraine and Covid-19 – due to social media increasing global awareness and greater concern throughout the world.
This year, two high-profile charity fraud cases emerged with fraudulent Ukrainian charities and relief efforts for Hurricane Ian in the United States. In 2023, it’s highly likely that cybercriminals will continue to exploit this avenue, perhaps shifting their focus towards fundraising efforts centred around climate change campaigns.
Malicious content in Microsoft Teams
Businesses rely heavily on Microsoft Teams to communicate and collaborate. The recently added benefit of building connections among employees makes it a crucial tool for companies. The platform has also opened up access to external entities, making it convenient for those outside an organisation to join calls, chats and set up meetings. However, this attracts threat actors who may use social engineering, malicious attachments or link attacks for exploitation.
In August, a vulnerability allowed malicious actors with access to the file system to potentially steal the credentials of users. This is largely due to the fact that it was discovered that Microsoft Teams authentication tokens are stored in plain text on the file system. In addition, as the Teams client is an electron app, which means it’s basically running as a small web browser that lacks modern protections, it’s likely to continue to have security vulnerabilities. However, companies can continue to build their defences in order to protect themselves with a link scanner or anti-malware, as well as additional training for all staff.
Mobile devices to be targeted more
It’s impossible for me to think about life without my phone, and it’s completely unsurprising that this sentiment is shared among the masses. Most of our information is, quite literally, in the palm of our hands and it’s often the source of multi-factor authentication (MFA) as well. This opens up smartphones to attacks, including from fraudulent banking apps.
While news of the NSO Group and Pegasus malware made the headlines, with some companies trying to protect users from attacks, there are plenty of lesser-known businesses that sell similar exploitative kits. We’re likely to see an increase in email attacks targeting mobile devices as the minimalist user interfaces on phones don’t always provide clarity to users on the authenticity of emails. Continued social engineering attacks through non-business channels of communication, such as WhatsApp, is also expected to be a trend in the next year.
IoT devices will be favoured targets
After our smartphones, our lives are intertwined with our IoT devices, including smartwatches and televisions. A majority of the global population functions today with a number of smart devices around the home (or work), making this another key avenue of vulnerability that can be exploited.
Pair this with the fact that IoT devices are often not equipped with the security protections needed. They’re also harder to update when vulnerabilities are tracked. Therefore, a security flaw in one of these devices can provide a foothold for continued malicious attacks.
Deepfakes to be used more
The list of things that artificial intelligence cannot achieve is constantly shrinking, but generative AI systems have led to a series of ethical and legal issues. Deepfakes or AI-generated images or videos will continue to be a cybersecurity threat in the next year and beyond. In 2023, it is highly likely that bad actors will capitalise on advances in technologies to create improved voice and video deepfakes with ease.
In the coming year, it’s crucial for organisations to prepare their teams for any and all kinds of cybersecurity threats, and keep them updated on security awareness. At Hornetsecurity, we’ve developed a suite of tools that help companies ascertain cybersecurity awareness within their teams. These tools also help benchmark performance against scores in their industry.
Cybersecurity risks require building a resilient business. Considering the evolving trends and emerging threats, a robust strategy to counter cybersecurity attacks is more important than ever. It’s also vital that employees are aware of emerging threats by receiving the relevant training. Only through the education of staff, and implementation of a robust cybersecurity strategy, can organisations ward against cyber attacks and stay vigilant and resilient against emerging threats.