2022 is wrapping up and 2023 brings a lot of opportunity. It’s a good bookmark on the calendar to pause and plan. Part of that planning should be in your technology, specifically in your cybersecurity against the ever-growing cyberattacks.
Cyber threats have been growing exponentially year-over-year and while the stats for 2022 are not quite in yet, there is no doubt that the trend is continuing. With over 3 billion malware attacks, over 230 million ransomware attacks, an expected 6 billion phishing attacks, 2022 is sure to set another benchmark in increased cyber threat activity.
According to IEEE, technology directors and officers are primarily concerned with Cloud Vulnerability, Data Center Vulnerability.
Other key concerns are ransomware attacks, coordinated attacks against the company network, and a lack of investment in security solutions.
Their concerns are justified, as cyberattacks continue to get more sophisticated. Despite the portrayal of a lone hacker in a room, most threats are also being perpetrated by large, organized crime rings that function more like a business instead of a low-level criminal.
There’s something new changing at all times, but by researching what the cybersecurity experts are expecting we can expect threats to follow some trends.
Here are the top 5 attack threats you need to watch out for in 2023
- Attacks on 5G Devices
- One-Time Password Bypass
- Attacks Surrounding World Events
- Smishing & Mobile Device Attacks
- Elevated Phishing with AI
Attacks on 5G Devices
5G has been a big tech improvement for a few years now, however if you have a 5G device that long you probably haven’t seen any giant change until now. The infrastructure was still being built out and is now commonplace in hardware with it showing up in routers, laptops, and even vehicles.
With anything new, you can expect hackers to take advantage of any code vulnerabilities they can find and exploit. You can protect yourself by consistently updating your device firmware to ensure you are always up to date. Even better, make sure you know the firmware security policies for any device before you buy it. Some manufacturers are better than others at keeping their firmware up to date and your device secure.
One-Time Password (OTP) Bypass
MFA (Multi-Factor Authentication) is a must as it greatly reduces the risk of somebody else signing into your account. With the right MFA (authenticator apps and YubiKeys being preferred over SMS or email) you can effectively prevent account takeovers.
However, it doesn’t mean you are completely safe. Hackers have multiple ways to work around MFA.
They can:
Reuse a OTP – If they gain access to a recent OTP they can reuse it
Sharing OTP – Using their own account to get a OTP and then attempting to use it on a different account
Leaked OTP – Sometimes web applications leak the OTP in a response
Phishing Scam – Sending a phishing notification to log in tricks you into giving the hacker a OTP
Password Reset – Most web applications automatically log you in once the reset procedure is complete. Gaining access to an email with such a link can be reused multiple times, even if the email address was changed.
Attacks Surrounding World Events
During the pandemic, cyberattacks increased 600% worldwide. When Russia invaded Ukraine the Cybersecurity & Infrastructure Security Agency (CISA) advised countries worldwide to be on alert for increased cyberattacks. World Events and disasters are lucrative to cybercriminals.
Commonly world events come with phishing campaigns based around them. People are so caught up in the event, they don’t realize they are being targeted and giving up their information. These attacks are calculated with social engineering to get you to have an emotional response. The more emotion people are feeling, say from a sad photo, the less likely they will be on alert to the scam.
Be mindful of an increase in cyber activity surrounding events like these.
Smishing & Mobile Device Attacks
We use our mobile devices for just about everything these days. Even if you still work on a PC, you still are interconnected with your phone. That is why mobile device attacks have been on the rise.
Most people don’t expect a fake message on their personal phone. Phone numbers are far from private these days, as I’m sure you have realized with the sheer amount of spam calls you receive.
It gets worse though, as smishing messages are prevalent now. Smishing is an SMS phishing attack. Fake text messages might show us as an impersonation (such as the CEO of your company) or they might look like a shipping notice with a link. Don’t tap that link or you’ll get hit with malware.
Mobile malware has been increasing dramatically. Just the first few months of the year showed a 500% increase over last year. Using protections such as a DNS filter and mobile anti-malware can help combat this, but the best solution is to be aware of such threats so you don’t fall for them.
Elevated Phishing with AI
Some phishing emails are really easy to spot. They have horrible grammar and poor image quality and layout. They all used to be this bad, but not so much any longer. Some look almost identical to the real thing. Very minor differences are the callouts, which you only really see if you pay close attention.
Now it’s really getting hard to spot them since cybercriminals are using AI and machine learning to create their phishing attacks. They will end up looking spot-on accurate to the brand they are impersonating and will come personalized to you. It also makes it easier to create them, so they can send out more frequently to more people than ever before. While these AI tactics are rare today, it is expected that within the next few years they will be able to autonomously identify vulnerabilities and institute attack campaigns.
Get a cybersecurity check-up
Are you prepared for the cybersecurity threats that are coming in 2023? Don’t wait to find out. Schedule a check-up and see what you can improve to protect your business today. Schedule a 15 minute call free of any charge or obligation.