Cyber security threats

Cyber security threats and trends in 2023

Tim Robinson, Partner, Forensic Services
20/01/2023
Cyber security threats

Awareness of the operational, reputational and legal impact of a cyber-attack and data breach has grown in recent years. However, as shown by the recent crippling attack on the Royal Mail, rarely a week goes by without news of a major business, national infrastructure organisation, public body or charitable organisation coming under attack.

Motivated by money, notoriety or geopolitical reasons, cybercriminals continue to develop and deploy new and sophisticated attacks with ease from anywhere in the world, aimed at any type of organisation, with little fear of the consequences. 

Positively, 82% of UK boards rated ‘cyber’ as a ‘very high’ priority in 2022, an increase from 77% in 2021. However, there is still a significant journey ahead for many to exercise their governance responsibilities more effectively to manage and mitigate the danger posed. 

In this article we will look at some of the key cyber threats and trends that organisations need to be alert to in 2023.

Ransomware-as-a-service

Ransomware is a type of malware (malicious software), deployed once a criminal has access to your network, often following a successful phishing campaign. It unlawfully locks or encrypts your files, holding the business to ‘ransom’ to decrypt them and restore operations. 

Ransomware attacks continue to be a common tactic used by threat actors. The percentage of attacks increased by over 48% from 2021 to 2022 with the cost of a successful ransomware attack averaging an eye-watering $4.54 million in 2022.

The effectiveness of ransomware to elicit payments has created an industry of cybercriminals and organised crime groups who provide their services to others to deploy in attacks. Ransomware-as-a-service (RaaS) kits are readily available on the dark web and are cheap and easy to deploy. This makes the likelihood of a ransomware attack against your organisation simpler, and more likely, than ever before. RaaS, and more broadly speaking, Cybercrime-as-as-Service (CaaS), now allows those threat actors without the technical ability to deliver increasingly sophisticated attacks at an alarming rate. 

The triple extortion technique

More recently we’ve seen a growth in the prevalence of the ‘the triple extortion’ tactic used by cybercriminals when deploying ransomware attacks, first seen in 2019/20 against the Finnish physiotherapy provider, Vastaamo

Instead of just encrypting an organisation’s files to elicit a payment, threat actors are more often ramping up the pressure by also exfiltrating that data with the threat of leaking it publicly. This is particularly worrying for organisations as it could contain valuable IP or even customer’s personally identifiable information (PII) which could be further used to defraud customers, creating more reputational and legal implications. In addition to this, they are then following through with a third level of extortion by threatening to make details of the incident public via social media channels, dark web forums or even contacting journalists. Dedicated Denial of Service (DDoS) attacks have also been deployed at this point. DDoS attacks cripple external systems by bombarding them with requests, thus generating more external awareness of the incident, further impact on operations and increasing reputational scrutiny. 

Artificial intelligence

It’s important to understand that artificial intelligence (AI) can be used positively in the fight against cybercrime, helping us improve cyber security and raise defences against cybercriminals. However, as with any technology, threat actors can find ways to use it to their advantage, and AI is no different. Cybercriminals have been using it in a number of ways and this will no doubt continue as its power and potential is further unlocked. Examples are below.

  • Automating attacks – AI has been used to automate the process of identifying and exploiting vulnerabilities in systems, making it easier for criminals to gain access.
  • Evading detection – AI has been used to create new versions of malware to evade detection by security systems.
  • Social engineering – AI has been used to create sophisticated phishing campaigns to trick users into revealing information or downloading malware.
  • Predictive analytics – AI can be used to predict future vulnerabilities and target specific areas in order to launch the most effective attacks.
  • Deepfakes – AI has been used to create deepfakes, which are images or videos that have been manipulated to impersonate other people and trick individuals. 

Phishing

By now, most individuals will have a basic awareness of phishing, a common social engineering tactic used by cybercriminals that attempts to trick individuals into revealing sensitive information or clicking on links to download malware. As awareness has grown around the key methods used, cybercriminals have adapted to make their attempts far more sophisticated, targeting key individuals (known as spear phishing or whaling) to gain a bigger payoff. 

Phishing campaigns will continue to grow in sophistication, appearing more legitimate than ever before. Therefore, it is important that individuals are aware of what to look out for and your technology is set up to catch campaigns wherever possible before any damage can be done.  

Supply chain attacks

A threat actor can gain access to your infrastructure in a number of ways. They may exploit new vulnerabilities in your systems, attack systems that are no longer supported or target your people with social engineering tactics. More recently there has been growth in supply chain attacks via an organisation’s third-party suppliers.

For example, a cybercriminal can target a supplier or sub-contractor of a company that has less robust security measures, and then use that entry point to access the larger organisations in the supply chain. 

It will be particularly important in 2023 for organisations to take steps to secure their supply chains to prevent these kinds of attacks. The attack against SolarWinds in 2020 is counted as one of the biggest cyber breaches of the 21st Century.  

Cyber insurance

Cyber insurance has grown in prevalence and importance over the last few years as a way to mitigate the financial risk from a successful cyber incident. For example, it can help with regards to losses seen from business interruption, data recovery, legal liability, incident response or even extortion costs (although we would never suggest you pay a ransom demand, if possible).

However, such insurance has been said to fuel the ‘ransomware pandemic’ we are now facing as organisations have fallen back to insurance to cover costs associated with a ransomware payment, thus tempting and perpetuating further ransomware attacks.

Therefore, it is not uncommon for cyber insurance premiums to have doubled in the last year and we expect this trend to continue into 2023. Although insurance is an important piece of the cyber puzzle for many businesses, it cannot be seen as a substitute for good cybersecurity practices. Organisations must take steps to implement robust security measures across their full eco-system, including their supply chain. As we have discussed, the impact of a successful cyber-attack is not just financial.

How can you protect yourself?

Cybercrime is everywhere and impacts everyone. No type of business or sector is immune, and it is not a case of ‘if’ you will be attacked, but ‘when’. Organisations need to take a proactive approach to cyber security or face dire consequences when the inevitable happens. 

Cyber security cannot be seen as a solely technical issue and be left to a company’s IT function to manage. Leadership must fully understand their governance responsibilities if they are to effectively manage the entirety of this significant risk.

Nevertheless, there are a number of relatively cost-effective measures that organisations can, and should, do to increase their resilience. Below is a short, and by no means exhaustive list, of key areas to address. 

  • Conduct regular cyber resilience assessments – not just of the organisation itself, but across your suppliers as well, to make sure security measures are implemented.
  • Develop a cyber resilience policy – the risk from cyber is ever-changing, make sure your policy and strategy is robust to counter it.
  • Develop a ‘go to’ cyber incident response policy – know your actions to take in the event of an incident and who from a governance position has responsibility to manage that response.
  • Train your people – make sure they know how to recognise and respond to cyber threats, particularly from phishing attempts.
  • Use multi-factor authentication (MFA) on user accounts – limit the impact of a serious breach if a user’s credentials are compromised.
  • Regularly update software and systems – security patches should be tested and deployed as soon as possible.
  • Test your systems – use tools to find weaknesses and then rectify those issues.
  • Limit access to sensitive data and important systems – limit access to only those who have a requirement to help limit the impact if credentials are compromised. Back up your data regularly and in a secure location in the event of a major incident this will be essential.

Further information

Please contact Tim Robinson if you would like to discuss this topic further. We work with many organisations to help them understand their cyber position, build resilience and respond in the event of an incident.

Insights

We cover what we think are the top 10 Christmas scams of 2022.
We have compiled responses to a number of frequently asked questions which we received during and after our webinar.
We cover what we think are the top 10 Christmas scams of 2022.
We have compiled responses to a number of frequently asked questions which we received during and after our webinar.

Contact us

Martin Chapman
Martin Chapman
Partner, National Head of Forensic Services