Three Cybersecurity Trends to Watch Out for in 2023

Sophisticated phishing, vishing and ransomware campaigns will be aimed at a widening field of targets – but there are things you can do to protect yourself.

In recent years, we've seen a growing number of innovative threats and a rapidly expanding field of targets – and there are no signs that cybercriminals will slow down in 2023. Watch out for these trends and adopt these cybersecurity best practices to protect yourself wherever you are.

1. Social engineering attacks will get even more sophisticated.

• Phishing attacks are no longer just simple emails mimicking communications from legitimate services. Threat actors are doing their research and sending highly convincing messages through varying messaging platforms, often supported by target information they've gathered from data breaches. A cybercriminal can combine data from a compromised e-commerce retail site with information from social media to create customized, targeted attacks.
• "Callback" vishing attacks are increasing. These scams start with an email suggesting you've signed up for a subscription service.  The email contains a number you can call to cancel the service. In these attacks, the criminal tries to convince you to install remote access tools – and then deploys malicious software to gain entry into your network and data.
• Criminals are incorporating Artificial intelligence (AI) in more polished phishing campaigns. Chatbots can be used to create full and convincing natural language phishing messages or fake job advertisements to support phishing campaigns. As language and video AI models advance, scammers will also be able to impersonate real people in real time with deepfakes, tricking victims into providing their financial and personal information.

2. Lucrative ransomware attacks will be used by more threat groups.

• Many ransomware groups use innovative phishing tactics to gain a foothold within target companies. New extortion tactics and threats will be part of this year's push for more ransom payments.
• Cybercriminals are also expanding the targets of their attacks to small and mid-size to large institutions, with less focus on larger national infrastructure targets.

 3. Supply chain attacks, data breaches and DDoS (Distributed Denial of Service) attacks will remain a threat.

• Cybercriminals are finding ways to breach standard multi-factor authentication technologies. Businesses and customers using weak authentication methods are left vulnerable to data breaches and the loss of consumer information.
• Open source code repositories are a valuable legitimate resource for technology teams, but threat actors have been known to upload malicious packages into such repositories as well. They want targeted developers to inadvertently download malicious code and infect downstream organizations.
• World events have further complicated the threat landscape. Geopolitical conflict is acting as a catalyst for polarization of the criminal underground and an increasing number of attempts that include DDoS attacks.
• Because businesses are now so interconnected and reliant on one another for information and services, supply chain attacks or self-propagating malware that spreads beyond its intended target are also possible.
  
  

The information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help you protect yourself from cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization are responsible for determining how to best protect against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.