Please update your browser.
Three Cybersecurity Trends to Watch Out for in 2023
Sophisticated phishing, vishing and ransomware campaigns will be aimed at a widening field of targets – but there are things you can do to protect yourself.
In recent years, we've seen a growing number of innovative threats and a rapidly expanding field of targets – and there are no signs that cybercriminals will slow down in 2023. Watch out for these trends and adopt these cybersecurity best practices to protect yourself wherever you are.
1. Social engineering attacks will get even more sophisticated.
- Phishing attacks are no longer just simple emails mimicking communications from legitimate services. Threat actors are doing their research and sending highly convincing messages through varying messaging platforms, often supported by target information they've gathered from data breaches. A cybercriminal can combine data from a compromised e-commerce retail site with information from social media to create customized, targeted attacks.
- "Callback" vishing attacks are increasing. These scams start with an email suggesting you've signed up for a subscription service. The email contains a number you can call to cancel the service. In these attacks, the criminal tries to convince you to install remote access tools – and then deploys malicious software to gain entry into your network and data.
- Criminals are incorporating Artificial intelligence (AI) in more polished phishing campaigns. Chatbots can be used to create full and convincing natural language phishing messages or fake job advertisements to support phishing campaigns. As language and video AI models advance, scammers will also be able to impersonate real people in real time with deepfakes, tricking victims into providing their financial and personal information.
2. Lucrative ransomware attacks will be used by more threat groups.
- Many ransomware groups use innovative phishing tactics to gain a foothold within target companies. New extortion tactics and threats will be part of this year's push for more ransom payments.
- Cybercriminals are also expanding the targets of their attacks to small and mid-size to large institutions, with less focus on larger national infrastructure targets.
3. Supply chain attacks, data breaches and DDoS (Distributed Denial of Service) attacks will remain a threat.
- Cybercriminals are finding ways to breach standard multi-factor authentication technologies. Businesses and customers using weak authentication methods are left vulnerable to data breaches and the loss of consumer information.
- Open source code repositories are a valuable legitimate resource for technology teams, but threat actors have been known to upload malicious packages into such repositories as well. They want targeted developers to inadvertently download malicious code and infect downstream organizations.
- World events have further complicated the threat landscape. Geopolitical conflict is acting as a catalyst for polarization of the criminal underground and an increasing number of attempts that include DDoS attacks.
- Because businesses are now so interconnected and reliant on one another for information and services, supply chain attacks or self-propagating malware that spreads beyond its intended target are also possible.
To protect yourself from these potential threats, you can incorporate these simple and effective practices into your day-to-day.
- Keep your devices and your apps up-to-date. When using any software or application, it's always important to apply security patches and updates as soon as they become available. This ensures identified vulnerabilities are remediated in a timely manner.
- Choose unique passwords and use multifactor authentication. Longer passwords are harder to break than shorter ones. Consider creating a passphrase and turn on multifactor authentication wherever it's available.
- Be smart about social media. Don't share too much personal information on your social media accounts, and review the privacy controls.
- Don't get phished. No matter how creative the phishing scam, common sense is your best defense. If something seems suspicious or doesn't feel right, then it probably isn't. Familiarize yourself with signs you should look out for in suspicious emails – and how to report them.
- Back up your data. Use cloud based services or external hard drives to copy your important data to a separate location.
The information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help you protect yourself from cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization are responsible for determining how to best protect against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.
You're now leaving J.P. Morgan
J.P. Morgan’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. J.P. Morgan isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the J.P. Morgan name.