It’s been an eventful 2022 and, based on what our CyberArk Labs team is observing, 2023 will introduce yet another chapter of cybersecurity threats and challenges, along with some new opportunities for vigilant defenders. Here are six of our cybersecurity predictions for the coming year:
1. Web3 on the Blockchain Promises Enhanced Privacy — and Bigger Payouts
Today, more than four out of 10 consumers feel unable to protect their personal data, and many have taken action. This widespread push for greater data transparency and personal control will only grow stronger in 2023, accelerating global momentum for Web3 (aka Web 3.0) on the blockchain. But as technology infrastructure becomes more decentralized, the financial application attack surface will expand significantly, while security practices in this new frontier lag. Threat actors will use this to their advantage to target crypto exchanges and susceptible bridges to the world “off the chain,” drawing inspiration from the $615 million Ronin cryptocurrency heist of 2022.
2. Geopolitical “Winter is Coming,” Along with Increased Attacks on Critical Infrastructure
Our first predicted trend may be exacerbated by the continued conflict in Ukraine, as certain criminal groups ramp up financially motivated attacks and — banking on the promise of massive payouts — shift their gaze in decentralized infrastructure’s direction. Meanwhile, winter is rapidly approaching Eastern Europe, and we can expect attacks on critical infrastructure to spike as temperatures plummet, driving global energy prices up even higher.
3. What’s Old Will Be New Again as Threat Actors Revisit Familiar Tricks
Since Log4j sent shockwaves around the world, speculation on when the other shoe will drop has been constant. But the next “big thing” isn’t likely to be a massive zero day — especially as prices for these coveted vulnerabilities reach upwards of $10 million on darknets and other underground marketplaces, and well-resourced groups and nation-states compete fiercely. Most threat actors will use alternative ways to infiltrate organizations and move laterally toward their targets. And at the end of the day, why would they spend so much cash on a specialized exploit or time contriving new methods when old tricks like phishing, credential theft and social engineering, or one-day kernel-level or memory corruption exploits work just fine?
4. Forget New Year’s Diets — Your Cookies Will Be Too Irresistible
The good news is most organizations no longer view multifactor authentication (MFA) as a “nice to have” for their business applications, meaning most users must input both a username/password combo and complete a secondary authentication challenge before establishing a web session. The bad news is attackers are getting more sophisticated in snagging session cookies — which establish access to these third-party applications — to bypass both primary authentication and MFA and hijack accounts. As organizations continue to adopt more SaaS applications and consolidate them on the browser, session cookies will become even more critical and more vulnerable. With Genesis Store and other marketplaces specializing in stolen session cookies growing in popularity, threat actors will seek ways to further automate and scale these session hijacking attacks to boost profitability next year.
5. A Silver Lining in the Commoditized Credential Age
2023 is the year to begin a career in cybercrime, thanks to the commoditization of the credential. Would-be attackers who lack the skills (or time) can simply browse on a marketplace, fill their carts with cheap lists of stolen credentials and cookies or off-the-shelf ransomware, phishing and exploit kits and check out — no attack legwork required. In this environment, MFA and two-factor authentication won’t be enough. Yet there will be a silver lining for security teams that take a defense in depth approach — one that could swing the pendulum in their favor. Rushing to get rich quick, many cybercriminals will make rookie mistakes or create far too much noise on the network, foiling their plans. For instance, pushing 20 authorization requests in rapid succession as part of an MFA bombing attempt will show up in the victim organization’s logs and raise major red flags.
6. Carbon Credits Will Take Center Stage in Multi-Million-Dollar Schemes
On the heels of the COP27 Climate Conference in Egypt where carbon credits took center stage, opportunistic cyber attackers will increase efforts to manipulate the murky and largely unregulated voluntary carbon market (VCM). While carbon credits continue to grow in popularity with companies and governments working to reduce emissions and offset their own output, we can expect to see more multi-million-dollar schemes to steal and sell emission-trading rights in the next 12 months.
For more content on stolen cookies sessions, register for our Nov. 30, 2022 webinar, “No More Cookies for You: Attacking and Defending Credentials in Chromium-Based Browsers” — presented by Shay Nahari, VP of CyberArk Red Team Services and Andy Thompson, Global Research Evangelist, CyberArk Labs.