With lessons learnt from 2022, Emmanuel Asika, Country Head for Nigeria, at HP reviews the evolving threat landscape and top cybercrime trends to watch out for in 2023:
The cyber threat landscape continued to evolve last year, with malevolent players joining forces more than ever before, exchanging access to networks and systems, sharing malware and sharpening their attack methods. Such heightened collaboration, coupled with the low cost of malware – three-quarters of malware kits cost less than ₦7,000 – are further triggering cybercrime to be more accessible. The implication being that more devices and end-users will be vulnerable to being under attack in 2023, and as cyber criminals intensify attempts to access enterprises – these systems, PCs and printers will be at the forefront.
These challenges, for cyber-security experts, will be intensified by the growing economic slump and uncertainties. As cybersecurity spending is set to increase by 13.2% in 2023, cost projections will be under critical observation, with emphasis on the most important cybersecurity demands.
With tough impending decisions, below are four cybersecurity trends that institutions must plan for in 2023:
Increasing costs can prompt an inflow of cyber hustlers and money mules, powering the cybercrime economy and leaving users at risk
The increase in the cybercrime gig economy, with its swing to platform-based business models, has made cybercrime simpler, affordable, and more dynamic. Cybercrime devices and mentoring services are readily available at low costs, luring cyber hustlers – adherents with little technical skill – to access needed information to make gains. With an impending global downturn, easy access to cybercrime tools and skills could enhance the number of scam SMS messages and emails filling our inboxes. Lured by the potential of quick money, there is a likelihood of seeing more recruits into money-muling schemes, unintentionally encouraging the cybercrime ecosystem as enablers of fraudulent transactions, money laundering, and perhaps ransoms payments.
The interrelated nature of the cybercrime gig economy means that threat actors can easily make money from email compromise attacks. If they find a victim and succeed by compromising an enterprise device, they can market that access to bigger ransomware gangs. This gives structured groups of hackers more reach, hence feeding into the cybercrime ecosystem.
Lured by the potential of quick money, there is a likelihood of seeing more recruits into money-muling schemes, unintentionally encouraging the cybercrime ecosystem as enablers of fraudulent transactions, money laundering, and perhaps ransoms payments.
Emmanuel Asika, Country Head for Nigeria, at HP.
With increasing attacks against users, embedding security in all devices from the hardware will be significant to prevent, detect and recover from attacks. Adopting a robust security culture is key for building resilience, however, only when combined with technology that decreases an organization’s attack interface. A whole group of threats can be eradicated without relying on detection by isolating risky activities like malicious emails. Threat containment technologies in this case ensure that if a user opens a malicious link or attachment, the malware can’t infect any data. With this model, businesses reduce the propensity of malicious attacks and protect employee interests without compromising their workflows.
Notorious hackers will invest in more attacks below the operating system
Until recently, firmware attacks were only used by sophisticated threat groups and countries. However, just last year, early signs revealed an increased interest and development of attacks below the operating system – from tools to hack BIOS passwords, to rootkits and trojans targeting device’s firmware. Today, we now see firmware rootkits advertised relatively cheaply on cybercrime marketplaces.
As one would expect, sophisticated threat actors are always looking to stay one step ahead in terms of their attack capabilities. Unfortunately, firmware security is frequently disregarded by organizations, giving room for adversaries to attack and exploit. Access to the firmware level allows attackers to gain persistent control and hide below the operating system, making them very hard to detect – let alone remove and remediate.
As such, organizations and individuals must ensure they understand industry best practices and standards for device hardware and firmware security. Additionally, organizations must further endeavour to understand and evaluate the latest technology readily available to protect, detect and recover from firmware attacks.
Remote access equipment will be on the forefront for attacks
Session hijacking is anticipated. The year will witness a growth in popularity – where an attacker hijacks a remote access session to obtain an organisation’s sensitive data and systems. The user is characteristically unsuspecting that anything malicious has happened and takes milliseconds to inject key sequences and issue commands that generate an alternative gateway for persistent access. It works even if Privileged Access Management (PAM) systems employ Multi-Factor Authentication (MFA), such as smart cards.
When a malicious attack links to Operational Technology (OT) and Industrial Control Systems (ICS) running factories and industrial plants, there could also be a noticeable impact on operational readiness and safety – possibly cutting off access to energy or communication for entire areas. The only way of preventing these kinds of attacks is breaking the attack chain and strong isolation technology, either through using a physically separate system, like a Privileged Access Workstation (PAW), or virtual separation, via hypervisor-based approaches.
Neglect print security at your risk in 2023
Presently, print security is endangered by the constant tendency to be a neglected factor of the total cybersecurity environment and with more printers connected to corporate networks due to hybrid working, the risks keep increasing. Institutions need to structure security policies and processes for monitoring and protecting print gadgets from attacks, at home and in the workplace.
The challenge is the risk telemetry coming from end points, including printers, is growing by the day. Consequently, we will see institutions concentrate investments on solutions and services delivery that provide functional intelligence rather than merely delivering more security data.
Tackling increasing threats
This year, organisations must be intentional with their security approaches. Often, security glitches start at the endpoint, hence, by embedding protection in these devices, businesses can lessen the burden on their security unit.
Regardless of the threats institutions face in 2023, it is apparent that the tactics we deploy to protect devices and data has to change. The key consideration here is strategic resource allocation, and the security teams need to recognise the specific areas of the business that are most susceptible to threats, and that would be most impacted in the event of a breach. It is also vital to have a layered approach to security which will allow institutions to execute isolation, gain actionable intelligence, isolation and more, whilst helping to lessen their attack surface and maintain safety of key data.
About author: Emmanuel Asika is Country Head for Nigeria at HP.
