Cyber threats to Managed Service Providers, Hybrid Workers and Connected Cars will intensify in 2023 and increase the level of cyber risk.

Trend Micro, one of the world’s leading companies in the field of cyber security, has published its report titled “Trend Micro Cyber Security Forecasts 2023”, which includes cyber security predictions for 2023. The report warns that cyberattackers will intensify attacks targeting the home, offices, software supply chain and cloud environment in the coming year.

Indicating that the effects of the pandemic have decreased but remote and hybrid working has become permanent, Trend Micro Turkey Country Manager Hasan Gültekin said, “This means that cyber attackers will focus on VPNs, network and office devices, and cloud infrastructure in 2023, whose vulnerabilities have not been closed. Therefore, cybersecurity teams and businesses need to focus on solutions that combine attack surface management and detection and response in a single, more cost-effective platform.” said.

The report reveals that VPNs will make an attractive target, as they can be used to target multiple corporate networks. Modems and routers used in homes will also be another important target of cyber attackers, as they are often used without the necessary security updates and are not centrally managed by IT teams.

The report lists several trends that IT security teams need to watch carefully in 2023:

A growing supply chain destination originating from Managed Service Providers (MSPs). They will be among the key targets of cyber attackers as they gain access to large volumes of downstream clients and increase revenue from ransomware, data theft and other attacks.

Techniques of “existing outside the cloud”.

For groups attacking cloud infrastructure, hiding from traditional cybersecurity tools will become the norm. A good example is using the target’s backup solution to download the stolen data to their own storage.

Threats to connected vehicles targeting in-vehicle embedded SIMs (eSIM) and cloud APIs located between backend application servers.

These APIs (Ex. Tesla API) can be used to access vehicles. The connected car industry can also be affected by malware lurking in open source repositories.

RaaS (Ransomware as a Service) groups will develop new business models as the impact of attacks diminishes.

Some groups will focus on cloud infrastructure, while others will abandon ransomware altogether and try to monetize other methods such as data theft.

Social engineering cases will increase.

With the increase in BEC-as-a-Service (BEC-as-a-Service attacks) and “deepfake”-based BEC attacks, there will be a massive increase in social engineering cases.

Trend Micro recommends organizations mitigate these threats, which are expected to emerge in 2023, by:

Zero trust strategies based on “never trust, always verify” logic to minimize damage without compromising user efficiency.
Increasing the training and awareness of employees in order to turn a weak link in the security chain into an effective line of defense.
Unifying all security processes in a single security platform for monitoring the entire attack surface and for threat detection and response. This will improve a company’s ability to detect suspicious activity on its network, reduce the burden on security teams, and keep security teams on edge.
Stress testing of IT infrastructures to ensure readiness for cyber attack, especially with various scenarios where a gateway is already breached.
A tailor-made software bill of materials (SBOM) for each application to accelerate and improve vulnerability management by providing visibility into code developed in-house, purchased from commercial sources, and generated from third-party sources

Source: (BYZHA) – Beyaz News Agency