Kategorie

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core lib for REST API," according to Israeli cybersecurity firm Check Point. It has since been taken Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "thingsThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

Microsoft's unveiling this week of the production release of .NET 7 advances the company's efforts over the past few years to unify the open source development runtime to support multiple architectures and platforms.

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are capitalizing on this vulnerable industry more than ever. From advanced APT campaigns targeting crypto organizations (BlueNoroff, NaiveCopy, etc) to various types of hastily made crypto scams, we observe threat actors diversifying their malicious activity against crypto investors — and not only them.

In fact, cybercriminals hunting for crypto can target anyone. Apart from cryptocurrency theft they extort digital money or illicitly mine it using victim’s devices instead of their own. Cryptocurrency mining is a painstaking and costly process, and not as rewarding as when the prices were high. However, it still attracts even legitimate miners. This can be explained, on the one hand, by the falling cost of mining equipment and, on the other, by less efficient market players having left the game, allowing those who remain to increase their market share. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. They install mining software on the target computer to use its processing power without the victim’s consent. Moreover, malicious mining, or cryptojacking, does not require a lot of narrow technical expertise. In fact, all the attacker needs to know is how to create a miner using open-source code, or where to buy one. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings. In this report we analyze cryptojacking activity in the first three quarters of 2022, and provide some relevant statistics and insights.

Methodology

This research aims to define the state of cryptojacking in the current threat landscape. The data in this report has been taken from aggregated threat statistics obtained from a variety of sources that include our internal sources, open sources, etc. The main tool we use to obtain and analyze threat-related data is Kaspersky Security Network (KSN). KSN is dedicated to processing cybersecurity-related depersonalized data streams from Kaspersky products whose users consented to anonymized data collection. The metrics provided in this report are based on the number of distinct users of Kaspersky products with KSN enabled who encountered cryptominers at least once in a given period, as well as research into the threat landscape by Kaspersky experts. All analyzed data is anonymized.

In this report, we examine the main motivation factors for cybercriminals resorting to malicious mining, as well as the most widespread ways of propagation into the victim’s computer. The threat landscape of hidden mining malware is analyzed through a close examination of new malware modifications, the number of affected users, and their geographical distribution. Additionally, we look into certain cryptojackers’ wallets to get some insight into the amount of money they receive.

The statistics in this report are provided for the first three quarters of 2022. The data from 2022 is compared to data from 2021 to assess year-on-year development trends in cryptojacking.

Key findings:

• Malicious mining programs are widely distributed through unpatched vulnerabilities in operating systems. In Q3 2022, nearly one in six cases of exploiting well-known vulnerabilities was accompanied with miner infection.
• In Q3 2022, the number of new variants of miners saw more than triple growth when compared to Q3 2021, and exceeded 150,000.
• Q1 2022 saw the biggest number of users (over 500,000) affected by malicious mining software, and the smallest number of new malicious miner variants.
• The country with the highest number of attacked users was Ethiopia, where cryptocurrencies are banned officially.
• Monero (XMR) is the most popular cryptocurrency for malicious mining.

To mine or not to mine?

Cryptojacking is becoming more prominent in the global threat landscape. This year we saw various types of attackers switching their attention to crypto mining. For example, AstraLocker, a major ransomware operator, shut down this activity to pursue cryptojacking. One of the main reasons for that shift may lie in the fact that malicious mining is one of the easiest ways to earn passive income. While ransomware operators pursue bigger money, not every attack results in the ransom being paid. Miners, on the contrary, just infect the machine and earn a stable profit for their operators. Moreover, unlike ransomware, which announces its presence as soon as the victim files are encrypted, mining malware can remain in the target system unnoticed for months or even longer.

Ways of propagation

There are many ways to distribute miners, and most of them are similar to the methods of distribution of any other type of malware.

One of the most popular miner distribution methods is through malicious files masquerading as pirated content. Cybercriminals actively lure their victims with trendy films, music, games, and software to spread malicious mining programs. They can distribute them through specially crafted landing pages, as well as via torrent links.

While the method described above affects mostly consumer devices, there are a number of distribution methods for delivering miners to more powerful equipment used by businesses. They include hacking the victim’s server using leaked or bruteforced credentials, worm-like spreading through flash drives or network storages, and distributing miners through unpatched vulnerabilities in the OS and other software.

Not always malware

Interestingly, cybercriminals use not only malware to mine digital currency without users’ consent. They try to avoid detection and save resources on malware development using legitimate mining programs with open-source code. By themselves, these tools do not contain malicious functionality, but they can be loaded by mining malware and used for cryptojacking.

Example of legitimate programs used by cryptojackers to covertly mine Ethereum (ETH), Ravencoin (RVN), Ethereum Classic (ETC), and Ergo (ERG), according to our statistics

Cryptojacking in numbers Vulnerability exploitation and miners

Unpatched vulnerabilities pose a serious challenge to users, while being an appealing lure for cybercriminals who exploit them to spread malicious activity. Our telemetry shows that miners are one of the most widespread types of threats when it comes to attacks via vulnerable software. Moreover, 2022 saw an increase in the share of hidden mining software distributed through well-known vulnerabilities. This year, nearly one in seven attacks exploiting such vulnerabilities was accompanied with miner infection. In Q3, miners became even more widespread than backdoors, which were the prime choice of cybercriminals throughout the first half of 2022, and accounted for one sixth of all vulnerability exploitation attacks.

TOP 4 malware types that attackers tried to launch as a result of exploiting vulnerabilities, Q1–Q3 2022 (download)

Let’s look at some specific services whose vulnerabilities are often used in cyberattacks. In Q1 2022, 14% of SQLAgent vulnerability exploitation cases resulted in miner infection, and in Q3 2022 this number grew slightly to 16% of all SQLAgent attacks.

TOP 4 malicious and unwanted file types installed via SQLAgent vulnerabilities, Q1–Q3 2022 (download)

The share of mining software loaded as a result of exploitation of LSASS-related vulnerabilities grew as well, from 17% in Q1 2022 to 19% in Q3.

TOP 4 malicious and unwanted file types installed as a result of exploitation of LSASS-related vulnerabilities, Q1–Q3 2022 (download)

New modifications and affected users

The overall number of new modifications of malicious mining software also increased dramatically in 2022. From January to the end of October 2022, Kaspersky solutions detected 215,843 new modifications of miners. This is more than twice the rate for the same period in 2021, when the number of modifications edged slightly over 100,000.

Notably, the number of new variants of such programs skyrocketed in Q3 2022. Compared to Q3 2021, that was more than threefold growth. Thus, in Q3 2022, the number of new malicious miners exceeded 150,000. This may be explained by the fact that after hitting their lowest rates in late June and the beginning of July, cryptocurrencies grew slightly at the end of the month. Cybercriminals may have increased their activity in anticipation of further growth that did not happen.

Number of new miner modifications, Q1–Q3, 2021 and 2022 (download)

Interestingly, during the period of analysis, the biggest number of affected users was registered not in Q3, which experienced a surge in new miner modifications, but in Q1, when the number of new modifications was the lowest.

Number of users affected by miners, Q1–Q3, 2021 and 2022 (download)

Attack geography

Interestingly, the most targeted country in Q3 2022 was Ethiopia (2.38%), where it is illegal to use and mine cryptocurrencies. Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place.

TOP 10 most targeted countries by share of users encountering miners, Q3 2022:

Country* % of users attacked by miners** 1 Ethiopia 2.38% 2 Kazakhstan 2.13% 3 Uzbekistan 2.01% 4 Rwanda 1.93% 5 Tajikistan 1.83% 6 Venezuela 1.78% 7 Kyrgyzstan 1.73% 8 Mozambique 1.57% 9 Tanzania 1.56% 10 Ukraine 1.54%

* Excluded are countries where the number of Kaspersky users is relatively small (less than 50,000)
** Percentage of unique users whose devices were attacked by miners, from all unique users of Kaspersky products in the country.

Fourth place goes to Rwanda (1.93%), and fifth to Tajikistan (1.83%). The sixth most attacked country is Venezuela (1.78%), which is known to be among the first nations in the world to introduce a national cryptocurrency, Petro.

Let’s talk money

We took a closer look into the mining attacks to get some understanding of which coins are more popular among cybercriminals, and how much money they make mining these coins. For this we analyzed mining malware samples that were detected by our products in September 2022, extracted cryptocurrency wallet addresses from them, and monitored transactions to these wallets from January 1, 2022, through September 30, 2022. Note that there are other miner samples, as well as other wallets out there that are not represented in these statistics. Note also that we cannot distinguish mining transactions to the monitored wallets from other types of transactions.

Most of the analyzed samples of malicious mining software (48%) secretly mine Monero (XMR) currency via the victim’s engine. This currency is known for its advanced technologies that anonymize transaction data to achieve maximum privacy. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories — all these factors are extremely appealing to cybercriminals.

Most popular digital cryptocurrencies mined via cryptojacking (download)

The world’s most popular cryptocurrency, Bitcoin (BTC), was cybercriminals’ second choice with a share of 17%; while Ethereum (ETH), which is most frequently used to exchange NFTs, closes the Top 3 with 14%. Other cryptocurrencies mined by cybercriminals are Litecoin (LTC), Bit Hotel (BTH), Dash (DASH), Dogecoin (DOGE), and Neo (NEO).

Cybercriminal profits vary greatly from wallet to wallet. Bitcoin wallets we monitored on average received 0.08 BTC or around US$1.6K per month. However, one Bitcoin wallet showed significantly greater transaction amounts. In September 2022, for example, it received nearly 1.79 BTC, the equivalent of more than US$34K at the time of research.

Conclusion

Even though the world is facing a crypto winter with digital currencies losing their value, cryptocurrencies remain appealing for cybercriminals. The rise in the number of cryptojacking attacks goes hand in hand with the rising number of new program modifications and diversified ways of propagation. Hidden mining is a profitable activity which requires minimum effort; therefore, cybercriminals will continue to try to gain profit this way. Although hidden mining doesn’t cause direct financial damage to victims, it lowers the performance of infected systems, at the same time as increasing the electricity costs for victims. Therefore, companies and users should remain alert to the current threat trends and get ready for the crypto spring ahead of us.

To ensure no one is using your home equipment for their own profit, follow these tips:

• Use reliable security solutions that protect your computer and other devices from mining malware.
• Download software and media from official sources; remember that pirate files can contain a malicious payload.
• Do not forget to update your operating system and other software.

To keep your corporate devices protected, we recommend:

• Always keeping software updated on all devices you use so as to prevent attackers from infiltrating your network by exploiting vulnerabilities.
• Introducing strict cybersecurity policies in your organization to avoid a situation when employees use corporate computing power to mine crypto coins or install malicious software on corporate equipment by accident.
• Using a dedicated security solution such as Kaspersky Endpoint Security for Business that can quickly detect and eliminate malicious activity, as well as help manage vulnerabilities and patches.

Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets. UEFI Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

There was a lot covered at this year's 2022 RhythmWorld Security Conference! In one of our more technical sessions, we discussed Microsoft Sysinternals' recent release of Sysmon for Linux, an open-source Linux system monitoring tool.

Future Intel CPUs and some existing processors via a microcode update will support a new feature called the Asynchronous EXit (AEX) notification mechanism to help with Software Guard Extensions (SGX) enclave security. Patches for the Linux kernel are pending for implementing this Intel AEX Notify support with capable processors.

Digital security is getting stronger, so criminals and law enforcement alike may be more willing to physically take your laptop or storage device to gain access to your data. It's possible, however, to protect yourself against this invasion of privacy thanks to encryption.

REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis .

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business.  Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too:  Reputational damage  Customer attritionThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.

As for KSB 2022, we invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year. The contributors include representatives from government institutions: H.E. Dr.Mohamed Al Kuwaiti (UAE Cyber Security Council), and public organizations: Kubo Mačák, Tilman Rodenhäuser, Mauro Vignati (ICRC), Serge Droz (FIRST), Sven Herpig (the think tank Stiftung Neue Verantwortung). Also, we’d like to thank Prof. Dr. Dennis-Kenji Kipker (the University of Bremen; European Academy for Freedom of Information and Data Protection (EAID)), Arthur Laudrain (The Hague Centre for Strategic Studies), Stefan Soesanto (The Center for Security Studies (CSS) at ETH Zurich) for their scientific and profound contribution. Moreover, we included predictions made by our fellow commercial organizations – James Range (White Rock Security Group) and Irena Yordanova (Polycomp Ltd.).

The opinions shared by the contributing experts do demonstrate a complexity of the modern cybersecurity industry and a strong need for collaboration among different organizations in order to combat cyberthreats that companies, individuals or even whole countries are exposed to.

What cyberthreats for business will be the greatest in 2023?

Vladimir Dashchenko, Security Evangelist, Kaspersky

The ongoing geopolitical storm brings not only classical cyberthreats for business, but also unpredictable risks and ‘black swans’. The main problem for 2023 will be supply-chain stability and cybersecurity. While supply-chain is a big challenge for business right now, its cybersecurity is not merely an issue, it’s a major problem. Supply-chain will become more of a sweet spot for targeted ransomware and state-sponsored espionage campaigns.

Another big issue is global semiconductor shortage. This will definitely play its role in corporate cybersecurity. While many companies need increasingly more computing power, (servers, workstations, network hardware and so on…) the price on the equipment continues to rise. There’s a possibility that, to cover hardware needs, some of the businesses will have to cut planned cybersecurity expenses.

Yury Slobodyanuk, head of content filtering research, Kaspersky

I think we will continue seeing attacks targeting the infrastructure of different countries and organizations. Phishing attacks are going to become even more sophisticated, since a lot of basic tactics have already been tried this year, and businesses learned to repel those.

Ivan Kwiatkowski, senior security researcher, Global Research and Analysis Team, Kaspersky

Businesses will still be mostly concerned with ransomware. The conflict between Russia and Ukraine has marked an end to any possible law enforcement cooperation in the foreseeable future. We can therefore expect that cybercrime groups from either block will feel safe to attack companies from the opposing side. Some may even perceive this as their patriotic duty. The economic downturn (caused by energy prices, inflation, sanctions, etc.) will lead more people to poverty, which always translates to increased criminality (cyber or otherwise), and we know ransomware to be extremely profitable.

James Range, President of White Rock Security Group

Zero trust will take on greater prominence with the continued role of the remote and hybrid workplace. Remote work will continue driving the need for zero trust since hybrid work is now the new normal. With the federal government mandating agencies to adopt zero-trust network policies and design, we expect this to become more common and the private sector to follow suit as 2023 becomes the year of verifying everything.

Arthur Laudrain, Strategic Analyst (Cyber Program), The Hague Centre for Strategic Studies

In 2023, we might see a slight decline in the raw number of ransomware attacks, reflecting the slowdown of the cryptocurrency markets. However, ransomware operators will keep professionalizing their operations and will target higher value organizations. At the same time, state-sponsored attacks will remain high in the threat landscape, with no ease of geopolitical tensions with Russia, China, North Korea, and Iran in sight. Businesses most at risk are aerospace and defense contractors, as well as critical infrastructure operators (utilities such as water, electricity, and Internet, but also hospitals and operators of large cyber-physical systems such as dams).

Stefan Soesanto, Senior Cyber Defense Researcher, The Center for Security Studies (CSS) at ETH Zürich

If I had a magic 8-ball, I would predict that the greatest cyberthreats to businesses in 2023 will be a significant increase in foreign intelligence services conducting operations under the cover of hacktivist groups, fighting big oil, climate change, fiscal policies etc. And that (b) we are also likely to see a steep increase in DDoS extortion campaigns as the Cyberwar in Ukraine leads to all-time-high levels of DDoS attacks.

Irena Yordanova, Product Manager Software, Polycomp Ltd.

We expect cyberthreats to rise in 2023, as unrest in the world contributes to an increase in cybercrimes. Malware attacks like ransomware will happen to businesses more frequently. And IT teams should be prepared to deal with evolving threats posed by emerging technologies which are becoming widespread, such as geo-targeted phishing or attacks related to Cloud Security, IOT and AI. Most probably more attacks on the education and healthcare sectors will occur plus targeted campaigns against industry leaders – especially those that hold critical information: sensitive data, top expertise, and latest technologies. Given that, employees should be educated and equipped to fight these mature attacks; and their companies can contribute by having experienced outside security partners to support them on this issue. End-users can prepare themselves with an easy-to-use security solution for upcoming challenges, whether it’s phishing attacks or threats related to multiple layers of security.

What cybersecurity challenges will industries face next year?

Vladimir Dashchenko, Security Evangelist, Kaspersky

Threat modeling approaches will be changed in 2023. Internet ‘balkanization’, ongoing military conflicts, changes, and tensions in existing political groups of countries are influencing cyberspace and cybercrime. We will see an increasing number of cybercriminals taking political sides and breaking the law with political statements. Also, script-kiddies (low skilled hackers) will be joining groups of cybercriminals led by more skilled perpetrators, or state sponsored hackers more often.

The major challenge for cybersecurity itself will be a lack of transparency and information sharing between companies. It will be extremely difficult to follow the ‘business as usual’ concept and remain neutral. Global political conglomerates will unfortunately influence cyberspace and cybersecurity.

Arthur Laudrain, Strategic Analyst (Cyber Program), The Hague Centre for Strategic Studies

Next year should see a continuation of existing trends. In particular, governments, critical infrastructure operators, and businesses with a large international footprint will face the continued challenge of ensuring the safety and integrity of their supply-chains, both in terms of software and hardware. Often, this will require closer integration with their contractors and suppliers, none the least to comply with new regulatory obligations in the U.S. and the E.U.

James Range, President of White Rock Security Group

Given the continued surge of ransomware attacks, which soared 288% in the first half of 2022 alone, the need for cyber insurance will be a bigger priority, especially in the SMB market. Although many industry experts argue against payouts, making cyber coverage a controversial topic, the evolving threat landscape means cyber insurance should be a top consideration as part of organizations’ cyber strategy. As such, we anticipate a booming cyber insurance industry as many organizations heed these warnings and seek to guard against ransomware attacks. Yet, in addition to cyber insurance, companies will need a designated DR or RR (Rolling Recovery) plan.

Kubo Mačák, Legal Adviser, Tilman Rodenhäuser, Legal Adviser, Mauro Vignati, Adviser on Digital Technologies of Warfare, ICRC

A key concern for 2023 is that civilians will be further impacted by cyber operations during armed conflict. Civilian data, devices, and networks – such as government services, critical infrastructure, or companies – risk being deliberately disrupted or damaged, often in violation of the laws of war. Civilians – individuals and companies – may get drawn into digital warfare activities, encouraged to engage in cyber operations or to support kinetic military operations through digital means. Such developments put people and societies in danger and undermine the cardinal rule that belligerents must at all times distinguish between what is military and what is civilian.

Stefan Soesanto, Senior Cyber Defense Researcher, Center for Security Studies (CSS)

I expect that the theft of medical data (ex. Finland’s Vastamoo in 2020 & Australia’s Medibank in 2022), as well as highly private personal data (ex. Ashley Madison in 2015) will become the major focus of ransomware groups and other cybercriminal actors alike. Underpinning this trend, the lesson learned is that imposing massive psychological pressure directly on thousands of separate victims, increases the likelihood of individual extortion payouts being made.

What cyberthreats will pose the most danger to end-users?

Yury Slobodyanuk, head of content filtering research, Kaspersky

As the geopolitical situation is quite tense, different types of fraud will take advantage of new events that will take place. Also, various techniques of generating fake news using AI may be used.

Sven Herpig, Director Cybersecurity at think tank Stiftung Neue Verantwortung

I believe cybercrime is the biggest threat to end-users, but mainly in an indirect fashion. Cybercrime is looming over providers of essential services and goods such as municipalities, hospitals and even producers of baby food offline, rendering them less or non-operational for several days or weeks. This has a direct impact on citizens’ lives in the real world and is therefore something that I would see as one of the most prevailing threats to individuals.

Prof. Dr. Dennis-Kenji Kipker, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)

Remote workers in home offices continue to play a major role in everyday working daily life, along with the increased use of BYOD, which takes control of devices away from administrators. Since 2020, therefore, forms of spear phishing, social engineering and CEO fraud, as well as ransomware, become increasingly prevalent and will continue to be of considerable importance in 2023. The professionalization of cybercrime, now an independent “industry”, is contributing to a further tightening of the security situation for end users, as low-cost mass attacks are made possible in this way.

H.E. Dr.Mohamed Al Kuwaiti, UAE Cyber Security Council

IoT Vulnerabilities. Security issues keep plaguing IoT devices dominating the market today. As IoT combines the physical world and virtual space, home intrusions are being added to the list of the scariest possible threats that IoT brings.

Vulnerabilities in Autonomous Vehicles. Due to the inherent risks of Autonomous Vehicles, they are increasingly vulnerable to attacks resulting in data breaches, supply chain disruptions, property damage, financial loss, and injury or loss of life.

What are the main challenges cybersecurity will face in 2023?

Ivan Kwiatkowski, senior security researcher, GReAT Kaspersky

The security industry will face direct pressure resulting from the political situation. Things were complex before and they will only get worse. The biggest challenge that vendors will have to face in 2023 will be to remain neutral, if they haven’t decided to align with one block or the other already. (My opinion on this bigger matter is explained in this talk.) Generally speaking, politics and threat intelligence will become more and more entwined, and we’re very unprepared for this as a community.

Yury Slobodyanuk, head of content filtering research, Kaspersky

I think attacks will evolve a lot quicker next year, and a main challenge will be to still be a couple of steps ahead.

Sven Herpig, Director Cybersecurity at think tank Stiftung Neue Verantwortung

I don’t think that there will be anything substantially new in 2023 – one of the key challenges will still be the lack of adoption of basic security and resilience measures which cybercriminals will successfully exploit.

Prof. Dr. Dennis-Kenji Kipker, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)

Cybersecurity requires not only secure software, but also sufficiently trustworthy hardware. For too long, we have relied on globalization in IT security and placed too little emphasis on protecting the digital supply chain. In Germany, this was made clear by the debate about protecting sensitive 5G networks; in the geostrategic conflict between the People’s Republic of China and Taiwan, we are now seeing that we are already in the midst of a semiconductor crisis that threatens the security of supply with trustworthy IT. Here, it can be assumed that significant cybersecurity challenges will continue to rise in 2023 as political tensions grow.

Serge Droz, Technical Advisor, Member of the Board, FIRST

Cybercrime will continue to focus on optimizing gains per investment, meaning that smaller and/or less mature organizations will be targeted even more. These may be SMEs or businesses in sectors that don’t include IT in their core business, in particular health services. The problem with this target group is that they either have very different priorities (a ransomed hospital simply cannot afford to delay recovery, and thus pays) and don’t have the resources to defend themselves, or they just don’t have the expertise. This is what Wendy Nater calls “living below the security poverty line”. And this will be the challenge to our industry: how can we provide effective protection that works and is affordable to these types of organizations. Or in other words, can we provide security services to people other than for security specialists? My guess would be that reaching this goal requires different industries working together, in particular I feel the role of insurance needs to be clarified and aligned.

James Range, President of White Rock Security Group

Cyber teams are going to be in the spotlight now more than ever. Understanding your security posture is crucial; knowing what current tools are available and the gaps that currently exist in your infrastructure will help you to protect your enterprise. The need for bigger cyber budgets and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.

H.E. Dr.Mohamed Al Kuwaiti, UAE Cyber Security Council

DDOS Botnets. One of the most recent severe attacks around the end of June 2021, was made using malware called the Mēris botnet which has climbed to the record. Due to the new nature of the malware as it has been described as a “new assaulting force on the Internet – a botnet of a new kind” and its impact is more likely to be that similar real-time emerging malware-related DDoS attacks like this one will be used in 2023.

Ransomware as a service (RaaS). Unlike other forms of malware, this new service provides “a sort of criminal Content Distribution Network (CDN) similar, in principle, to those used by major internet portals but used exclusively for malware”. Nearly half of breaches during the first six months of 2022 involved stolen credentials, Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, 2022. This has probably been the most discussed attack in 2022 as it’s the first time a country declared a national emergency in response to a cyber-attack. Ransomware-based malware had been quite active in 2022.

Deep fake enabled business compromise. Deepfake-enabled compromise is a type of attack where threat actors leverage synthetic content. This includes video or audio altered or created using artificial intelligence and machine learning to impersonate C-suite executives and trick employees into transferring large sums of cash.