FEATURE
As we review our threat predictions for 2023 and beyond , a theme emerges more destructive attacks at scale , meaning the risk is increasing . As cybercrime converges with advanced persistent threat methods , cybercriminals are finding ways to weaponise new technologies at scale to cause greater disruption and destruction . At the same time , they ’ re spending more time on reconnaissance as they attempt to evade detection , intelligence and controls .
Cyber-risk continues to escalate – and more complex , sophisticated threats increasingly become ubiquitous – which means CISOs must be just as nimble and methodical as the adversaries . Below is a snapshot of the threats we anticipate seeing in the year ahead , what these specific risks mean for CISOs and how to best protect an organisation against emerging threats . Our Threat Landscape Predictions for 2023 report covers all this and more .
Prepare for more advanced persistent cybercrime
Last year , our FortiGuard Labs team predicted a rise in new vulnerabilities and more ‘ left hand ’ activity , or pre-attack reconnaissance and weaponisation , among attackers that would pave the way to further escalate the growth of Crime-asa-Service ( CaaS ).
Our prediction came true . We saw a rise in targeted attacks enabled by the RaaS model and more affiliates launching these calculated attacks . In just the first half of 2022 , the number of new ransomware variants we identified increased by nearly 100 % compared to the previous six-month period , with our FortiGuard Labs team documenting 10,666 new ransomware variants in 1H 2022 compared to just 5,400 in 2H 2021 . We largely attribute this uptick in new variants to the growth of Ransomware-as-a-Service ( RaaS ).
CaaS offerings will go mainstream planning efforts . Given cybercriminals ’ success with RaaS , we predict that a growing number of additional attack vectors will be made available as a service through the dark web . In addition to the sale of ransomware and other Malware-asa-Service ( MaaS ) offerings , we ' ll also start to see new criminal solutions – like video and audio deepfakes – and an increase in the sale of access to pre-compromised targets .
For seasoned cybercriminals , creating and selling ‘ As-a-Service ’ attack portfolios offer a quick , repeatable payday . Going forward , subscription-based CaaS offerings could potentially provide additional revenue streams . This emerging model would allow cybercriminals of all skill levels to deploy more sophisticated attacks without investing the time and resources to craft their unique plan .
Wipers are already running rampant
We ’ ve already witnessed the alarming growth in the prevalence of wiper malware this year . According to the 1H 2022 FortiGuard Labs Global Threat Landscape report , there was an increase in diskwiping malware in conjunction with the war in Ukraine , but it was also detected in 24 additional countries , not just in Europe .
Derek Manky , Chief Security Strategist & VP Global Threat Intelligence , Fortinet
We have also seen targeted attacks with wipers spill over into the private sector . We anticipate that cybercriminals will increasingly combine wiper technology with various threats to maximise the level of ongoing destruction they can cause .
But it is the commodification of wiperware that is the future concern making it more widely available to the cybercriminal community via CaaS . For example , using
We anticipate that cybercriminals are just getting started with their pre-attack
www . intelligentfin . tech
33