Mandiant is aiding many enterprises in Saudi Arabia with cyber threat information, providing products, services, and other resources to help them protect against relevant threats.
Mandiant’s projections for the coming year were initially referred to as ‘predictions.’ Yet, the company’s predictions for the cyber security landscape in the future year are always based on current global trends. This study contains predicting insights from several of Mandiant’s best minds, including Sandra Joyce, Head of Global Intelligence, Charles Carmakal, Consulting CTO, and Phil Venables, CISO for Google Cloud. Threats evolve, attackers modify their tactics, approaches, and processes regularly, and defenders must adapt and remain persistent to keep up. This Forecast aims to help the cyber security industry frame its fight against cyber adversaries in 2023.
Global Forecasts
● Protecting supply chains
The supply chain is as attractive a target as ever for cyber-attacks. Mandiant’s latest M-trends report reveals that supply chain compromise rose to the second most common initial infection vector in 2021 at 17% of intrusions investigated by Mandiant.
● More Attacks by Non-Organized Attackers and Non-Nation State Attackers
In 2023 Mandiant forecasts more intrusions conducted by non-organized and non-nation state attackers. More of the threat actors operating out of North America and Europe will likely be younger and performing intrusion operations not because they’re interested in making money specifically or because governments have tasked them with doing it but because they want to be able to brag to their friends or boast online that they’ve hacked into and brought embarrassment to prominent organizations. While they will be happy to achieve financial gain, that may not necessarily be their lead motivation.
● More Extortion, Less Ransomware
Historically, cybercriminals have used ransomware to monetize access into a victim’s network. Due to several high-profile and visible breaches last year, organizations see mitigating brand damage as a compelling reason to pay a ransom than regaining access to encrypted systems. Over the next year, the trend shows that criminals rely on extortion, but actual ransomware deployments may decline. Ransomware-as-a-service (RaaS) providers will modernize their software to focus on data exfiltration and ‘leak sites’ for public shaming.
● Information Operations (IO) Will Rely More on Third Party Organizations for Plausible Deniability
IO has historically been politically motivated and state-sponsored, as observed in the 2016 U.S. elections. Since then, there has been more outsourcing of IO work by state actors. This trend could grow in 2023 as ‘hack-for-hire’ engagements become more common. In 2019, OSINT researchers observed a pro-Indonesian IO social media campaign conducted by Jakarta-based media company InsightID. This campaign was aimed at distorting the truth about events in the restive Indonesian province of Papua. Coincidentally supporting this observation, Meta testified in mid-2021 about an increase in hiring marketing or public relation firms in IO campaigns—to lower the barrier of entry for some threat actors and obfuscate the identities of more sophisticated ones.
● Enterprises Will Lean into Password-less Authentication
Corporate credential theft continues to be one of the top ways cybercriminals access victims. Furthermore, in 2022, several examples of attackers have found ways to circumvent multifactor authentication technologies. Apple, Google and Microsoft have committed to consumer-based password-less resources based on FIDO Alliance and World Wide Web Consortium standards. The initial rollout of these technologies will focus on consumer-grade password-less resources, but CISOs will demand enterprise identity platforms to expand password-less concepts to the enterprise market. Over the next year, organizations should look for enterprise-focused password-less solutions.
● Identity First, Identity Lost
Threat actors have shifted from gaining control of an endpoint to accessing a user’s credentials and account. A user’s identity within an organization has become more critical than access to the user’s endpoint. Over the next year, threat actors will find new ways to steal identities from users using a combination of social engineering, commodity information stealers, and information gathering from internal data sources post-compromise. They will combine stolen credentials with new techniques to bypass multifactor authentication (MFA) and abuse Identity and Access Management (IAM) systems.
● Attackers Will Read More Security Research to Learn Offensive and Defensive Tactics
A trend observed in 2022 is expected to increase: Threat actors will continue to study the blogs and research of analysts in the security community to learn offensive tactics and techniques, defensive strategies and how to exploit vulnerabilities. They may discover clever ways to break into organizations or learn techniques written about in a security post two or three years ago that haven’t been used in the wild. Mandiant has already observed threat actors reading defenders’ security blogs to learn how they could be detected.
● Cyber Insurance Will Be Harder to Obtain, and Coverage May Be Restricted
Over the years, more enterprises have relied on cyber insurance to cover their cyber risks as management has become more aware of cyber security risks. However, claims have skyrocketed, forcing insurance firms to reevaluate their risk appetite and scale back coverage accordingly. Many firms attempting to renew their cyber insurance—or fresh in the market—may find difficulty obtaining the desired range.
● When the Real World Meets the Virtual World
SMS, email, and application redirection attacks have already been observed and encountered. Now a new model is coming—an approach that consists of deceiving victims in the real world. For example, in 2022, there was a campaign in which victims received a receipt for the delivery of packages in their physical mailboxes. The permit included a QR code directing them to an identity and credit card number theft site. In 2023, more schemes like this are expected, where the attacker uses everyday physical support to deceive their victims. Fake advertisements, fake USB keys, fake receipts—the possibilities for attackers are endless. Educating employees and the public is the best defence against these threats.
Ransomware has been a staple of Mandiant reports for several years. While it is well-established as part of many threat actors’ toolkits, data shows more of a drop in U.S. incidents and a rise in European incidents. While entities in European regions need to stay especially vigilant, organizations worldwide need to be ready for increased attempts at extortion. Extortion actors will only stop at something to achieve their goals, even using physical devices and less common types of social engineering.
2023 is also expected to increase the number of attackers motivated simply by bragging rights. These actors are often younger and unrelated to a nation-state or organized group. However, there could still be nation-state activity.
The road to more robust cyber defences has always been complex, especially for security professionals. Organizations have a lot to keep in mind for 2023 regarding cyber security.