AhnLab announced the ‘2023 Top 5 Cyber Security Threats Forecast’ by summarizing the cyber security threats expected in 2023.
The main security threats predicted by AhnLab for next year are ▲Ransomware organizations pursuing a ‘Quantity to Quality’ strategy ▲The trend of ‘parasitic’ attacks that leak the organization’s core information for a long period of time ▲The discovery of high-impact ‘jackpot’ vulnerabilities and Exploitation continues ▲Supply chain attacks, expansion to mobile environments ▲Intensified attacks targeting individuals’ virtual asset wallets, etc.
Kim Geon-woo, head of AhnLab’s Security Response Center (ASEC), said, “With digitalization throughout society, security is no longer an issue only for specific entities.” He added, “In the future, attackers will continue to utilize all attack points to maximize effectiveness, so there is no one ‘security all-rounder. “Rather than looking for the ‘key,’ this is a time when a multifaceted approach between organizations and users is needed.”
The outlook for the five major cyber security threats in 2023 compiled by AhnLab is as follows.
Ransomware organization pursues ‘Quantity to Quality’ strategy
While the emergence of new ransomware has slowed down recently, ransomware attack groups are expected to pursue a ‘quality over quantity’ strategy in the future, aiming for maximum profits and effects with minimal attacks. To this end, the attack group is expected to first take control of the organization’s core infrastructure and then persistently target one target through ‘multiple threats’ that combine information leakage, ransomware infection, and DDoS.
Additionally, as investigations and arrests of ransomware organizations continue around the world, it is possible that pressured cybercriminals may retire after launching large-scale attacks. Therefore, in addition to establishing a basic security system, organizations must utilize TI (Threat Intelligence) to identify the latest attack trends and vulnerability information.
‘Parasite’ attacks that leak an organization’s core information for a long period of time are a popular trend.
This year, attacks continued to target virtual asset exchanges, large corporations, and public institutions that hold major assets such as technology and personal information, and some attack groups even disclosed their achievements to the outside world. Since attackers also consider ‘effectiveness relative to investment’ important, attempts to steal key technologies and assets from major organizations and companies will continue next year, but the methods are expected to become more clandestine and sophisticated.
In particular, rather than ‘show’ attacks that destroy or disclose the system as in the past, ‘parasitic’ attacks that take over the infrastructure and then leak core technology or sensitive information over a long period of time are expected to be the mainstay. Attack methods can expand widely, including collecting account information as well as screen capture, video recording, and voice recording, so organizations must build an integrated security system that can respond to all areas of the system.
Continue to discover and exploit high-impact ‘jackpot’ vulnerabilities
This year, a ‘BYOVD (Bring Your Own Vulnerable Driver)’ attack method was discovered that exploits a driver that can normally access key system privileges but has vulnerabilities. Next year, attackers are expected to find high-impact ‘jackpot’ vulnerabilities and exploit them for attacks, regardless of PC, mobile, cloud, and OT (operational technology) environments. In particular, attackers can directly discover software that does not support security patches or vulnerabilities that have not yet been patched, or purchase them from the dark web and use them for information leaks or ransomware attacks. For this reason, organization security personnel and members must periodically apply security patches and delete unused programs.
Supply chain attacks expand to mobile environment
Recently, financial transactions and use of personal information have become more active through mobile devices, and supply chain attacks, which have been focused on PC software, may expand to the mobile sector next year. Rather than using the traditional method of creating and distributing malicious apps (malware), attackers are expected to attempt to infiltrate from the early stages of app creation by hacking manufacturers or production tools that can register apps in normal app markets.
In addition, they may attempt to inject malicious code during the distribution or update phase of a mobile app, or they may steal the certificate of a normal mobile app and use it to create and distribute a malicious app. Therefore, mobile service providers must consider security during the development and deployment process and have a threat detection and response system for key assets.
Intensifying attacks targeting personal virtual asset wallets
Recently, hacking attacks have occurred on large cryptocurrency exchanges and major blockchain services, and the number of users transferring virtual assets such as coins and NFTs to personal wallets is increasing. Accordingly, it is expected that attack attempts targeting individuals’ virtual asset wallets will increase next year.
For example, many users are unable to memorize seed phrases or mnemonics consisting of 12 (or 24) words used to verify account ownership and recover wallets, so they record them in photos, emails, or cell phone memos. Attackers are expected to expand the distribution of information leakage malware or phishing websites/apps impersonating famous virtual asset wallets in order to steal mnemonic key information and wallet account information. Personal wallet users must store their seed phrases or mnemonic keys in a safe place and use a wallet that is safe from the risk of losing the key. Additionally, you must carefully check whether the wallet you wish to transfer money to is involved in a crime.
In order to prevent such security threats, AhnLab conducts regular security checks and applies patches to PCs, operating systems, SW, and websites within the organization at the organizational level. ▲ Utilizes security solutions and services and conducts security training for internal employees. ▲ Authentication of administrator accounts. It was stated that preventive measures, such as history monitoring and the introduction of multi-factor authentication, should be prepared.
In addition, individuals should: ▲ Refrain from executing attachments or URLs in emails of unknown origin ▲ Use official routes to download content and SW ▲ Apply the latest security patches for SW, operating system, internet browser, etc. ▲ Use two-factor authentication in addition to password when logging in ▲ Latest version of vaccine He explained that security rules must be followed, including maintenance and execution of real-time monitoring functions.
→ Go to ‘Asia Innovation Hub Pangyo Techno Valley 2022’ news