The new year is here which means it’s a great time to plan for the possibilities to come in 2023. It’s also a time to plan for resiliency in the face of ever-present and always evolving cyberattacks.
Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse and they have a good reason. Attacks are becoming more & more sophisticated. Large criminal organisations are often the perpetrators.
In 2021, the average number of global cyberattacks increased by 15.1%.
To protect your business in year ahead, it’s important to stay informed about cyber attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you to better update your IT security and mitigate the risk of a cyber attack.
We’ve been peering into our security crystal ball for the upcoming year. And we’ve researched what cybersecurity experts anticipate for 2023. Here are the attack trends to watch out for.
Attacks on 5G Devices
5G has been a term buzzing around the world for a few years now. And it’s finally beginning to fulfil the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area.
Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and computers. Any time you have a new technology like 5G, it’s bound to bring code vulnerabilities with it. This is exactly what hackers are looking to exploit.
You can prepare by being aware of the firmware security in the devices you buy. This is especially true for devices enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices.
One-time Password (OTP) Bypass
This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.
There are a few different ways that hackers try to bypass MFA. These include:
- Reusing an MFA token: Gaining access to a recent user OTP and trying to reuse it
- Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
- Leaked token: Using an OTP token leaked through a web application.
- Password reset function: Phishing is used to fool the user into resetting a password. They then trick them into handing over their OTP via text or email.
Attacks Surrounding World Events
During the pandemic, cyberattack volume increased by approximately 600%. Large criminal hacking groups have realised that world events and disasters can be very lucrative and so they launch phishing campaigns for world events.
Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams because they are often distracted by the crisis itself.
People need to be especially mindful of scams surrounding events like these. Hackers will often use social engineering tactics, such as sad photos to play on the emotions.
Smishing & Mobile Device Attacks
We’re rarely separated from mobile devices these days. This “always on” direct connection to a potential victim is not lost on cybercriminals. Look for more mobile device-based attacks, including SMS-based phishing or “smishing”.
Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One click on a malicious link in an SMS is all it takes for an account or data breach.
Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile
anti-malware. Other protections on your mobile devices, such as a DNS filter are also recommended.
Elevated Phishing Using AI & Machine Learning
These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling and grammar errors or grainy images. While some still do, most don’t.
Criminal groups elevate today’s phishing using AI and machine learning. Not only will a phishing email look identical to a real brand’s emails, but it will also come personalised. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past.
Schedule a Cybersecurity Check-Up Today
Is your business prepared for the cyber threats coming in 2023? Don’t wait to find out the hard way! Give us a call, schedule a cybersecurity check-up and stay one step ahead of cyber criminals.
Article used with permission from The Technology Press.