Barracuda Networks and Claroty, global cybersecurity experts, have released their predictions for 2023, forecasting an increasingly complex cyber risk landscape. In a compilation of observations from their global leaders, the companies shared their most significant security concerns for organisations and the types of attacks they believe organisations will be least prepared for.
The most significant cybersecurity surprises in 2023 included a ransomware attack on MGM Resorts, where a group known as Scattered Spider used social engineering to breach MGM’s IT service, Okta. This resulted in infiltrating the Microsoft Azure cloud environment, highlighting the pressing concern of social engineering as a cyberweapon.
Adam Khan, VP of Global Security Operations, commented on the issue: “The MGM attack where a group known as Scattered Spider employed social engineering to deceive MGM help desk employees into resetting the passwords and MFA codes of high-value MGM employees. This access enabled them to infiltrate MGM’s managed IT service, Okta, to install an identity provider and create a single sign-on for themselves.”
“The breach also extended to the Microsoft Azure cloud environment, leading to multiple system vulnerabilities and exposure of customer data. The ransomware attack cost MGM Resorts an estimated $100 million — and it showed yet again how social engineering remains a powerful and ever-evolving cyberweapon.”
Additionally, the reported shift of threat actors away from encrypting data for ransom to threatening public disclosure of the same data was regarded as surprising. The volume of business email compromises (BEC) encountered in 2023 was described as equivalent to the number of ransomware attacks, making it a prominent concern for organisations.
As the cybersecurity landscape enters 2024, the largest concerns include deploying a defence-in-depth strategy, the evolving AI threat, the bypass of multifactor authentication (MFA), and the increasing gaps in multifactor authentication (MFA). The increase in the speed of cyberattacks is also a problematic factor, with account takeover and phishing remaining significant drivers of cyberattacks.
These concerns also outline the areas in which organisations feel the least prepared. These include defending against targeted and high-quality attacks, testing their data loss prevention (DLP) and recovery, using AI to automate and accelerate attacks, and image-based attacks. The threat of ransomware is also a pressing issue, with most companies reportedly lacking a standard playbook for dealing with a ransomware incident.
In 2024, attackers are expected to focus on AI-powered cyberattacks, supply chain attacks, and data privacy violations, exploiting vulnerabilities in IoT and operational technology (OT). With an estimated 80 billion IoT connections expected by 2024, organisations will have to shift from a network-centric to an asset-centric approach to CPS security as converged XIoT networks become the norm across critical infrastructure sectors.
Furthermore, traditional vulnerability management is ineffective, with gaps between disclosed, patched, and exploited CPS vulnerabilities continually widening. Based on this, critical infrastructure organisations are expected to adopt predictive security methodologies and zero-trust approaches to strengthen their cyber defences.
Threat actors are also predicted to enhance their methods by weaponising AI, with sophisticated tools expected to breach CPS at strategic points. Intelligence partners highlighted a situation involving China-based actors employing live-off-the-land techniques to infiltrate critical infrastructure in the U.S. Preempting such threats will require further development of AI to drive resilience for critical assets and systems while ensuring continuous security and operational improvements.
About Author
