Global
risks
from
population
pressures
and
climate
change
to
political
conflicts
and
industrial
supply
chain
challenges
characterized
2022.
Cybercriminals
used
this
turmoil
to
exploit
these
trending
topics,
including
significant
events,
public
affairs,
social
causes,
and
anywhere
else
opportunity
appeared.
2023
will
see
a
continuation
of
these
challenges,
especially
as
bad
actors
continue
to
take
advantage
of
the
chaos
caused
by
the
expected
backlash
from
Russia
due
to
the
Ukraine
conflict.
The
following
cyberthreat
predictions
are
based
on
key
observations
made
by
the
Zscaler
ThreatLabz
research
team,
made
up
of
more
than
125
security
experts
with
decades
of
experience
in
tracking
threat
actors,
malware
reverse
engineering,
behavior
analytics,
and
data
science.
CaaS
Offerings
Continue
to
Rise
Crime-as-a-service
(CaaS)
encompasses
the
full
range
of
cyber
threat
service
offerings,
including
ransomware-as-a-service,
where
developers
outsource
ransomware
to
their
affiliates
who
execute
the
attack
and
share
the
profits,
and
phishing-as-a-service,
where
cybercriminals
can
buy
grammatically
perfect
email
templates,
replicas
of
popular
webpages,
and
more.
As
threat
actors
seek
to
increase
payouts,
they
will
leverage
more
service
model
offerings
to
increase
the
effectiveness
of
their
attacks
and
cut
out
the
development
time
to
quickly
scale
operations.
CaaS
also
lowers
the
technical
barrier
to
entry,
enabling
novice
cybercriminals
to
execute
sophisticated
threats.
Supply
Chains
Bigger
Targets
Than
Ever
Supply
chain
attacks
occur
when
adversaries
compromise
partner
and
supplier
ecosystems
to
reach
their
ultimate
breach
target
and
goals,
such
as
executing
a
ransomware
attack.
Compromising
a
target’s
weaker
suppliers
is
more
accessible
and
has
led
to
successful
upstream
attacks,
which
is
why
this
tactic
will
likely
increase
in
the
future.
Dwell
Time
Decreases
Dwell
time
is
the
period
between
the
initial
compromise
and
the
final
stage
of
an
attack
—
for
example,
the
median
dwell
time
for
threat
actors
to
deploy
ransomware
is
now
just
five
days,
according
to
Mandiant.
For
most
organizations,
this
is
also
the
length
of
time
an
attack
can
be
detected
and
stopped
by
defenders
before
it
causes
damage.
Attackers
Rebrand
Malware
families,
ransomware
gangs,
and
other
cybercriminal
associations
reorganize
themselves
frequently.
GandCrab
rebranded
as
REvil,
the
group
responsible
for
the
spotlight
attacks
on
JBS
and
Kaseya.
The
old
groups
typically
go
dark
after
an
incident,
then
a
new
group
appears
months
or
years
later.
Researchers
eventually
discern
that
it’s
basically
the
old
group
getting
back
together,
with
similar
techniques
and
code
styles
giving
them
away.
They
may
rebrand
because
of
new
member
affiliations
to
avoid
criminal
charges
and
to
ensure
they
can
secure
cyber
insurance
payouts.
Endpoint
Protection
Won’t
Be
Enough
Threat
actors
will
increase
the
use
of
tactics
to
bypass
antivirus
and
other
endpoint
security
solutions.
In
addition,
their
attacks
will
have
an
increasing
focus
on
core
business
service
technologies,
like
VMware
ESX,
for
example.
Last
fall,
researchers
observed
attackers
using
new
techniques
to
install
persistent
backdoors
on
ESXi
hypervisors,
a
virtualization
software
and
a
primary
component
in
the
VMware
infrastructure
software
suites
for
virtual
machines.
Because
of
this,
organizations
will
have
an
even
greater
need
for
defense-in-depth,
rather
than
relying
solely
on
endpoint
security
to
prevent
and
detect
intrusions.
Leaked
Source
Code
Leads
to
Forks
Forked
malware,
of
course,
is
just
another
variant
that
include
updates
with
more
sophisticated
techniques.
Sometimes
the
source
code
for
a
specific
malware
is
leaked
online
by
a
researcher,
as
in
the
case
of
Conti
ransomware.
Since
Conti
ransomware
was
leaked,
for
example,
parts
of
the
source
code
have
been
found
in
other
types
of
ransomware,
borrowed
or
repurposed
by
different
developers.
Updated
and
forked
versions
of
malware
and
other
threats
make
it
harder
for
defenders
to
detect,
because
there
are
so
many
variants
using
custom
techniques
to
deploy
the
same
attack.
We
expect
such
variants
will
continue
to
evolve
at
different
rates.
Read
more
Partner
Perspectives
with
Zscaler.
About Author
