FortiGuard Labs – Fortinet’s threat intelligence and research team – recently unveiled its list of cyber threat predictions for 2023. It’s going to be a busy year as MSSPs face new attacks fueled by Cybercrime-as-a-Service (CaaS) as well as attacks on nontraditional targets such as edge devices and virtual cities. And let’s not forget Ransomware-as-a-Service (RaaS) – it’s not going away anytime soon. Following are three cyber threat predictions that you should consider as you plan your clients’ security strategies.
3 Cyber Threat Predictions for 2023
1) The Emergence of Cybercrime-as-a-Service (CaaS)
Cybercriminals have realized huge payouts from Ransomware-as-a-Service, so don’t be surprised to see a growing number of additional attack vectors made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service (MaaS) offerings, be prepared to see new criminal solutions and an uptick in sales of access to pre-compromised targets.
Expect to see Reconnaissance-as-a-Service increase in popularity. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching the attack. These detectives can create attack blueprints that will include your clients’ security schema, key security personnel, the number of servers they have, known external vulnerabilities, and more.
2) Money Laundering Meets Machine Learning
Cybercriminals will turn to machine learning (ML) to streamline traditionally time-consuming money mule recruitment campaigns. Over the longer term, the FortiGuard Labs team expects the rise in Money Laundering-as-a-Service (LaaS) which could quickly become part of the growing CaaS portfolio.
Expect to see manual mule campaigns replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace.
3) Wiper Malware Will Be Rampant
Wiper malware has made a dramatic comeback this year, with attackers introducing new variants of this decade-old attack method. Threat actors will increasingly combine various threats to maximize the level of ongoing destruction they can cause. For example, a cybercriminal could easily combine a computer worm with wiper malware, making it easier for the malware to replicate quickly and spread more widely.
The use of wipers in combination with other attack vectors is one of the biggest emerging threats the security community is facing. Wipers can potentially impact IT networks across public and private sectors worldwide. Because of the commoditization of wipers, these have the potential to impact networks at an exponential scale.
Protecting Your Clients Against Advanced Cyber Threats
Understanding the lifecycle of an attack can go a long way in helping you protect your clients’ networks. The MITRE ATT&CK framework is an excellent resource to help you to get up to speed. Implementing network segmentation is also critical in protecting your organization against cybercriminals. Segmentation improves security by preventing attacks from spreading across a network and infiltrating unprotected devices. In the event of an attack, segmentation also ensures that malware can’t spread into your other systems.
Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.