The world of cyber security continues to be a cat-and-mouse game with changing players, rules, and targets. If we, as IT security professionals, are not “keeping our eye on the ball” with this ever-changing ecosystem and enhancing our security measures, bad things tend to happen, data breaches occur, and critical data is lost. What is the next cyber threat? How will attack vectors change? How are targets changing? This is a good time of the year to look at these questions as we start prepping for 2023.
Let’s take a look at some upcoming threats as well as proactive cyber security practices you can implement in your business operations to enhance your network security.
MFA Fatigue Attacks Will Become an Increasingly Worse Cyber Security Trend
It’s proven true with nearly every cyber attack type. If any level of success is achieved with a given attack vector, we’re likely to continue seeing more of it. This will be true for multi-factor authentication fatigue (MFA) attacks or “Prompt Bombing” on mobile devices. This style of attack takes advantage of push notification MFA prompts where the end-users are prompted on their mobile devices for their second factor. While this is immensely convenient, it can open the end-user up for attack. A MFA Fatigue attack targets users using this style of MFA in that they bombard the user with prompts for the second factor over and over until the target taps accept by accident or simply to just make the madness stop. We’ve recently also seen cases where this style of attack is combined with social engineering to an even greater effect like we saw in the recent Uber breach.
SecOps teams can help protect their organization against this style of attack by leveraging a style of MFA that does NOT rely on push notifications. While push notification MFA is better than no MFA at all, you’ll want to use the push method sparingly or not at all in the coming year.
Charity Fraud will Continue to Rise
When there is a lot of bad stuff going on in the world, we tend to see the better side of humanity in that people are trying to help each other, which is great. We also see the darker side of the spectrum in people who will use these same situations to try and make a quick buck. Charity Fraud scams have been around for a long time, but we’re likely to see them continue as a growing Cyber Security Trend in 2023. Think about everything we as a world have going on. War in Ukraine, worsening global warming, resource shortages in some regions, and disease outbreaks. Anytime something of this nature occurs, we see an uptick of Charity Fraud. Keep this in mind and train your workers to spot it. Finally, if you really want to pitch in and help with a donation, seek the charity out yourself, don’t let them come to you.
Microsoft Teams will be the Next Frontier of Cyber Attacks
Due to the pandemic, countless numbers of employees began working from home. During the COVID-19 years, Microsoft Teams saw insane growth and adoption. Again, threat actors are tuned into the current toolsets of world businesses, and they know that Teams is a ripe target. Pair this with the fact that Microsoft has made it easier (and enabled by default in some cases) to chat with external users and connect (federate) with other “trusted” businesses. Much like we see phishing and other threats appear in our inboxes, the day when we’ll see threat vectors via Teams is already here.
Be aware, start taking the necessary precautions and training your end-users with a trusted Security Awareness Training product to get ahead of the curve for 2023. Security awareness training not only helps with email communications, but many of the same methods and skills can also translate well to Teams communications as well!
More Dependence on APIs will Increase Risks
Most businesses today leverage an API in some way. There is hardly a computing product on the market today that doesn’t allow some sort of integration with another vendor. This is all not to mention cloud services! Cloud services alone have opened countless APIs and inter-app connections that provide a high level of value to businesses across the globe. The problem here is that increased API use adds complexity and is another potential vector of attack for threat actors to poke at. For example, there have been countless examples of Amazon S3 buckets being mistakenly exposed to threat actors since 2017! The issue has only gotten more prevalent and damaging. Sure, this is a more simple example, but the point stands. The more complex our deployments with multiple APIs and services, the more chance of something being forgotten or misconfigured. Being aware of this is step one. Start crafting the necessary security measures, strategies, and protocols for the coming year to help mitigate this risk in your entire business operations.
More Daring Deepfakes
We’ve been hearing about deepfakes for a couple of years now. Like encryption-breaking quantum computing, deepfakes are cyber threats that have simultaneously seemed imminent and far away at the same time. Well, the threat is here…. and getting worse. For example, the FBI has warned businesses of cases where stolen PII and deepfakes are used to apply for remote tech jobs. The idea here is to ultimately get access to data of the company that the “prospective employee” is applying to. Pair this warning with the insanity that is Deepfake Tom Cruise and you have a perfect storm for a new worry for your cyber security team. Again, be aware and start taking this into account as you plan your cyber security strategy for 2023.
So, there you have it! 5 Cyber Security Trends for 2023 that are sure to keep you awake at night! In all seriousness though, if you need some reading material for those sleepless nights (or lunchtime for your day job!) be sure to check out the latest edition of the Annual Hornetsecurity Cyber Security Report. In this report you can read about a number of additional trends to watch in the coming year, you can also get expert insight and useful data regarding the cloud security landscape of today and what more you can do to prepare for coming cyber threats!
If you’d like to take a deeper dive into the Microsoft 365 threat landscape and learn the key strategies to building cyber security resilience, watch our free on-demand webinar. Our esteemed panel of experts discuss the major cyber security threats to look out for in 2023 and how they will impact the Microsoft 365 platform and its users.