Last December, the team looked at various topics related to the field of cyber and information security. One thing is for certain: cybersecurity is not monolithic—there are so many facets of cybersecurity, each with its own challenges and unique potential. Because no single assessment can capture every nuance across the industry, the team instead narrowed its focus to a few key topics and to how those may evolve over the year.
Education and Recognition Tools Needed to Protect Against Increasingly Sophisticated Deepfakes
Malware has constantly changed for as long as it’s been around. One particularly concerning development in the malware space is the increasing sophistication of deepfake technology. Analysts assess 2023 will bring a heightened threat of deepfakes due to this technique’s wide application against individuals or networks of individuals, and the supposed legitimacy that comes with ever-more realistic media. Emphasis on developing and deploying detection technology against fake media will be paramount. Mass education on how to recognize deepfakes will become increasingly important and common.
Stealing User Credentials and Extortion-Focused Attacks will Remain Threat Actor Favorites
Threat actor groups also adapted last year in ways that indicate 2023 is likely to see a growing focus on extortion as victims paid out ransoms less often. “Extortion only” groups rely more heavily on the threat of data leakage to the public to coerce victims into paying, whereas many threat groups previously relied on data encryption to prompt victims to pay a ransom. With victims now making progress against the threat of encryption and leveraging backups, threat actors will likely rely more heavily on the threat of extortion going forward. Easy to use, low cost, and widely available tools which are designed to steal user credentials will remain a threat actor favorite over the next year. Extortion attempts may evolve into more targeted cyberattacks against proprietary and sensitive data to incentivize victims to pay criminal syndicates based on theft of their most valuable information.
Cryptocurrency Space Likely to See Continued Attacks Along with Calls for Regulation
If the decentralized finance and cryptocurrency space in 2022 was characterized by high-value attacks and precipitous drops in asset values, 2023 will likely see the pressures from 2022 manifest via industry consolidation and increased call for regulation. According to EclecticIQ analysis, the risk of cyberattacks in the decentralized finance vertical will continue to grow as people become more acquainted with cryptocurrency and adoption continues to normalize. Cyberattacks leveraging exposed private keys in critical systems will remain common, with smart contract and flash loan vulnerabilities continuing to feature prominently. Over the longer term, in the wake of increasingly common high-value heists and the collapse of the FTX exchange late last year, analysts expect further government regulation, which will probably center around identity validation. This, in turn, may spark law enforcement operations to prosecute cryptocurrency cyberattacks, but will come at the cost of reduced privacy to users.
Cyberattacks and Influence Operations Play an Important Supporting Role in the Russia-Ukraine War
EclecticIQ analysts assess Russia’s cyber warfare efforts against Ukraine failed to deliver upon strategic objectives - to undermine confidence in Ukraine leaders, and to make Ukraine abandon its rapprochement with the West - with the anticipated result of making the Ukrainian population more malleable and prone to capitulation to Russian threats. For this reason, Russia will almost certainly continue using kinetic actions as primary means to achieve its objectives as the war drags into 2023. Considering that Russian cyber operations do not seem to be systematically integrated into its military campaigns and did not provide substantial strategic or tactical value, they will likely play a secondary role in the war. EclecticIQ analysts assess Russia will likely continue executing information campaigns influencing Ukrainian and international audiences and will pursue network exploitation of Ukrainian and allied entities for espionage. Russia is likely trying to obtain information about planned sanctions, military and civil support by Western governments, and any other information that can be used as leverage in future negotiations, especially Europe’s response to energy issues.
ChatGPT’s Potential Presents Opportunities and Challenges In and Out of Cybersecurity
Just as 2022 drew to a close, San Francisco-based OpenAI released ChatGPT, which quickly drew attention for the human-like answers it produces in response to user prompts and provided mainstream access to OpenAI’s GPT-3 large language model (LLM). In December, EclecticIQ analysts predicted ChatGPT and other LLMs present significant disruptive potential, and that further development and training of AI tools will present creative challenges not only for cyber but for the global workforce. In the weeks since that initial prediction, much discussion has centered around ChatGPT’s potential and its limitations. The potential impact of this tool is anticipated across society. For example, ChatGPT is being used to develop and improve malware, and it is disrupting the tech industry by causing tech giants to carefully assess the need for public releases of AI technologies. EclecticIQ analysts assess the arrival of ChatGPT will prompt tech companies to be more aggressive in developing similar tools. It has been banned by numerous U.S. school districts for fear it inhibits the learning process, and criticized by artists claiming it is capable only of producing reproductions of others’ genuine work.
Outlook: As Complexity Grows, Cybersecurity and Cyber Education Must Be Priorities
In an industry in which survival depends on constant change, the theme that seems to be here to stay in 2023 is complexity. Threat groups, and the malware they use to wreak havoc, are perpetually adapting to the threat landscape, which is itself constantly growing. Cutting edge, disruptive technologies—such as ChatGPT—are more widely available than ever before. Adding to the complexity of the threat are the impacts of events most defenders have no control over, such as the Russia-Ukraine war, or the emergence of new disruptive technology like decentralized finance and ChatGPT. The best antidote to complexity of this scale is for all organizations to adopt the mindset that cybersecurity is a ‘critical business need’, regardless of size or industry. Although there are many routes to better security, prioritizing cybersecurity and user education will be key to reducing the impact from growing cyberattacks in 2023.
About EclecticIQ Intelligence & Research Team
EclecticIQ is a global provider of threat intelligence, hunting, and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence & Research Team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.
We would love to hear from you. Please send us your feedback by emailing us at firstname.lastname@example.org.
You might also be interested in:
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
ChatGPT Makes Waves Inside and Outside of the Tech Industry
EclecticIQ Retrospective: A Look at the Themes & Events that Shaped the 2022 Cyber Landscape