As cyberthreats continue to grow, the latest Future/Tense: Trend Micro Security Predictions for 2023 report warns that threat actors will once again ramp up attacks targeting security blind spots in the home office, software supply chain.
“Although the pandemic may be receding, for most, remote working is here to stay,” says Emmanuel Tzingakis, technical lead: Sub-Saharan Africa at Trend Micro. “That means a renewed threat actor focus on unpatched VPNs, connected SOHO devices and back-end cloud infrastructure in 2023. In order to stave off threats, organisations will need to refocus efforts to help overworked security teams by consolidating attack surface management and detection and response to a single, more cost-effective platform.”
According to the report, VPNs represent a particularly attractive target as a single solution could be exploited to target multiple corporate networks. Home routers will also be singled out as they’re often left unpatched and unmanaged by central IT.
Alongside the threat to hybrid workers, the report anticipates several trends for IT security leaders to watch out for in 2023 including:
• A growing supply chain threat from managed service providers (MSPs), which will be selected because they offer access to a large volume of downstream customers, thereby maximising the ROI of ransomware, data theft, and other attacks.
• “Living off the cloud” techniques may become the norm for groups attacking cloud infrastructure to stay hidden from conventional security tools. An example could be using a victim’s backup solutions to download stolen data into the attacker’s storage destination.
• Connected car threats have gained significant popularity since their 2019 launch in South Africa. Malicious actors are predicted to start targeting the cloud APIs which sit between the in-vehicle embedded-SIMs (eSIMs) found in most new car models and back-end application servers. In a worst-case scenario (ie., Tesla API) attacks could be used to gain access to vehicles. The connected car industry could also be impacted by malware lurking in open source repositories.
• Ransomware-as-a-service (RaaS) groups may rethink their business as the impact of double extortion fades. Some may focus on the cloud, while others could eschew ransomware altogether and try monetising other forms of extortion like data theft.
• Social engineering will be turbo-charged with business email compromise (BEC)-as-a-service offerings and the rise of deepfake-based BEC. BEC has consistently been a top vector across African markets making this trend a top concern for African businesses.