The BDO team makes three predictions for the year ahead

Illustration. BIGSTOCK/Copyright: AndreyPopov

1. APT's will dictate the geopolitical cyber threat landscape

The Russian invasion into Ukraine has caused significant disruption and disinformation in the rest of the Western world, as the unprecedented circumstance of a major cyber power has, together with its hacktivist fronts, have significantly increased disruptive attacks, cyber espionage. Russia's continued will is likely to lead to more data leaks, data destruction, and even the reinvented use of DDoS attacks, outside of Ukraine and its neighbors.

Moreover, this precedence will likely lend to other APT's from other pariah states facing sanctions, such as Iran, which seeks to grow its cyber capabilities which offset kinetic operations, and North Korea, which also seeks alternative sources of income and espionage while remaining diplomatically and economically isolated. In this context, the distinction between the motivations of nation-state, cybercriminal, and hacktivist, will be increasingly difficult to distinguish.

As Russia's activity has also increased concerns of European energy suppliers to deter countries involved from sanctions and reduce their reliance on Russian energy, this will continue to make the energy sector a prime target for APT groups of nations in conflict who seek to retaliate with deterrent measures that are ostensibly anonymous.

As European energy suppliers start to rethink energy policy, energy blackmail base on dependency on Russian fossil fuels pose as a complex issue in the face of the changing geopolitical, economic, and social landscape. Moreover, such attacks may reveal vectors for cybercriminals who seek opportunities to similarly compromise highly profitable targets.

2. Critical Infrastructure will remain a key issue, especially due to legacy ICS/OT

The energy crisis in Europe highlights a key weakness in the global cybersecurity in the last two years, critical infrastructure.

While critical infrastructure is already at risk of destructive cyber-attacks when nations are in conflict, not just the energy supply crisis, but the supply chain crises which has worsened in 2022, saw both APT and ransomware campaigns focused on disrupting not just energy and power supply, but food supply, transport industries, critical manufacturing.

This has also extended to production of essential manufacturing components such as semiconductors, which has seen a considerable uptick in attack in 2022 and is likely to see a similar rise in the next year.

That said, hackers of all motivation are also likely to exploit the growing list of outdated ICS and OT vulnerabilities which were never designed with security in mind.

INSERT OT stats here.

Ransomware will remain the single greatest cyber threat, but with more extortion

Ransomware operators continue to evolve their activities and capabilities, and besides nation state APTs, remain as not just the cutting edge in the cybercrime, but the main drivers of cybercrime-as-a-service market. 2022 saw more obscure programing languages being used, more OS and platforms being targeted.

Beyond the capabilities, ransomware groups have also seemed to focus on other opportunities to diversify their profit generating operations, mainly by managing by leak sites or blogs, where threat actors post details of their victims.

Ransomware began as a method of encrypting, and later moved to also leaking victims' data if they refused to pay (the double extortion method), but this year it saw more emphasis data leak schemes. The most active group, LockBit for example, offered visitors and victims the chance to destroy or purchase stolen data, or even extend the timer counting down to publication.

Others offered to auction data, release based on subscriptions, and even provided schemes where if victims pay, not only will the information not made public, but news of the breach itself will not be made public.

While this kind of offer may serve the victims interest by protecting them from falling stock prices for example, it makes the organization complicit in breaking data breach laws.

Written by the BDO staff.