15 cyber threats to prepare for in 2023: from phone-camera hijacking to ransom-vaporware

The Arab Gulf region continues to innovate at scale. But digital transformation in the cloud brings with it a range of issues, including the increased sophistication of attackers and their ability to adapt to the moment at a pace that as yet enterprise security functions have been unable to match.

Against this background, we have identified a set of 15 predictions for the year ahead — covering topics such as phone-camera hijacking, the future of zero trust and cyber-insurance, and a range of other areas like the need for changes in multi-factor authentication (MFA) and the rise of new attack vectors like ransom-vaporware.

1. Negative, zero, and positive trust

Next year, CISOs can expect products to be zero-trust-ready, satisfying all seven principles of the NIST 800-207 model, and supporting an architecture referenced by NIST 1800-35b. Procurement teams should be wary of vendors who promise positive and/or negative intent as these will likely be products that provide either positive zero-trust authentication and behavioural monitoring or closed security models that demonstrate what should happen when a negative zero-trust event occurs.

We expect positive-zero-trust solutions that manage authentication workflows, and negative-zero-trust solutions that dive in deep when malicious activity is detected, to mature over the next few years and essentially cancel each other out.

2. Camera-based malware is here; say “Cheese”!

In 2023, security leaders will have to battle the first of many exploits that are capable of compromising smart cameras. Imbedded cameras on mobile devices have long been the documenters of personal moments, but lately, they come with technology that can recognise QR codes and enhance pictures. When users leverage these tools to generate GIFs, Instagram-style boomerangs, and other complex picture and video formats, they leave their devices vulnerable to attack, through malware and exploits embedded in both the content and the applications that render them.

As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation.

3. Reputation for ransom – the rise of ransom-vaporware

We will the rise in ransom-vaporware, where a target is extorted by the threat of publicising a fictional breach. Because of the willingness of the business community and general public to accept news of a breach, a threat actor can forgo the work of an actual breach.

Luckily for the threat actor and unfortunately for the victim, the “attack” does not need to appear in front-page headlines to inflict reputational damage. Cyber-boasters, (they are not really attackers) can bolster their claims by publishing any data, however easily obtained, as proof, including simple information obtained via open-source intelligence (OSINT). This can be especially effective when a named threat actor claims responsibility.

4. The foundation of multi-factor authentication (MFA) invincibility fails

In the wake of a year in which the Lapsus$ cybergang wreaked havoc by getting around MFA, terms such as “MFA bombing”, “MFA bypass”, and “MFA fatigue” all leapt into the cybersecurity lexicon. Concerns are therefore justified that if MFA — initially touted as the ultimate in authentication — was sidestepped by such an inexperienced squad, then nothing is safe.

In 2023, the industry must transition to MFA solutions that use biometrics or FIDO2-compliant technologies.

5. Cyber un-insurability is the new normal

In the wake of the escalation in cyber incidents in the GCC during the pandemic lockdowns of 2020, insurance premiums are on the rise. In 2023, more businesses will face the reality that they are not cyber-insurable. This prediction is one of BeyondTrust’s few repeats from last year’s list because of its highly consequential nature.

The few insurance providers that offer cyber insurance now insist upon a high standard of cybersecurity hygiene before initiating or renewing coverage. Companies must therefore choose between remaining uninsured or shouldering the risks associated with a laundry-list of exception clauses.

6. The latest concert hack: wearable risk surfaces and hackable e-waste

Many concert venues give out disposable LED bracelets and offer collectable light sticks for purchase. Devices like these receive radio transmissions during the event that make them glow. Threat actors, whether in protest of e-waste or for some other reason, can decode devices’ RF transmissions to wreak havoc.

In 2023, many countries may ban these venue gimmicks because of the e-waste they represent, perhaps replacing them with apps on phones.

7. Compliance conflicts are brewing

The GCC region is known for its growing compliance landscape. New standards may require security teams to stop asking users to change their passwords periodically as NIST guidelines now suggest that this is unnecessary for standard user accounts without an indicator of compromise. Others disagree, so we may be headed for a collision of viewpoints in some jurisdictions.

8. The death of the personal password

The realisation that passwords are a liability in an authentication environment has been around for some time. In 2023, we expect more applications, not just the operating system itself, to start using advanced non-password technologies such as biometrics.

9. De-funding of cyber terrorists becomes law

Watch for governments around the world to discuss new approaches for protecting organisations from ransomware and stopping the funding of terrorists, including outright bans on ransomware payouts.

If enacted, laws like those already being proposed in the US will have a dual incentive. With threat actors seeing their profits drastically reduced, will no longer favour ransomware. Of course, they will find new attack vectors, but in the meantime given the current financial impact ransomware is having in the absence of cybersecurity tools that are 100 percent effective in preventing asset compromise, regulation may be the only way forward.

10. Cloud camouflage is confronted

The cloud, while an undeniable boon to many in the region, comes with security risk. In 2023, we can expect a push for transparency and visibility into the security operations of cloud service providers.

Given the rising share of the cloud in the business operations of enterprises and the daily lives of individuals, we can expect to see loud calls for change.

This “cloud camouflage” may be removed in 2023, with transparency of architecture, foundational components, and even discovered vulnerabilities finally extends beyond the SOC and ISO certifications to either a cloud version of CVE or some other reporting mechanism.

11. Social engineering in the cloud

Attackers will lean more on their powers of persuasion than on their malware kits as they step up social engineering attacks in the cloud. A single fake social media profile, leveraged in the right way, can allow a threat actor to gain employment or impersonate a trusted vendor. This trend will call for more rigorous background checks and communications that rely on more than just a simple social media profile.

12. Unfederated identities to infinity and beyond

Because of the swift movement to Industry 4.0, the definition of identity is constantly shifting. In 2023, we predict an expansion of the identity model to include unfederated models. Today, we see the migration of identities to encompass services, applications, processes, and even devices and machinery (such as robots) in the physical world. Anything that can authenticate or authorise permissions will at some point be associated with a federated identity, typically via an account.

13. OT gets smarter, converges with IT

In 2023, operational technology (OT) will see an expansion in its attack surface based on similar exploits that target IT. As OT becomes smarter and its functionality broader, devices and machinery will become increasingly susceptible to vulnerabilities and exploitation. Their constant need for maintenance and update is driving the convergence of OT and IT.

14. Headline breaches move to second-page news

Cyber breaches are no longer thrilling the news-people. While breaches at Heartland, Yahoo, and OMB were splashed across the headlines, such stories are now so common that they no longer inspire readership or viewership. Only the most novel and sinister attacks have the potential to grab the attention of media professionals.

So, in 2023, breaches will become second-page news unless something novel sets them apart. Full disclosure of an incident may now prove the best course of action for companies.

Uber data breach spotlights need for enterprises to ‘get the basics right’, say experts

15. A record-“breaching” year

Next year is set to smash records in the direct and indirect cost of breaches. Far too much complexity remains in the wake of the region’s hasty cloud migration in 2020 and 2021. From remote access to barely tested digital experiences and supply-chain integrations, cybersecurity teams are behind the curve on their ability to protect and detect new intrusions.

Meanwhile, cybercriminals have lost no time in building their attack momentum in the region. Ransomware now also targets backups of both data and systems before the extortion occurs, which leads to a dearth of options when the ultimatum is issued and also to the possibility of long-term vulnerability and ever-increasing demands for payment. In a region where SMEs represent the majority of non-oil GDP, the associated impacts of malware on business continuity and economic health are significant. And so, we can expect more reports of breaches across the region.

Take heart

Our assessments of the year ahead may seem all doom and gloom, but in truth, organisations have many ways of protecting themselves against an incident. With the right blend of skills, tools and strategy — either in house or in collaboration with a trusted partner — businesses can go into 2023 with their eyes open and conduct their affairs with confidence.