Written by Chris Thomas, Senior Security Advisor, APJ, ExtraHop
In his seminal work on strategy, Sun Tzu said that the key to victory is understanding both one's self and the enemy. For the latter, this means understanding their options for attack, the threats against them, and how they reason. The same principles apply to cybersecurity: By understanding opponents'' motivations, weaknesses, and resources, we have a better chance of understanding how to defend against their next move.
Cybercriminals work around the clock looking for their next targets or studying them. It is safe to assume they are already planning their next attacks. This is why it becomes crucial to leverage insights into the threat landscape in 2023, and how organisations should prepare for it.
Looking back will be the new looking forward in 2023
Financially motivated attackers continue to dominate the threat landscape. According to ExtraHop's Asia Pacific Cyber Confidence Index, 89 percent of organisations in the Asia-Pacific have been breached by ransomware at least once in the past five years and evidence points to the fact that threats have been getting increasingly sophisticated.
If you look at most big breaches from the past year, the dwell time jumps from weeks to months by the end of the investigation. It is going to be essential for organisations to be able to mine their own data to correlate new indicators of compromise (IoCs) and threat intelligence information for defensive and remediation purposes.
Post-breach responses will be necessary as ransomware rises
The reality is that attackers are evolving alongside the businesses they are targeting by adapting to the security measures devised to keep them at bay. Most recently, we’ve seen attackers target and encrypt backup servers creating an arduous, slow process for recovery. Until organisations are better prepared to handle post-breach compromise, ransomware will continue to have a huge impact.
Social engineering will continue to dominate
As demonstrated by the KrisShop data breach in March 2022, social engineering attacks, or the use of deceptive methods to manipulate employees into allowing access to their systems, are on the rise in Singapore. The breach, which exposed the personal data of more than 4,000 customers of the Singapore Airlines retailer, originated from a phishing attack against an employee.
In 2023, we will continue to see an increase in fake virus advertisements, phishing emails and texts. Attackers have become so creative and they are now mimicking legitimate precautionary notices and capitalizing on well-publicised breaches—like Optus and Medibank in AU. These lures and tricks are so convincing that even some of the most tech-savvy professionals are falling victim to these schemes. High-profile breaches will continue to be the 'gift that keeps on giving' for attackers.
Supply chain attacks will increase
Supply chain security is also a point of emphasis for today's organisations. The use of downstream open-source software dependencies and third-party managed software continues the weaknesses in today's supply chains. According to David Koh of the Cyber Security Agency (CSA), "The rise of supply chain threats and escalating ransomware attacks are the most pressing cyber challenges the international community needs to address. Business leaders must consider cybersecurity as a risk management issue."
With the rise of supply chain attacks, organisations will need to be smarter about vetting third-party vendors. A potential contractor's security posture and network security strategy will be a determining factor for doing business. Vetting will also need to extend to understanding third-party dependencies in a developer's code. For example, do you know where that countdown widget on your website really comes from? What code is in it and what it is accessing? Security teams will need to update their strategy to include vetting even the simplest integrations to secure their framework.
Hacker groups’ targets and tactics will evolve
In 2022, Russian state-sanctioned hacker groups dominated the threat landscape: Conti effectively shut down most of the Costa Rican government, Vice Society successfully attacked Los Angeles Public Schools, and LockBit has been an especially prolific threat to government organisations across the globe. But even if Singapore has not been directly targeted for now, the escalation of these activities still poses a threat to both public and private entities in the country. According to the CSA, these hacker groups "lack both the coordination and discipline to prevent collateral damage or unintended effects to uninvolved parties".
Due to its aggressive military operations, Russia has suffered physical, economic, and diplomatic losses. These developments might also affect the nature of threats this year. The physical security landscape is changing across Eastern Europe with Russia's invasion of Ukraine. Former Soviet Bloc countries are second-guessing Russia's military and security support. This means they're looking to other countries for alignment, including China. The realignment of physical support will coincide with a similar realignment in the cybersecurity world, and we may see different Nation State campaigns as Russia loses some of its cyber-controlled territories.