Capita plc, the outsourcing group that runs crucial operations for the NHS and the military, experienced a cyber incident primarily impacting access to internal Microsoft Office 365 applications on Monday 31st March, 2023. The major outage was the results of this cyberattack, disrupting many clients as it primarily impacted access to internal Microsoft Office 365 applications.
In 2021, 23 percent of UK respondents stated that their organisation lost between £10,000 and £49,000 British pounds as a result of a breach, according to Statista.
Dr Niklas Hellemann, CEO at SoSafe, a cybersecurity awareness provider, tells Digital Journal: “As cybercriminals are finding new ways to attack online users, especially as technology improves, it is extremely important to be aware of the up-to-date attacks that will most likely evolve through 2023.”
Hellemann explains: “Whilst it is important for everyday users to be aware of potential scams, it is also just as important for larger organisations, for which – in some cases existence-threatening – financial damage is at stake. Organisations need to empower their teams in digital self-defence. While cybercrime is constantly professionalizing, companies need to activate their employees as part of their cyberdefence.”
He adds: “Therefore, it is important for employees and employers to keep up with upcoming cybercrime trends as part of improving cyberdefence.”
Hellemann draws on his experience to provide five cybersecurity predictions for businesses in 2023 and what to do if a firm believes it is being targeted by a cyberattack.
Emotional manipulation
One of the most popular weapons of choice for cybercriminals is using emotional manipulation and is set to rise even further in 2023.
Hellemann says: “While technical setups change, cybercriminals can always exploit our human emotions to open a door into our systems. Emotions Like greed, curiosity, urgency, helpfulness and fear naturally trigger us and certain behaviors, tricking potential victims into either providing certain information, opening compromised files or making a payment on time for example.”
To illustrate this, SoSafe data showed that with an apparent willingness to help, cybercriminals tempted more than a third (37 percent) of recipients to click on malicious content in 2022 – with praise and flattery this rose to 41 percent clicking on the content.
‘Vishing’
‘Vishing’ which stands of ‘voice phishing’ is already being used as a deepfake technology to successfully trick employees into believing they are talking with members of their own organisations.
Hellemann explains: “As part of a vishing attack, someone will receive a phone call or voice message from someone pretending to be from a reputable company or someone you know. This is to induce individuals to reveal personal information, like bank details and credit card numbers. Unfortunately, as the quality of deepfake and vishing technology improves and becomes easier to produce, cybercriminals are very likely to be able to conduct successful, more believable attacks this year.”
To demonstrate this, Hellemann says: “Originally prank calls were viewed as a bit of harmless fun, however, cybercriminals have now realised deep fakes can be used for social engineering attacks as an opportunity to maximise profits. Genuine institutions or financial organisations will never ask for personal or financial details over the phone. Therefore, it is important to never provide these and rather verify the requested action via other channels – especially if you feel pressured by the request.”
Targeting burnout amongst remote workers
Cybercriminals see burnout amongst remote workers and security teams as a vulnerable target opportunity. Employees are stressed due to a continuously changing, uncertain and difficult situation- particularly regarding the economy. This makes them vulnerable to emotional manipulation.
According to Hellemann: “At the same time, security teams are confronted with an increasing complexity. To name one development, the ongoing shift towards hybrid and remote work creates new weaknesses in an organisations’ security that security specialists need to take care of. With a general increase in attacks, security teams are reaching capacity and suffering from burnout too- leading to more security threats.”
In terms of examples, Hellemann says: “As a result, the phishing strategy that increased the most in success last year, was exerting authority and pressure on its targets – this tactic’s success rate increased by more than 10 percent. Therefore, going into 2023 businesses should try to ensure they provide employees with the right security tools and the skills to protect their data no matter where they work from.”
One-time ransomware extortion attempts will be a thing of the past
Cybercriminals in 2023 will use clever psychological tactics in their extortion and compound them with further attacks. This is known as Multiple Extortion.
By this, Hellemann notes: “They tend to follow up their initial theft, encryption, and ransom of sensitive data- with the threat of releasing these data if the ransom isn‘t paid. This is done using methods such as DDoS attacks, crypto mining, or bot networks until their demands are met. Compound ransomware attacks will attempt to extort higher value sums from organisations, increasing the risk of damage.”
Supply chain attacks
Supply chain attacks peaked in 2022 and are likely to continue in 2023. Hellemann says: “This is because cybercriminals are improving at exploiting their victims’ partner and supplier networks. This is normally down to security flaws in the supply chain- for example as a result of the software used by partners or suppliers.”
An example of a supply chain attack in 2022 was the hack of the authentication services provider Okta, whose network was hacked by the Lapsus$ group. Okta’s customer information was accessed through Sitel, a company subcontracted to provide customer service functions for Okta. This allegedly impacted more than 15 thousand customers.
Drawing on this, Hellemann concludes: “Therefore, organisations need to be aware that they don’t only need to take care of their own security strategies. Their security is also dependant on the one of all their suppliers. Therefore, organisations need to carefully evaluate security competencies when choosing a new partner.”