Connect with us

Hi, what are you looking for?

Tech & Science

Spear phishing to payment vulnerabilities: Cybersecurity predictions for 2023

Spear phishing is a phishing method that targets specific individuals or groups within an organization.

Hacks have increased through the pandemic and the war in Ukraine - © AFP/File Noel Celis
Hacks have increased through the pandemic and the war in Ukraine - © AFP/File Noel Celis

How will the security threat landscape shift in 2023? To obtain a realistic assessment of what is likely to come for cybersecurity in the year ahead, Digital Journal contacted David Anteliz, Senior Technical Director at Skybox Security.

The expert predicts that, within the U.S., cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies. In particular, the threat of spear phishing will be further complicated by the rise of fake LinkedIn profiles. Spear phishing is a phishing method that targets specific individuals or groups within an organization.

It is also likely that threat actors will leverage novel programming languages to become untraceable. As to the main area of attack, it appears that a growing target will be the retail industry as organizations gear up for the Payment Card Industry Data Security Standard (PCI DSS 4.0). This standard is intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

Anteliz looks at the digital storm stemming from the U.S. government’s activities: “The increase in cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies.”

Of particular interest, says Anteliz, is: “The Cybersecurity and Infrastructure Security Agency (CISA) has issued a number of new guidance this year. Most recently, Binding Operational Directive 23-01 mandates federal agencies to take necessary steps to improve their asset visibility and vulnerability detection capabilities in the next six months. In 2023, we will see threat actors ramp up their attacks on before new cybersecurity controls are implemented ahead of 2023 deadlines. This increase in attacks will likely come in the form of supply chain attacks as malicious actors seek to do their worst before they get caught.”

Anteliz also notes that: “Threat groups will be uncovered as long-time dwellers in large organization networks, resulting in a major breach at a Fortune 500 company.  2022 brought many splashy headlines from threat groups like Lapsus$ successfully attacking major organizations like Uber and Nvidia, and state-sponsored Lazarus exploiting Log4j flaws to hack US energy companies.”

Looking ahead, Anteliz predicts: “In 2023, we predict a major threat group will be discovered to have been dwelling in the network of a Fortune 500 company for months, if not years, siphoning emails and accessing critical data without a trace. The organizations will only discover their data has been accessed when threat groups threaten to take sensitive information to the dark web.”

A second area of concern is with targeted attacks. Anteliz thinks: “The threat of spear phishing will be further complicated by the rise of fake LinkedIn profiles.”

Anteliz fills in the details: “Spear phishing continues to be a successful form of social engineering plaguing organizations today. Spear phishing is sure to be a prominent attack vector in 2023. We can expect threat actors to place an increased focus on targeting individuals via fake accounts on LinkedIn. LinkedIn is a platform that has traditionally been less frequently associated with malicious behavior and widely trusted by users. Threat actors will seek to take advantage of this sentiment to access critical information.”

Anteliz further predicts: “Threat actors will disguise themselves as professionals looking to conduct surveys leveraging experts in various fields, giving them the perfect opportunity to obtain sensitive information from individuals and their organizations.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

AI creates items related to a personality construct to be used in the creation of personality scales.

Tech & Science

The time taken for steel to corrode depends upon the severity of the environment and the quality of the steel.

Business

Both retailers will either cut or shift the hours that their pharmacies operate in response to staffing shortages.

Business

Tensions with China and a shift in spending patterns since the pandemic are changing US trade flows - Copyright AFP/File GEOFF CADDICKBeiyi SEOW and...