As the tech-savvy world evolves, so do cybercriminals. In 2022, a 38 percent increase in cyberattacks occurred worldwide. One reason for the rise in attacks is because cybercriminals are becoming more sophisticated, developing ingenious ways to mislead online users in an attempt to steal their personal information.
This is borne out by a finding from 2022, where 82 percent of all breaches involved ‘the human element’. For example, ‘vishing’, emotional manipulation, ‘deepfakes’, and phishing emails.
Dr Niklas Hellemann, CEO at SoSafe, a cybersecurity awareness provider, tells Digital Journal: “ As cybercriminals are finding new ways to attack online users, especially as technology improves, it is extremely important to be aware of the up-to-date attacks that will most likely evolve through 2023.”
Looking at businesses, Hellemann says: “Organisations need to empower their teams in digital self-defense. While cybercrime is constantly professionalizing, companies need to activate their employees as part of their cyberdefense.”
Hellemann outlines five cybersecurity predictions for 2023 and advises what to do if you believe you are being targeted by a cyberattack.
#1 – Emotional manipulation
One of the most popular weapons of choice for cybercriminals is using emotional manipulation and is set to rise even further in 2023.
Hellemann says: “While technical setups change, cybercriminals can always exploit our human emotions to open a door into our systems. Emotions Like greed, curiosity, urgency, helpfulness and fear naturally trigger us and certain behaviors, tricking potential victims into either providing certain information, opening compromised files or making a payment on time for example”
He adds: “If you feel any emotional pressure from receiving an email or text message from an organisation or person, always try to verify provided information or requested action before actioning anything.”
#2 – ‘Vishing’
‘Vishing’ means ‘voice phishing’ and it is already being used as a deepfake technology to successfully trick employees into believing they are talking with members of their own organisations.
According to Hellemann : “As part of a vishing attack, someone will receive a phone call or voice message from someone pretending to be from a reputable company or someone you know. This is to induce individuals to reveal personal information, like bank details and credit card numbers.”
He forewarns: “Genuine institutions or financial organisations will never ask for personal or financial details over the phone. Therefore, it is important to never provide these and rather verify the requested action via other channels – especially if you feel pressured by the request.”
#3 – Targeting burnout amongst remote workers
Cybercriminals see burnout amongst remote workers and security teams as a vulnerable target opportunity as those impacted are vulnerable to emotional manipulation.
Hellemann notes: “The phishing strategy that increased the most in success last year, was exerting authority and pressure on its targets – this tactic’s success rate increased by more than 10%. Therefore, businesses should try to ensure they provide employees with the right security tools and the skills to protect their data no matter where they work from.”
#4 – One-time ransomware extortion attempts will be a thing of the past
Cybercriminals are using clever psychological tactics in their extortion, and compound them with further attacks. This is known as Multiple Extortion. Criminals tend to follow up their initial theft, encryption, and ransom of sensitive data- with the threat of releasing these data if the ransom is not paid.
#5- Supply chain attacks
Cybercriminals are improving at exploiting their victims’ partner and supplier networks.
This is normally down to security flaws in the supply chain- for example as a result of the software used by partners or suppliers.
Hellemann recommends: “Organisations need to be aware that they don’t only need to take care of their own security strategies. Their security is also dependant on the one of all their suppliers. Therefore, organisations need to carefully evaluate security competencies when choosing a new partner.”
