By The Readable
Jan. 20, 2023 9:00PM KST
As a global news outlet which specializes in cybersecurity, The Readable has reviewed dozens of forecast reports published by diverse organizations regarding the threat landscape this year. Out of various topics that were covered in those reports, The Readable has extracted 10 keywords that are most frequently mentioned and expected to dominate the field of information security in the upcoming months.
For each keyword, we have provided the definition, along with the sources that emphasized the significance of the subject. In addition, the reporters and researchers at The Readable, based on their expertise, have individually picked two keywords that are considered to be some of the most menacing threats in 2023 and elaborated the reasons for their choices. At the bottom of this report, there are links to the original reports for readers who may need additional research.
10 Keywords that will dominate threat landscape
North Korea is an ever-existing threat actor which primarily focuses on countries such as South Korea, Japan, and the United States. They will continue their cyber operation to generate financial gain and support the government which keeps developing nuclear weapons and ballistic missile programs. #National Intelligence Service #Mandiant #Trellix
Cyber espionage has been the primary focus of advanced persistent threat (APT) groups who allegedly work on the behalf of their governments. This year, hacking groups in many countries, including China, Iran, and North Korea, will continue their activities which will affect both the private and the public sectors worldwide. #National Intelligence Service #Mandiant #Cisco
It is not a surprise that cryptocurrency will be an attractive target for cybercriminals. Not just the digital asset itself, but also the cryptocurrency exchanges are at risk of compromise. Furthermore, threat actors will continue using cryptocurrency as a helpful tool to launder their illicit gains. #McAfee #Trend Micro #Fortinet
Threat actors will conduct widespread influence operations, such as spreading false information on social media. This could lead to damaging the trust among people, hence increasing threats to democracy. #Canadian Center for Cyber Security #Ministry of Science and ICT, Korea Internet & Security Agency
Technology related to deepfake is evolving rapidly, making it almost impossible to distinguish fake content from genuine sources with the naked eye. Cybercriminals will actively use deepfake to impersonate not just high-profiled celebrities and public figures but also influencers in order to fulfill their objectives. #Splunk #Fortinet #Check Point
The place where people swarm is also the place where cybercriminals flock. Business collaboration applications, such as Slack, Microsoft Teams, and Google Drive, have become critical tools as the pandemic continued. This means attackers will likely target business collaboration applications to steal massive information. #Trellix #ESET #Check Point
Advanced persistent threat (APT) groups are well known for their sophisticated hacking methods. In 2023, these tactics may not only be in the hands of APT groups, but also in the hands of those who seek financial gain by conducting criminal activities. These hacking tools will be actively bought and sold through cyber communities. #Sophos #Proofpoint
The more you are connected, the more efficient and vulnerable you become. The pandemic has accelerated the digital transformation, intertwining diverse applications in even more complicated forms. Threat actors will continue deploying their attacks by abusing the most vulnerable links within the entire supply chain. #ivanti #SentielOne #Proofpoint
Ransomware attacks on critical infrastructure will trouble countries worldwide. Organized cyber criminals and state sponsored hacking groups will focus on critical infrastructure to cause disruption and collect information. #Canadian Center for Cyber Security #F5 #Kaspersky
In 2023, politically and socially driven hackers will be on the rise as tensions mount not only between countries but also within nation states. Unlike financially motivated hackers, these attackers will conduct cyber activities related to internal and external political agendas. #Sophos #Trellix #Darktrace
2023 Security Outlook by The Readable
“Absolutely shocked” were the words South Korean lawmaker Tae Yong-ho used to explain his experience with a North Korean hacking group. In May of last year, Kimsuky, which authorities believe works on the behalf of North Korean government, pretended to be the lawmaker’s secretary and sent compromised emails to individuals who had attended a forum hosted by the lawmaker. What astonished the lawmaker the most was their hacking tactics. The group mimicked the words and expressions in the email so precisely that even the lawmaker was convinced at first glance that it might have been written at his office. Furthermore, the hacking group sent the compromised emails just a day after the event, making it even more difficult for the victims to have suspicions. It will be no surprise that North Korean hacking groups will try to develop their tactics in the aspects of both accuracy and speed this year.
In 2022, countries around the globe fought a battle with information operation. In South Korea, however, there has been an ongoing struggle with social engineering, such as phone scamming. Cybercriminals have been actively abusing social issues, from the pandemic to the presidential election which was held last year, to lure potential victims. These criminal activities are vicious, as they untimely prey upon the most vulnerable individuals who are deeply intertwined with social events. Furthermore, if a person falls victim to a phone scam, it is difficult to retrieve the money which has been transferred to criminals. South Korean law enforcement officials are putting immense effort into tackling cybercrime. However, cybercriminals will continue to deploy their attacks for financial gain and personal information. This year will not be an exception. By Kuksung Nam, The Readable
In the deep, dark web, information about hacking tools and sales posts have been continuously discovered. Some users share their tactics to exploit vulnerabilities and search for vulnerable internet protocols. Threat actors who have high levels of knowledge in hacking do their research through various online communities, such as GitHub and YouTube, without unveiling their identities. Information collected by those actors is put up for sale in the deep, dark web. There have been actual incidents that show the significance of this threat. The cybercriminal “pumpedkicks” in the underground forum “xss” has sold login credentials, providing unauthorized access to the networks and databases of different organizations. The credential leak of Fortinet VPN and the luxury brand Chanel was posted by pumpedkicks. Once the sensitive information, including login credentials, is uploaded onto the deep, dark web, the problem gets worse because other cybercriminals can abuse the data for additional attacks. The volume of these sorts of attacks is on the rise, raising the need for thorough monitoring for potential threats.
Business collaboration tools, such as Slack, Microsoft Teams, OneDrive, and Google Drive, have become a major target for cyberattacks since the pandemic. People share more and more information online, widening the attack surface for threat actors. The information that is shared online includes more and more important data, giving advantages to cybercriminals. If a cybercriminal succeeds in stealing the login credentials of one employee, the company at large is put at risk. It is not just limited to phishing attacks, but also made available through infection with stealer hacking tools. Stealers were originally distributed through pirated software and illegal streaming websites and recently started to spread via YouTube and Google advertisements in the disguise of promotional content. For threat actors, it is easier to penetrate a corporation’s internal system with leaked credentials from collaboration applications than with sophisticated hacking technologies. It will be more common among business entities throughout this year. By Dasom Kim, The Readable
According to the reports by public organizations which analyzed cybercriminal activities last year, such as the Canadian Centre for Cyber Security and the Ministry of Science and ICT, North Korean hacking groups showed their capacity to abuse domestic social issues in a very fast period of time. When the groups perform their attacks, the state sponsored hackers choose targets in just a few days and look for potential subjects that those targets might be interested in. This type of attack makes it hard for good actors to proactively respond because the attacks happen so fast. However, exactly because of this reason, threat actors are expected to keep utilizing it this year.
Cryptocurrency will continue to be the hot topic this year, following 2022. Last year, there were multiple cyberattacks on cryptocurrencies and their exchange platforms. The cybersecurity firm Fortinet referred to the NFT hijacking incident from an OpenSea user, which was worth of $1.7 million, warning that the exploitation of blockchain and its vulnerability is still in the early stages. Fake applications, which were designed to steal cryptocurrencies by the North Korean hacking group Lazarus, were also discovered last year. In recent years, the Lazarus group has been working to steal cryptocurrencies from individuals as well as organizations, and they are expected to do the same in 2023. Trend Micro also pointed out that threat actors will be attracted to cryptocurrency exchange platforms because this gives them opportunities to make huge financial gains. To avoid tracking from law enforcement and to have their illicit money laundered, cybercriminals will keep dominating the threat landscape this year. By Sojun Ryu, The Readable
Leveraged by the advanced technology of artificial intelligence, fake news will continue to be a major concern around the globe. Fake news will distort public opinion by utilizing deepfake video and audio to do harm to the building of healthy conversations among citizens. For example, a deepfake video of Ukrainian President Volodymyr Zelenskyy was shared on Facebook and YouTube amid the Russia-Ukraine war of last year, which showed the deepfake Zelenskyy in the video surrendering to Russia. Fake news adds more serious challenges to the current threat landscape. Last year at the RSA Conference, collaboration between the diverse stakeholders was emphasized due to the need for information sharing in respond to skyrocketing cyberattacks. However, misinformation which is deliberately manipulated by malicious actors will continue to play a role in disturbing collaboration among different parties and continue having a negative influence on the general public. “Nation states are increasingly willing and able to use misinformation, disinformation, and malinformation (MDM) to advance their geopolitical interests,” wrote the Canadian Center for Cyber Security in its National Cyber Threat Assessment report.
Nicole Perlroth at The New York Times warned through her book This Is How They Tell Me the World Ends that the most sophisticated hacking tools, developed by state-sponsored hackers, started spreading outside of intelligence agencies and became available to anyone with interest and funds. It has become common to witness high levels of hacking tools being circulated through the dark web. Furthermore, the “as-a-service” industry, such as Ransomware-as-a-service, has expanded into a major market for cybercriminals, liberating them from technological barriers and bringing them even more profits than ever. The notorious spyware Pegasus is still an issue and is demanded by customers who are looking for unauthorized ways to eavesdrop on their targets. When it comes to cybersecurity, the war of all against all is here because of the commodification of advanced persistent threat hacking tools. The proliferation of cyber weapons will be accelerated, continuing this year. By Dain Oh, The Readable
hello@thereadable.co
The graphics of this article were designed by Areum Hwang and Sangseon Kim.
Reference
Click the links to open the resources below. As for the National Intelligence Service, its cybersecurity forecast report was distributed to South Korean journalists on December 22, 2022.
1. Mandiant - Mandiant Cyber Security Forecast 2023
2. Sophos - Sophos 2023 Threat Report
3. ESET - Cybersecurity Trends 2023: Securing our hybrid lives
4. Trellix - 2023 Threat Predictions Report
5. Kaspersky - ICS cyberthreats in 2023
6. Trend Micro - Future/Tense: Trend Micro Security Predictions For 2023
7. Fortinet - Cyber Treat Predictions for 2023
8. Canadian Center for Cyber Security - National Cyber Threat Assessment 2023-2024
9. ivanti - Press Reset: A 2023 Cybersecurity Status Report
10. Check Point - Check Point Software’s Cybersecurity Predictions for 2023
11. F5 - 5 Cybersecurity Predictions for 2023
12. SentinelOne – SentinelOne’s Cybersecurity Predictions 2023
13. ENISA (European Union Agency For Cybersecurity) - ENISA Threat Landscape 2022
14. Ministry of Science and ICT, Korea Internet & Security Agency - Cyber Security Forecast 2023
15. World Economic Forum - Global Cybersecurity Outlook 2023
16. Cisco - Talos Year in Review 2022
17. Proofpoint – Cybersecurity Predictions for a Turbulent 2023
18. Splunk – Data Security Predictions 2023
19. McAfee – McAfee 2023 Threat Predictions
20. Darktrace – Five Cyber Security Predictions for 2023
Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.
Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.
Sojun Ryu is a cybersecurity researcher for The Readable. He graduated from the “Best of the Best” next-generation security expert training program (BoB) at the Korea Information Technology Research Institute (KITRI) in 2013, and holds a master’s degree in information security from Sungkyunkwan University in Korea. He worked at KrCERT/CC for seven years, analyzing malware and responding to incidents. He is also one of the authors of "Operation Bookcodes," published by KrCERT/CC in 2020. Recently, Ryu has been focusing on threat intelligence, cybercrime, and advanced persistent threats (APT) by expanding into the deep, dark web with TALON, the Cyber Threat Intelligence group at S2W.
Dasom Kim is a cybersecurity researcher for The Readable. Her research into the dark web was recognized at the 2018 Digital Crime Consortium, hosted by Microsoft’s Digital Crimes Unit (DCU), where she delivered a presentation titled "The Most Connected Darkness: Cases from the Korean Cyber Underground.” She specializes in user profiling, brand abuse analysis, and takedown processes of the deep and dark web. As a senior researcher at TALON, the Cyber Threat Intelligence Group at S2W, she is currently performing correlation analysis among forum users on the deep and dark web while also taking part in responses to data leaks and brand abuse. Kim is primarily interested in analyzing threat actors who are related to stealer, ransomware, and data breach incidents. She has been invited to speak at international conferences, such as HITCON, ROOTCON, and AVTOKYO.