The world is rapidly changing, and with it, so is how we approach and protect ourselves from cybersecurity threats. With the increasing sophistication of threat actors, and the ever-growing number of connected devices, the need for advanced security measures is more significant than ever. As you optimize your cybersecurity resilience priorities for the year ahead, GRIMM experts offer the following cybersecurity predictions for 2023.
1) Supply Chain Risk
Prediction: In the face of another significant software supply chain attack, businesses will increase their cyber resiliency.
Supply chains, both physical and logical, have historically been among the most vulnerable and impactful failure points for organizations and businesses. As a result, the cyber vulnerabilities associated with supply chains have become a significant focus of defensive and offensive development and exploitation, including substantial shifts in applying resources after the 2013 breach of the retail giant Target. The Target Point of Sale (PoS) systems were successfully attacked through a campaign that exploited Target's heating, ventilation, and air conditioning (HVAC) systems provider. The degree of success and scale of the Target breach shone a bright spotlight on how vulnerable supply chains could result in substantial real harm to corporate operations on a massive scale. In the decade since the Target cyber attack, the tools and techniques available to malicious actors have increased remarkably in capability.
Additionally, capabilities once restricted to Nation State cyber teams are now readily available and easier to use and misuse. Cloud-hosted and shared service models for ransomware and other malware have become big business for organized crime, where profits from taking a percentage of victims' payouts bring in millions of dollars annually. For supply chains, especially those in critical infrastructure, transportation (including automotive), and manufacturing, a key cyber threat trend to follow is the accelerating development of malicious tools for ICS/SCADA and lower-level components, including common CPUs.
Also demonstrated in the Target breach, the lines between Information Technology (IT) and Operational Technology (OT) have been blurring significantly over the past twenty years; however, there has yet to be a crossover in cyber security training and corporate cyber operations. Malicious actors are taking advantage of the lack of OT Cyber knowledge in enterprises and businesses to introduce new attack vectors leveraging connected components (including mobile devices and consumer goods) to gain easier access to IT systems. In 2022, at least eight semiconductor companies were identified that were attacked and extorted by ransomware actors, highlighting the depth within supply chains being targeted and successfully exploited. It is nearly certain that 2023 will see several major cyber events targeting critical supply chains directly as entry vectors to further exploit, undermine, and extort ransoms back up the chain.
As the impacts of successful cyber attacks become more pronounced and create significant losses, and ICS/SCADA and other Cyber-Physical system attacks result in a substantial risk to health and safety, businesses will have to devote resources to increasing resiliency multi-dimensionally. In the face of rising threats, governments and regulatory bodies globally will introduce new standards and requirements and impose stiffer penalties more often, further driving businesses to prioritize cyber security beyond traditional Information Technology compliance models. The coming year may be a breaking point, where Cyber IT and OT finally merge organizationally to unify defensive cyber efforts and create stronger resilience to increasingly capable attacks.
Robert Shaughnessy, SVP at GRIMM Cyber
2) IoT (related to CyPhy™)
Prediction: IoT-related cybersecurity trends will bring an onslaught of AI-enabled cybersecurity solutions, claims and increased ransomware attacks.
Consumers cannot get enough connected devices in their lives. From home automation to interconnected modes of transportation to smart cities, manufacturing facilities, and increased connectivity to critical infrastructure, our love of technology will continue to introduce cybersecurity vulnerabilities and risks in 2023. Technology experts and everyday consumers are motivated by improved process flow, affordable solutions, and increased convenience with limited resources or knowledge for mitigating cyber risks.
IoT-related cybersecurity trends will bring an onslaught of AI-enabled cybersecurity solutions and claims, increased ransomware attacks and the introduction of cyber “nutritional labels” to educate consumers on the potential cybersecurity risks associated with the product. As proposed by the U.S. National Institute of Standards and Technology (NIST) in February 2022, this labeling system will propel the cybersecurity conversation from the mouths of technology experts to the masterminds of marketing and advertising, making a product’s cybersecurity offering a competitive advantage. This is a controversial predicament for many industries that have advocated for separating cybersecurity from consumer rating systems.
Jennifer Tisdale, CEO at GRIMM Cyber
3) Cloud security
Prediction: With the current global uncertainty and increased attacks by organized crime groups, and nation-states, companies and cloud providers will face unprecedented attacks on their cloud infrastructure and resources.
In late 2021 NOBELIUM, a Russian-linked group, targeted cloud service providers to access the environments of cloud customers. Microsoft researchers warn that this trend has continued into 2022, with the group targeting 140 service providers, which assisted customers in managing their cloud services. Unfortunately, NOBELIUM is one of many groups targeting the cloud. Malicious actors such as Cozy bear, associated with Russia's Foreign Intelligence services, and Charming Kitten, associated with Iran, are taking advantage of poor security practices and misconfigurations to breach cloud environments successfully. These types of attacks have resulted in the Cloud Security Alliance naming Nation State actors and Nation State-backed groups as one of the top threats to cloud computing.
With the transition to cloud attacks, these cloud actors no longer focus their attacks on a specific industry. Instead, every business using the cloud is at risk of an attack. To detect and prevent a successful breach, companies must diligently work at knowing and documenting their cloud assets. Unfortunately, attackers often do better at mapping the environment than organizations do. Therefore, companies should work with their security teams to research and understand the threats they might face and ensure they have a security plan to defend against them.
Ell Marquez, Researcher at GRIMM Cyber
4) Artificial intelligence / Machine learning
Prediction: Artificial intelligence (AI) and machine learning will remain top of mind for cyber threat identification and mitigation.
Artificial Intelligence / Machine Learning has come a long way over the past few decades. While it may seem that AI just took a wild leap forward in the past few months, the languages, technologies, and techniques used for AI/ML have experienced numerous major advances over the past 20 years. We are seeing the outcome of these advances being creatively applied against massive amounts of internet data, in a way that’s accessible to ordinary people. Most recently, the world has been blown away by ChatGPT, a chatbot developed by OpenAI. Even my non-techie daughter had used ChatGPT (before I did, I might add), a clear indication that this AI interface has gone mainstream. ChatGPT is the culmination of many hours of training the AI model, using both “supervised learning” and "reinforcement learning." I have seen it used to make sense of decompiled C code and Assembly code, write a fake humorous epitaph for my daughter's best friend, and write its own prediction of AI/ML in the coming year (what am I even doing?!). Before you think the world is ending or we're entering into some sort of panacea, ChatGPT's biggest complaint from dissenters is that it is known to confidently give wrong answers in such a way that is difficult to detect unless you are informed and paying attention (not unlike some people I know).
For context, Artificial Intelligence (AI) uses developed neural networks to analyze and respond to stimuli without specific programming/rules to handle each case. Machine Learning (ML) uses training mechanisms to develop mature neural networks such that AI can match patterns based on positive- and negative-feedback systems. ML takes significant resources: time, computing power, and data input/guidance. AI, putting the neural network to use, is comparatively cheaper from a time/compute perspective.
In the past, we've noticed AI/ML systems, both real and imaginary (such as Ultron) trained on public data, have the propensity to trend toward unwanted behaviors and tendencies (racism, classism, and in some cases, an almost complete disregard for life value). Documentation on OpenAI's website indicates measures they've taken to curb that propensity, although it sounds more superficial and less systemic at first glance. However, once AI systems have access to control Cyber-Physical systems (computers that can interact with and potentially harm the real world), that's when we need to be really concerned.
ChatGPT is but a small visible portion of the AI progression which has been occurring in the last few years. AI/ML-capable computer processors have been getting smaller and cheaper, finding their way into embedded systems closer to "the edge" in an effort called "Edge AI." To a certain extent, these small, inexpensive devices can process a reduced set of AI primitives/algorithms faster and more ubiquitously than the previous model, where all data is sent back over the internet to a central AI system processing. As a result, AI is finding its way into your cars, smart speakers, web cameras, smart cities and smartphones. Of course, data is still traversing the internet to a back-end ML system in the cloud for the continued maturing of neural networks. Still, some of the processing being pushed into newer Neural-Net Processing Units (NPU) in these IoT devices is making some aspects of AI more snappy without a constant data connection.
AI/ML will continue to become entrenched in cybersecurity solutions at every level. SOC technology will use it for better alerting with fewer false positives and false negatives on what constitutes a security incident. Antivirus will use the technology to improve behavioral analysis and better determine what malicious behaviors look like (and Lotus Notes will finally die). Spam filtering will improve when choosing what mail to block, what mail to warn on, and better ways to look for potentially important mail being marked as spam.
On the exploitation side, AI will continue to aid in reverse-engineering and vulnerability research of large, complicated software and libraries. In addition, AI will aid in the discovery of vulnerable code and help create stable exploits (This is where my interests lie). Once a system is compromised, forward-deployed malware will likely use AI to automatically determine the best path and timing to achieve a goal without detection.
And let’s hope someone learns the many lessons from decades of AI-based movies before SkyNet is at full capacity.
Matthew Carpenter, Senior Research Principal at GRIMM Cyber
5) Ransomware
Prediction: Ransomware campaigns will continue, and ransomware will cause intended and unintended impacts to OT environments, including threats to health/safety/life.
Ransomware has made the news in supply chain, medical and administrative contexts, but what happens when it hits the local mine, power station, steel, or wastewater treatment plant? High-profile ransomware incidents that caused physical impacts to OT environments date back to 2017. However, the 2021 events at Colonial Pipeline and JBS Foods were the most recent to highlight the cascading effects and unintended consequences malware can have on an economy.
The increasing volume of cybercrime-motivated ransomware campaigns is likely to continue; ransomware is remarkably profitable for cybercriminals. As long as money is being made via this attack vector, they will continue targeting organizations likely to pay. Organizations with critical infrastructures are high-value targets.
Jeff Jones, Director of CyPhy ICS at GRIMM Cyber
6) CyPhy™ attacks
Prediction: CyPhy™ attacks against US critical infrastructures should be anticipated and planned for, and organizations should have policies and tested procedures in place for incident response and business continuity.
The 2015 and 2016 cyber attacks against and the discovery in 2022 of other intents to attack the Ukrainian power grid serve as stark reminders that critical infrastructures are prime targets during geopolitical conflicts. Moreover, impacts on critical infrastructures can cause social unrest to escalate quickly when human beings are without basic necessities like electricity, clean drinking water, food, refrigeration, heat and air conditioning, finances, healthcare, electronic communications, etc.
Organizations that own and operate critical infrastructures must plan and rigorously exercise incident response, business continuity, and disaster recovery with a strong focus on collaborative partnerships between business operations, IT, and OT personnel. IT and OT personnel should clearly understand business needs and criticalities, taking great care to understand one another's. Crisis planning should be done together and regularly tested with all stakeholders throughout the process. Tough risk-based business decisions like whether- or at what threshold- a ransom will be paid or an OT system will be taken offline should be made well ahead of- not during- a chaotic and stressful incident.
Jeff Jones, Director of CyPhy™ ICS at GRIMM Cyber
________________
If you connect it, WE protect it. GRIMM experts provide turnkey cybersecurity solutions for the most complex connected networks, systems and products. Contact our team today to increase your cybersecurity posture.