The next WannaCry and drone hacking: Kaspersky predicts Advanced Persistent Threat trends of 2023

Content item

Woburn, MA, Nov. 14, 2022 (GLOBE NEWSWIRE) — Kaspersky researchers presented their predictions of the future for advanced persistent threats (APTs), defining the changes in the threat landscape that will emerge in 2023. Attacks on satellite technologies and mail servers , the rise of destructive attacks and leaks, drone hacking and the next big cyber epidemic are among some of the predictions for next year.

The political turmoil of 2022 brought about a shift that will echo throughout cybersecurity for years to come and have a direct effect on the development of future sophisticated attacks. The 2023 forecast is based on the expertise of the Kaspersky Global Research and Analysis Team (GReAT) and the activity it has witnessed this year while tracking more than 900 APT groups and campaigns.

Advertisement 2

Content item

Content item

The next WannaCry and drones for proximity hacking

Statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines. Kaspersky researchers believe the likelihood of the next WannaCry happening in 2023 is high. One potential reason for an event like this occurring is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance that a ShadowBrokers-style hack-and-leak could take place .

Major shifts will be reflected in new types of targets and attack scenarios too, as experts believe next year, we may see bold attackers become adept at mixing physical and cyber intrusions, employing drones for proximity hacking. Some of the possible attack scenarios include mounting drones with sufficient tooling to allow the collection of WPA handshakes used for offline cracking of Wi-Fi passwords or even dropping malicious USB keys in restricted areas in hope that a passerby would pick them up and plug them into machine.

Advertisement 3

Content item

Other advanced threat predictions for 2023 include:

· SIGINT-delivered malware

One of the most potent attack vectors imaginable, which uses servers in key positions of the internet backbone allowing man-on-the-side attacks, may come back stronger next year. While these attacks are extremely hard to spot, Kaspersky researchers believe they will become more widespread and will lead to more discoveries.

  • The rise of destructive attacks

Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks, affecting both the government sector and key industries. It is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors. High-profile cyberattacks against civilian infrastructure, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.

Advertisement 4

Content item

· Mail servers become priority targets

Mail servers harbor key intelligence, making them valuable to APT actors, and have the biggest surface attack imaginable. The market leaders in this industry have already faced exploitation of critical vulnerabilities, and 2023 will be the year of 0-days for all major email programs.

· APT targeting turns toward satellite technologies, producers and operators

There is evidence of APTs being capable of attacking satellites, with the Viasat incident as an example. It is likely that APT threat actors will increasingly turn their attention to the manipulation of, and interference with, satellite technologies in the future, making the security of these technologies ever more important.

Advertisement 5

Content item

· Hack-and-leak is the new black

The new form of hybrid conflict that unfurled in 2022 involved a large number of hack-and-leak operations. These will persist in the coming year with APT actors leaking data about competing threat groups or disseminating information.

· More APT groups will move from CobaltStrike to other alternatives

CobaltStrike, a red-teaming tool, has become a tool of choice for APT actors and cybercriminal groups alike. It has gained significant attention from defenders, making it likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.

“It is quite clear 2022 saw major changes to the world’s geopolitical order, and ushers in a new era of instability,” said Ivan Kwiatkowski, senior security researcher at Kaspersky. “A portion of our predictions focus on how this instability will translate into nefarious cyber activities, while others reflect our vision of which new attack vectors will be explored by attackers. Better preparation means better resilience and we hope our assessment of the future will enable defenders to strengthen their systems and repel cyberattacks more effectively.”

Advertisement 6

Content item

The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. Read the full report on Securelist.

These predictions are a part of Kaspersky Security Bulletin (KSB), an annual series of predictions and analytical articles focused on key changes in the world of cybersecurity. Click here to see other KSB parts.

To look back at what the Kaspersky experts expected to see in the advanced targeted threat landscape in 2022, please read their previous yearly report.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Advertisement

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourages all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.