Security expert Kaspersky has published a forecast of the threats posed by cybercriminals to companies in 2023. The trend is towards Malware-as-a-Service and public tenders.
In the past year, around two-thirds of large companies in Germany were confronted with more cyber attacks. For the year 2023, the experts at Kaspersky Security Services have the threats investigatedwhich could be relevant for large companies and the government sector.
One method is blackmail by countdown to data leak. Ransomware actors report on successful hacker attacks on companies in their blogs. In September and November last year alone, Kaspersky tracked down around 500 such posts. While cybercriminals used to reach out to victims directly, instead of privately demanding a ransom, they post about the security breach on blogs and display a countdown until the leaked data is made public. Kaspersky believes that this trend will probably continue this year. The cybercriminals benefit from this, regardless of whether the company concerned pays or not. Because the data is often auctioned off, with the final bid sometimes even exceeding the ransom demanded.
Countdown until publication of data in LockBit ransomware blog. Source: Kaspersky
Another phenomenon is that cybercriminals boast about false leaks. Blog posts about extortion are effective in the media. That could be exploited by lesser-known actors in 2023 by claiming to have allegedly hacked a company, regardless of whether the attack actually happened. It will still damage the defamed company.
The fact that leaks of personal data endanger professional mail accounts will continue to increase in 2023. In addition to the privacy of the individual, this also endangers the cyber security of companies. Employees would often use work email addresses to register with third-party sites. Publicly available e-mail addresses are interesting for cybercriminals to trigger discussions about potential attacks on the dark web and to use them for phishing and social engineering.
Malware-as-a-Service, attacks via the cloud and compromised data from the Dark Web represent another threat scenario for Kaspersky. Kaspersky experts assume that ransomware attacks are caused by Malware-as-a-Service (MaaS ) tools are becoming more and more similar. Due to increasingly complex attacks, automated systems would no longer be sufficient to guarantee security. In addition, cloud technology will become a popular attack vector.
