That report was released Thursday by Recorded Future, and it analyzes the cybersecurity threat trends of 2023 to predict how they will extend into 2024.
“We’re predicting that at least one ransomware group will carry out a successful compromise of hundreds of targets, by exploiting the vulnerability in specifically enterprise third-party file transfer solutions,” said Recorded Future’s Maggie Coleman.
If this sounds familiar, it is. It's reminiscent of the recent cybersecurity troubles with MOVEit. That type of file transfer service transmits sensitive data that attackers want. Attackers are also likely to target IT that underpins remote and hybrid work, such as VPNs, cloud-based storage and multifactor authentication (MFA) tools.
Defenders can prepare by creating or double-checking incident response plans as well as direct lines of communications with relevant vendors, Coleman said. Organizations need clear understanding of the solutions they use and how they’re implemented, and they also need to know who's responsible for patching — them or the vendor. Plus, organizations should monitor intelligence feeds to stay abreast of newly discovered or widely exploited vulnerabilities.
Defenders don’t just need visibility into software, but also into the software supply chain.
Bad actors have been posting malicious repositories, listed under innocuous sounding names, on open source code platforms like GitHub, Coleman said. Hackers hope software developers will either download the malicious code or incorporate it into software solutions. Also, npm and PyPI data package managers have specifically been targeted.
In 2023, phishing was a primary way attackers got access to a system. Some bad actors transmitted malicious files using archive and HTML formats to evade detection by email security software. Phishers also expanded to spreading malware or links to malicious sites via text, QR codes or corporate messaging systems like Skype and Teams. Defenders’ increased use of multifactor authentication led to more attackers trying to abuse MFA fatigue or conduct adversary-in-the-middle attacks, in which they intercept communications.
More organizations have been shifting away from passwords toward account access methods that are less vulnerable to theft. Those include magic links and phone-based authentication methods. Biometric authentication will likely become more popular, too. Such strengthening will likely prompt attackers to evolve as well, and they will send fake, malicious magic links. They may also harness generative AI to help with spearphishing. In some cases, fraudsters may shift from attempting account takeovers to attempting new account fraud.
Hackers are innovating in other ways, too. In 2023, more hackers used programming languages that let malware compromise multiple operating systems. As a result, macOS and Linux users will want to keep their guard up, because, although malware has traditionally focused on Windows, some hackers have been creating variants that target other operating systems.
For example, infamous ransomware gang LockBit appeared to have been experimenting with a macOS ransomware variant in April, although that variant has not been seen in the wild.
Globally, 2023 also saw a blurring of lines between ideologically driven hacktivists and profit-driven cyber criminals. Hacktivists often seek attention for their attacks, which can create chaos that some cyber criminals capitalize on, Coleman said. Criminals may launch their own attacks that could be confused for hacktivist activity. In other cases, hacktivists needing financial support may sell exploits or distributed-denial-of-service-for-hire services.
Political motivations are also likely to spur influence operations around this year's elections. Russia and China are expected to try to harm candidates supportive of Ukraine and Taiwan, per the report. To do so, their campaigns might seek to intensify U.S. political polarization and “undermine the democratic process.”
