Key Takeaways from Mandiant Cyber Security Forecast 2023

Key findings from the Mandiant Cyber Security forecast 2023-which shared forward-looking thoughts on the Global cyber security trends in areas such as Russia’s Cyber and the Invasion of Ukraine, Chinese Cyber Assertiveness, Iranian Escalation, North Korea Desire for Revenue and Intelligence, Ransomware-as-a-Service etc.

On the Global Forecast

• Just like Script kiddies, a considerable number of young Non-Organized and Non-Nation State Attackers will conduct intrusions on prominent organizations not financially motivated but just for show-off.
• With the recent U.S policies on sanctions and potential response in the cyber domain concerning Ransomware and other attacks, indicators show that Europe may surpass the U.S as the most targeted region for ransomware
• Ransomware-as-a-Service providers will modernize their software targeted on Exfiltration and “leak sites” as the recent trend shows organizations considered mitigating brand names more compelling to paying ransom than regaining access to encrypted data 
• As Political motivation and Nation-State leverage Information Operation (IO), more third-party organizations will spring up to provide IO services
• Enterprises will shift to Password-less Authentication as corporate credential theft by cyber criminals has continued to be on the increase.
• TAs have shifted to stealing user’s identities as more critical than gaining access to endpoints
• Attackers are following Offensive and Defensive security research releases to gain more knowledge to execute attacks
• The growing risks of Cyber-attacks are making it difficult for organizations to be cyber-insured as Cyber Insurance firms are reevaluating their risk appetites
• Attackers buy initial access credentials from Initial access brokers. TAs find it as a cost-effective alternative to trying to phish them from victims
• Attackers in their unending TTPs have crafted new ways of leveraging social engineering to deceive victims and steal their sensitive credentials such as credit card information

On the Big Four – CRIN (China, Russia, Iran and North Korea)

• The Russian invasion of Ukraine has increased the threat landscape of cyber-attack and information operations – misinformation and propaganda
• The Chinese aggressive cyber espionage, regional hegemony and push for Global economic dominance have posed a great magnitude of threats to organizations globally.
• Iranians have continued to deploy disruptive and destructive cyber-attacks targeting Middle-East governments, Telecommunications and other infrastructures
• North Korea will continue to attack South Korea, Japan and the U.S for its desire for revenue and intelligence as a result of political and economic sanctions

On the Asia Pacific and Japanese Front

• Drawing from previous cyber actions on Southeast Asia elections, the 2023 elections will see increased cyber actions from interested espionage groups
• Russian Invasion of Ukraine received lots of global reactions.  Many Asia Pacific Countries that showed solidarity for Ukraine are expected to get a retaliatory cyber-attack from the Russia nexus group as they have been tagged “Unfriendly” by Russia
• Asia Pacific Manufacturers are a major target for ransomware operators

On the European, Middle East and Africa Front

• EU sanctions on Russia for invading Ukraine could see Russia Expanding its cyber operations across Europe
• The EU Energy concerns will attract a lot of cyber operations as the EU region will be under pressure to meet its energy needs

Conclusion

Ransomware attacks despite being a global concern have shown a decline in the U.S. but rather taken a different turn as it focuses on the EU region. As organizations in the EU region needs to stray proactive, organizations in other parts of the world need to be cyber resilient to protect to reduce/eliminate extortion because ransomware operators will do whatever possible to achieve their malicious goals by leveraging social engineering and even physical means.

In the next year, we should expect an increased number of attacks attributed to social status or bragging rights amongst GenZ. This set group has no affinity with any organized group or Nation-state actors but merely young individuals who will engage in these attacks just to show-offs. However, the impact of the Big Four (Russia, China, Iran and North Korea) cannot be overemphasized as they will use disruptive, destructive and information operations to conduct attacks.

Lastly, organizations have to be proactive to proffer countermeasures to reduce/eliminate the activities of these potential attacks in 2023. CyberPlural MSSP always shares knowledgeable information on best practices to be cyber resilient.

By Augustine Ani