Skip to content

Cyberattacks, ransomware incidents expected to rise in 2023

"Slow down and think," warns a cyber expert.
hackerstockimage
Cybercriminals are expanding their playbooks, says cyber expert Derek Manky.

Cybersecurity experts say cyberattacks and ransomware incidents are expected to rise in 2023 — something that'll affect everyday bank account users to high-flying executives.

“The playbooks are being expanded by cybercriminals,” says Vancouver-based cyber-detective Derek Manky.

People can guard themselves against cybercrooks if they just slow down, rather than succumbing to the speed and mayhem of modern life, he said.

“There is going to be a time and day when everyone is going to be attacked or pinged by a cybercriminal,” said Manky, Fortinet's chief security strategist and vice-president for global threat intelligence.

“Slow down and think,” he said.

Fortinet's August data shows that in the previous six months, it had seen 10,666 ransomware variants across its system; that's up significantly when compared to the 5,400 ransomware variants recorded six months earlier.

Such attacks are seeing “insane payouts,” Manky told Glacier Media.

Those numbers all jive with predictions from California-based Proofpoint, which said the coming year could be a turbulent one for business, company security officers, boards and people generally.

“The stress of the economic downturn — job losses, higher interest rates, lower living standards, and inflation — takes both a financial and emotional toll on employees and their families,” Proofpoint said in its Cybersecurity Predictions for a Turbulent 2023 report.

It said as people become distracted and unhappy at work, cybercrooks can more easily exploit human weaknesses.

“Cyberattackers thrive on such worries, upping their game to prey on people’s emotional state,” the report said. “Physical conflicts, like Russia’s war with Ukraine, exacerbate the general global turbulence, igniting new cyberattacks and expanding systemic risk for organizations.”

Part of the threat is due to the growing technical arsenal crooks have, a toolkit that has made cyberattacks — ransomware in particular — a business.

With ransomware, fraudsters hack into a system, steal data and hold it for ransom. Or, they can take down part of a system and end the high-tech kidnapping when ransom is paid.

Lucia Milică, Proofpoint’s global resident chief information security officer, said ransomware-as-a-service (RaaS) has bloomed into a lucrative dark web economy, leading to the proliferation of ransomware attacks.

“As dark web commerce continues to boom, we expect a fresh wave of attacks made possible by this commercialization,” she said. “This is continuing to grow.”

For Manky, "this game never stops."

"It’s just like crime in the physical world," he says.

Milică added there is also the problem of double extortion, where ransom is paid, the data is not released and the crooks come back for more money.

Fortinet said RaaS subscription model services for plug-and-play ransomware allows even novice cybercriminals to target people, businesses and other organizations for a quick payday.

“Just like your favourite subscription service lets you stream your favourite shows, order your favourite foods, or even visit your favourite places, RaaS gives criminals access to ransomware and other malicious software for a commission or monthly price,” Fortinet’s Global Threat Landscape Report said.

Manky told Glacier Media the RaaS system is a business like any other: seeking highly skilled employees and going as far as interviewing them.

“It’s just how cartels would work,” he said.

A decade ago, he explained, a RaaS used might pay for one infection of a computer system. Now, multiple affiliates could be signed on.

Proofpoint also predicts multi-factor authentication (MFA) attacks will increase. MFA is when the user is prompted to put in a code sent to them, after they've tried to log in. Think email, bank accounts or Facebook.

“Thus begins a new cat-and-mouse game: as more organizations add MFA as a security layer, more cyberattackers are pivoting to exploit MFA weaknesses and MFA fatigue among users,” Proofpoint said.

That fatigue, however, can be mitigated, said Manky.

“We’re just simply moving too fast,” he said. “People don’t slow down enough.”

What does the future hold when it comes to cyberattacks? 

Milică said the public can expect to see a weaponization of the supply chain, exploiting trust in third-party vendors and suppliers. There will also be prominent use of deepfake technology in identity fraud, financial scams and disinformation, she said.

Cybersecurity experts have long warned companies to ensure suppliers' security systems mesh with their own. But, Milică said, with companies relying on multiple systems for things such as payroll, email, document signatures and other items for operations, the ability for crooks to gain entry depends on the weakest link in such systems.

“Any one of those can have a vulnerability that a thief can exploit,” Milică said. “You really do have to rely on the individual vendor.”

As has been stressed over the years, the issue comes down to educating company staff on an ongoing basis.

"Not just a one time, check-the-box exercise," she said.

jhainsworth@glaciermedia.ca

twitter.com/jhainswo