Supply chain cyberattacks to ramp up in 2023

From malware to ransomware and everything in between, hackers are everywhere these days, putting businesses, consumers, and governments at ever-increasing risk of cyberattack. Supply chains top the list of prime targets heading into 2023, according to a list of seven cybersecurity trends to watch from encryption technology company NordLocker, released this week.

“Cybersecurity never stops evolving because digital technologies are increasingly overtaking each part of our lives, in turn increasing the scope cybersecurity tools should cover,” NordLocker’s Chief Technology Officer Tomas Smalakys said in a press release. “This ever-changing nature of the cybersecurity field makes each week, month, and year different from those that have passed, making it extremely important to stay two steps ahead of emerging threats.”

Smalakys listed the targeting of supply chains as the second-biggest cyberthreat heading into 2023, just behind the rise of “fileless malware.”

“The Covid-induced global chip shortage revealed that the most fragile part of the global economy is its interconnectedness. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals have the ability to grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands,” he said. “We already see this trend in 2022, and these types of attacks are only ramping up.”

Other top trends on Smalakys’ list include:

• Fileless malware will pose serious concerns. Because fileless malware does not require its victim to download any files, it is practically undetectable by most information security tools. This type of malicious software works by exploiting vulnerabilities in already downloaded, well-known, and trusted applications, leaving no trace on the computer’s memory. Fileless malware requires significant skills to develop and carry out, but if it's successful, it can do immense damage.
• Employees will be the weakest link in corporate cybersecurity. With the human factor being the culprit behind more than 80% of cyberattacks, companies will continue struggling to instill proper cyber hygiene principles in their employee culture, even though the tools they use are becoming increasingly advanced.
• Ransomware will become more targeted. Usually, ransomware is spread randomly to numerous targets by phishing or other social engineering methods with the hopes that someone will click the link or provide their credentials. More recently, however, ransomware gangs have been applying a different approach that is more carefully crafted to each individual victim and can do much more damage.
• Cloud security will become increasingly important. With companies increasingly moving their data into the cloud instead of storing files locally on their computer, we will see a growing number of cyberattacks that exploit vulnerabilities in current solutions.
• The EU threatens encryption laws. In order to curb various online crimes, the European Commission has put forward a proposal to weaken encryption laws across the bloc. If it passes, the new law will require digital platforms to scan every single message or file sent through their services for suspicious content. While the motivation behind the initiative is well-intentioned, it would make the internet much less private and secure.
• Reduced cybersecurity spending will expose vulnerabilities. With a looming recession, many companies and individuals are rethinking their budgets, and cybersecurity spending is often among the first to receive a cut. Criminals will exploit this lowered guard, which is very likely to make 2023 one of the costliest and most destructive years for entities affected by cybersecurity incidents.