The cyberthreat landscape is in a constant state of evolution, with attackers adapting new tactics in response to the success of endpoint security tools. This has been observed by researchers and incident responders from companies such as Huntress, CrowdStrike, Zscaler, Mandiant, Microsoft, GuidePoint Security, and Cisco Talos. The recent trends in cyberthreats have been alarming and have raised concerns.
One of the most notable trends in 2023 has been the MOVEit attacks, which have brought to light the shift by some attackers away from encryption-based ransomware, in favor of data theft and extortion-only. Attackers are increasingly relying on techniques that are less likely to be detected by endpoint security products, such as remote monitoring and management (RMM) tools, and identity-based attacks using compromised credentials.
There has been an evident surge in phishing and social engineering attacks, posing significant threats to organizations across the board. The tactics used by hackers continue to evolve, with SonicWall CEO Bob VanKirk stating that there is a diversification relative to the type of attacks observed in 2023. This indicates that threat actors are continuing to pivot based on a number of factors.
In terms of emerging threats in 2023, attacks leveraging generative AI have garnered significant attention. However, there has been a lot more going on in the realm of new hacker tactics this year. Security researchers have identified numerous emerging threat trends and new tactics across phishing and social engineering, data theft and extortion, ransomware, and software supply chain attacks.
Amidst these growing concerns, CRN has compiled a sampling of the new threats and hacker tactics that have emerged over the past year as part of CRN’s Cybersecurity Week 2023. The details have been gathered from CRN interviews and posts by researchers and incident responders from various leading cybersecurity firms.
What follows are 10 emerging cybersecurity threats and new hacker tactics to know about in 2023:
1. Diversification of attack types
2. Attacks using remote monitoring and management tools (RMM)
3. Identity-based attacks using compromised credentials
4. Phishing and social engineering threats
5. Attacks leveraging generative AI
6. Data theft and extortion
7. Ransomware
8. Software supply chain attacks
9. Emerging threats across cloud security, application security, and identity security
10. The surge of cyber-espionage and cyber-propaganda
This compilation provides valuable insights into the evolving cyberthreat landscape and the tactics being employed by hackers to breach organizations’ defenses. As organizations continue to adopt advanced cybersecurity measures, staying informed about these emerging threats is crucial to mitigating the risks associated with cyberattacks.
Kyle Alspach, a Senior Editor at CRN focused on cybersecurity, has been at the forefront of reporting and analyzing the industry’s developments. His coverage spans news, analysis, and deep dives into the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security, and identity security. For more information, he can be reached at kalspach@thechannelcompany.com.
In conclusion, the ever-changing cyberthreat landscape demands proactive and innovative approaches to cybersecurity, and staying informed about the latest threats and tactics is essential for organizations to bolster their defenses and protect their valuable assets.