Why remote and hybrid work could fuel cyber attacks in 2023

Remote and hybrid work models may expose new vulnerabilities and more surfaces to cyber attacks in 2023, industry experts have warned.

Driven by quick returns and encrypted nature of the business, cyber criminals will continue to exploit users’ weak and poorly managed home networks and devices to breach corporate networks, they said.

The majority of the attacks will be persuasive, more personal in nature targeting specific employees of the company and hitting commonly used business communication services and apps, such as Slack, Teams, ClickUp and ProofHub.

“We see attackers steering away from targeting official work emails to ensnare their victims … they are finding more success by sending targeted social engineering campaigns to personal accounts of employees through text messages and third-party messaging apps such as WhatsApp,” Sundaram Lakshmanan, chief technology officer at California-based security company Lookout, told The National.

An increasing awareness of cyber threats has led to a rising investment in cyber security infrastructure worldwide.

“In 2023, we expect to see weaponised phishing attacks spreading their wings across commonly used business communication services and apps … [they] have traditionally been managed by anti-phishing toolbars and email security protections, but in near future phishing may scale beyond email and messages, spreading across communication channels in a much stealthier way,” said Jaspreet Singh, senior research scientist at security company Trellix, also based in California.

“While 'Zoombombing' and similar methods have been observed, we expect the use of business collaboration apps to grow as threat vectors.”

Zoombombing is the hijacking of video-conference calls by hackers.

Phishing, typically, comes in the form of fraudulent emails that aim to obtain personal information of victims, such as credit card details and sensitive data like usernames and passwords.

In January, US cyber security companies McAfee Enterprise and FireEye officially merged to form Trellix, to thwart cyber attacks and fight sophisticated criminals.

Driven by an increasing awareness of data risks and threats, the global cyber security market is poised for robust growth over the next few years.

The global cyber security market revenue is forecast to jump to $262.3 billion by 2027, a jump of more than 67 per cent from $156.35 billion this year, according to Statista.

The US, world’s biggest economy, will generate more than $63.24 billion in cyber security revenue this year — more than 40 per cent of total sales.

“Attackers will lean more on their powers of persuasion than on their malware kits as they step up social engineering attacks in the cloud … a single fake social media profile, leveraged in the right way, can allow a threat actor to impersonate a trusted vendor,” said Morey Haber, chief security officer at Atlanta-based security firm BeyondTrust.

“The threat actor will persuade victim after victim to divulge secrets or act in other ways contrary to their interest or that of their employer. The Lapsus$ [ransomware] group used social media to become an employee and then spoof access by calling a support helpdesk.”

In March, the UK police arrested seven people, including a teenage boy, following a series of online attacks by the Lapsus$ hacking group that hit major technology companies, including Okta and Microsoft.

Lapsus$ has publicly taunted its victims, leaking their source codes and internal documents. It has reportedly gone as far as to join the Zoom calls of companies they’ve breached, during which they have taunted employees and consultants trying to manage the hack.

The group has claimed to breach companies such as Samsung, Vodafone and Ubisoft.

Global cyber crime costs are also expected to surge by nearly 300 per cent to $23.84 trillion by 2027, from almost $6 trillion last year, according to data compiled by Statista and global bodies such as the Federal Bureau of Investigation and the International Monetary Fund.

Cyber crime costs include stealing and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, fraud, post-attack interruption to the normal course of business, investigation cost, retrieval and deletion of compromised data and systems. This is in addition to the reputational harm caused to the enterprises.

The global adoption of fifth-generation wireless network connectivity — or 5G — will also attract bad actors, industry experts cautioned.

“As 5G’s regional adoption accelerates, faster data transfer on mobile devices will make them as attractive to threat actors as to consumers. And private 5G deployments for IoT [Internet of Things] and other use cases will introduce weak endpoints into otherwise secure ecosystems,” said Paul Baird, chief technical security officer at California-based cloud security firm Qualys.

In 2023, attackers will continue to target supply chains that have been disrupted by the Covid-19 pandemic.

However, instead of targeting key suppliers, they will look beyond the usual suspects to gain access into core networks. For example, this could include legal or accounting firms, Christian Borst, chief technology officer for Europe, Middle East and Africa at San Jose-based artificial intelligence threat detection and response company Vectra AI, said.

“A holistic approach may help turn the tables on the matter … supply chain means partnership … partnership means collaboration and supporting each other.

“Only as a mesh interconnected structure with consistent resiliency can companies thrive in the digital economy. This includes ensuring that they review the security policies of all those in the chain,” Mr Borst said.

A mesh network is a group of connectivity devices, such as different Wi-Fi routers. It includes multiple sources of connectivity instead of just a single router.