| 5 min read
Table of contents
Ever committed to helping companies develop and deploy secure software, we share a selection of what we consider to be the most significant cyberattack and prevention trends in 2023.
As in previous years, there were attacks based on exploiting vulnerabilities in software products. Moreover, the expression in cyberspace of wars between nations continued. On the other hand, artificial intelligence (AI) showed important progress this year, and cybercriminals took that to their advantage to enhance their attacks.
These challenges for cybersecurity have led to protection trends throughout the development cycle of technological products. Such include the use of AI for good and enhancements in authentication mechanisms.
Cyberattack trends in 2023
Cyberattacks using artificial intelligence
AI was on everyone’s lips this year. Useful and fascinating as it is, it has been a cause of concern. A vivid example is what has happened with the wildly popular chatbot ChatGPT. Having reached 100 million monthly active users just two months after its launch, it made history as the fastest-growing consumer application in history before Meta’s Threads launch. (The number of ChatGPT users is now on decline, though.)
ChatGPT’s generative AI has been abused to write malicious code. Some malware criminals write with it can even evade endpoint detection and response (EDR) applications. Remarkably, AI has also helped criminals step up their phishing game. Namely, it helps them create more convincing messages to lure victims to downloading and executing malware.
Early this year, ChatGPT had a data breach due to a vulnerability in an open-source library. The breach “allowed users to see the chat history of other active users.” Further, criminals have stolen over 100,000 accounts on this app using malware. And the app has suffered recent outages caused by DDoS attacks.
Below we will see that the cybersecurity industry has also taken advantage of the latest trends in AI.
A new cyberwar
The war between Israel and Hamas, like that between Russia and Ukraine, has included cyberattacks by hacktivists. Some attacks intended to deface websites or make them crash, with the government and militia sectors as the main target. For example, pro-Islamic groups have hit the Israeli Parliament with DDoS attacks. And pro-Israel groups have attacked websites of the Gaza government.
Other attacks sought to impact nations supporting either side of the conflict. Case in point, an increase in cyberattacks against some supporters of Israel, i.e., the U.S., France, India and Italy, has been linked to the activities of some groups associated with Russia, Bangladesh, Iran or other nations. And unidentified groups have targeted international organizations that provide humanitarian aid to both Palestinians and Israelis.
Software supply chain attacks
Cybercriminal groups have managed to cause large monetary and reputational losses to organizations over the years when they infect third-party software products used by the firms or on which the firms’ own products depend.
The largest global attack campaign of this type this year has been the one carried out by the CL0P ransomware gang exploiting a flaw in a file transfer tool called MOVEit. To date, they have affected more than 2,500 organizations, compromising the data of nearly 70 million people.
Companies using insecure third-party software are exposed to consequences of the most costly kind. This year, a data leak due to a software supply chain attack cost an average of $4.63M globally. This cost surpasses that of attacks due to all other causes, which averaged $4.26M.
Use of software dependencies with known vulnerabilities remains a widespread issue. Our State of Attacks 2023 report shows that about 83% of the systems we tested this year used flawed software components. This type of vulnerability caused the most risk exposure (over 25%) to systems when aggregated.
Nation-state threats
According to the Microsoft Digital Defense Report, several groups operating globally, linked to Russia, China, Iran and North Korea, carried out attacks that ranged from spreading false information to spying or stealing cryptocurrencies.
The government sector was the second most affected, behind academia. Notably, this year there was a diversification in the nations attacked, especially evidenced by how Iranian groups expanded their attacks to South East Asia, Eastern and Southern Europe, Africa and Latin America.
In addition to the government sector, a wide variety of industries have been impacted. This possibly represents large losses for many organizations, given that, for example, the average cost of a data breach this year was a record $4.45M.
Cyberattack prevention trends in 2023
Artificial intelligence for cybersecurity
As we said above, AI is also used in favor of protecting information systems. Researchers over the world (e.g., Microsoft’s) began to use it to analyze vast amounts of data from Internet connections to more quickly detect and analyze cyberattacks on organizations anywhere around the world. At the individual organization level, some solutions using AI are supporting cybersecurity teams, which are generally understaffed, to detect potential breaches in their systems.
In terms of AI’s support to the preventive posture in cybersecurity, that is, security applied to systems from the beginning of and during the entire development lifecycle, we at Fluid Attacks have contributed to the advancements. We leverage AI to create models that inform hacking teams which files of the applications they are evaluating are most likely to have vulnerabilities. This way, they can prioritize those files in their search. In addition, we released this year a feature for our IDE extension to generate step-by-step guides on VS Code with fixes relevant to the detected vulnerabilities. This helps devs remediate software flaws more easily and effectively. Other solutions are using AI to help eliminate vulnerabilities by automatically presenting suggested code modifications for devs to simply accept or reject.
Software supply chain security
There is a constant threat of attacks taking advantage of flawed open-source components. That is what makes it so necessary to follow the recent trend to secure the software supply chains as comprehensively as possible.
The approach encompasses not only having an up-to-date list of those components or products in use (i.e., a software bill of materials) and their security status, but also verifying their provenance and assessing the suppliers' security policies and their compliance with industry standards.
We have talked more extensively about software supply chain security (SSCS) in a blog post. Read it, as we give you a checklist of some main aspects you should take into account in SSCS during the different phases of the software development lifecycle.
The shift to passwordless
Passkeys are a standard by Google, Apple, Microsoft, World Wide Web Consortium and FIDO Alliance. It consists of a PIN or pattern or biometric factor, such as face or fingerprint, to access accounts in various applications. This alternative has been replacing passwords.
One advantage is their speed. Google has found that passkeys allow users to authenticate in half the time it takes with passwords. In addition, passkeys are more secure, because they are not processed by servers, e.g. Google, but are stored only on the device. By giving the right passkey, it generates a unique digital signature to confirm the access rights to the application that is requiring authentication. And as it is used only in authorized applications, this new method prevents credentials from being shared on fraudulent sites.
Secure your applications against cyberattack trends with Fluid Attacks
It is a great mistake to be unaware of the security vulnerabilities, and the risk exposure they cause, in proprietary as well as third-party code. You need to follow a preventive approach to cybersecurity. Find out how secure your application and your software supply chains are and fix all found issues before the bad guys place eyes on them. Begin your 21-day free trial now and let us help you develop and deploy secure applications.
Table of contents
Share
Recommended blog posts
You might be interested in the following related posts.
Protecting your PoS systems from cyber threats
Top seven successful cyberattacks against this industry
Challenges, threats, and best practices for retailers
Be more secure by increasing trust in your software
How it works and how it improves your security posture
Sophisticated web-based attacks and proactive measures
The importance of API security in this app-driven world