3 Barracuda executives share security predictions for 2023

Over the past year, we’ve seen threat actors go to new lengths to compromise networks, steal data, and otherwise disrupt operations. As 2023 gets underway, we’re looking ahead to the changes, developments, and trends the coming year will bring to the threat landscape.

To help you prepare for 2023, we recently spoke to three Barracuda executives, each with their own perspective and predictions about what the next 12 months have in store and what businesses need to be aware of to stay secure.

Fleming Shi, CTO, Barracuda

Wiperware stemming from geopolitical tensions will spill into other countries

Russia’s invasion of Ukraine in 2022 revealed the modern digital battlefield. Most notably, we have witnessed an increased use of wiperware, a form of destructive malware against Ukrainian organizations and critical infrastructure. The frequency has dramatically increased as we saw WhisperGate, Caddy Wiper, HermeticWiper, and others hitting the news since the war broke out. Unlike the financial motivations and decryption potential of ransomware, wiperware is typically deployed by nation-state actors with the sole intent to damage and destroy an adversary’s systems beyond recovery. In addition, in 2023, wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue; and hacktivism by non-state actors seeking additional measures to exploit victims. To ensure business continuity despite an attack, it’s imperative for organizations to focus on full-system recovery that provides operability of the entire system instead of just data. For example, a speedy restoration of the virtual version of a targeted physical system will dramatically improve the resiliency of your business against wiperware or other destructive malware attacks.

Ransomware gangs will become smaller and smarter

Throughout 2022, the major ransomware gangs — LockBit, Conti, and Lapus$ — were behind blockbuster attacks, keeping them in the headlines. But in 2023, with the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal the limelight. During the year, organizations will experience an increased frequency of ransomware attacks with new tactics, and those that aren’t prepared will make headlines that devastate their business and reputation.

Sinan Eren, VP of Zero Trust Security, Barracuda:

Novel MFA social engineering and bypass methods will drive cyberattacks

During 2023, expect to see hackers continue to overwhelm and manipulate people utilizing multifactor authentication (MFA) with novel social engineering and bypass methods to gain access to credentials and breach networks. MFA-fatigue attacks — which bombard users with MFA notifications — will continue to be a favorite among hackers because they don’t require malware or ransomware infrastructure. Additionally, they have proven to be very successful especially of late. Hackers will also increasingly deploy more advanced phishing techniques to bypass MFA like man-in-the-middle attacks, which can intercept and relay communications between two parties through a proxy site. It’s highly likely that we’ll also see downgrade attacks by phishers from secure FIDO2 keys to less secure secondary factors like SMS or TOTP.

Smishing (SMS phishing) attacks will overshadow email phishing attacks

With the heightened awareness of email phishing, cybercriminals are realizing that users are now more likely to click links within SMS messages that mimic the communications and websites of major organizations — aka smishing. In 2023, smishing attacks will become more prominent than email phishing attacks due to the popularity of smartphones and cybercriminals’ sophisticated spoofing techniques. Smishing will be top-of-mind among security leaders and the C-suite next year and will drive awareness training initiatives across internal and external stakeholders.

Aidan Kehoe, SVP, Barracuda

Cyber insurance will become more expensive despite covering less

Going into 2023, the capacity of cyber insurance will continue shrinking as a result of increased demand and expected losses. This will cause premiums to skyrocket and unfortunately, many organizations will not be able to afford the exact policies they held last year. Additionally, the gray areas created by the anonymity of cyberattacks and the recent cyber insurance mandates excluding war and non-war, state backed cyber-attacks will drive litigation and investigations around coverage next year. To compensate for gaps in coverage and liability, organizations will be forced to purchase additional cybersecurity solutions.