by Aisling Dawson (Trilateral Research)

As 2023 begins, can we predict what new and emerging cybersecurity threats individuals, businesses, and governments are going to face? How can we prepare for such threats and what tools can be used to combat them?

With technological advancements promoting heightened reliance on the cyber realm for personal, business, and governmental activities, cybersecurity is becoming increasingly enmeshed within everyday life. Consequently, new security and privacy threats are emerging which must be confronted. As part of its mission to create a holistic and effective Security and Privacy (S&P) framework, TRUST aWARE focuses on identifying, preventing, and mitigating the impacts of these S&P threats. Thus, after examining the cybersecurity predictions of tech experts [1-3] as well as the ENISA Threat Landscape Report for 2022, we have compiled the top five cybersecurity threats to prepare for in 2023.

Social engineering threats

Social engineering threats are cybersecurity threats which rely primarily on human vulnerabilities. Through social manipulation and trickery, social engineering involves convincing users to complete an action that will allow the attacker access to sensitive data or to a system. These actions can involve clicking on a malicious link or downloading a malicious file. As remote working and hybrid corporate environments become more prevalent, the number of phishing threats is likely to increase in 2023. Further, attackers are becoming more convincing thanks to the advancement of deepfake technology and the increasing exploitation of international volatility within phishing schemes. [4] By using lures linked to international conflicts, such as Russia and the Ukraine, or international health crises, like the COVID-19 pandemic, hackers use international instability to make their phishing threats more credible and persuasive.

Through education and knowledge sharing, TRUST aWARE’s tools enable users to better understand, control, detect and respond to social engineering threats. TRUST aWARE’s dashboard is the user-centric, front-end component of our vision to assist and educate users. The dashboard contains general advice and educational content pertaining to S&P, with a subsection devoted to detecting phishing attempts.

Malware and ransomware

In line with previous years, Malware and Ransomware are anticipated to remain major cybersecurity threats throughout 2023 [5]. Malware refers to malicious code that is used by hackers to destroy, gain access to, or steal data. Malware can originate from a variety of sources including spam emails, website downloads and malicious files. Ransomware is a form of malware which encrypts data and demands that the company pay a ‘ransom’ to decrypt it. Whilst ransomware is often directed towards large companies, it is increasingly being targeted towards vital infrastructure such as the healthcare sector where the resultant damage could be devastating. Additionally, malware and ransomware are likely to play a crucial role in state-sponsored, cyber warfare. So, economic and geopolitical factors will continue to have a growing influence on the need for cybersecurity protections.

To tackle malware and ransomware as a cybersecurity threat, individuals, organisations, and states must focus on end-point protection. ‘End-point’ refers to the physical device, for example a laptop or mobile phone, which is connected to the network system. TRUST aWARE’s dynamic and static analysis tools can be used to monitor an end-point, detecting malicious activity and rejecting it. This end-point protection prevents malware attacks by protecting the user device from malware downloads. Additionally, TRUST aWARE provides dedicated API solutions which identify malicious and inappropriate sites and downloaded content.

Cybercrimes involving mobile phones

Due to hybridised working and lower vigilance regarding mobile security, 2022 witnessed a 22% increase in cybercrimes involving mobile phones [6]. With individual’s banking and work data all stored in one place, unprotected mobile phones remain a hacker’s daydream. Fake apps have been able to infiltrate app stores, manipulating users into downloading malware or granting excessive permissions. Genuine apps also pose potential privacy problems. Many apps’ privacy policies are long, boring, and sometimes purposefully confusing, leaving users unaware of the personal data collected and shared by their mobile apps. Additionally, android apps often rely on the functionality of third-party libraries. Third party libraries limit the costs of app development by providing a host app with additional functionality through reusable software, developed by an external body. Yet, due to the lack of privilege isolation within Android apps, these third-party libraries have the same ‘privileges’ that the host app has. This means that the third-party libraries have the same access to user’s data and permissions as the host apps, without the user’s consent.

To help counter these S&P threats, TRUST aWARE has developed two key tools. First, TRUST aWARE’s privacy policy analysis tool utilises natural language processing (NLP) to analyse the plain text of privacy policies and descriptions. The tool highlights the significant sections or clauses as they relate to the user’s S&P. By making these policies understandable, TRUST aWARE aims to enhance users’ knowledge of how their privacy and mobile security could be affected by an app. Second, NLP is also being used by TRUST aWARE within an automatic text labelling framework. This tool helps to ensure that apps do not claim more permissions than their described functionality warrants and can infer dangerous permissions required by the described functionality.

Disinformation and misinformation

The last few years have demonstrated the power of social media in promoting disinformation and misinformation. This threat shows no sign of slowing in 2023. Before Russia’s physical breach of Ukrainian territory, disinformation campaigns were utilised as a form of historical revisionism and propaganda [7]. Equally, misinformation regarding the COVID-19 virus has been widely propagated on social media, seeking to undermine the vaccination campaign and government instructions [8].

With disinformation and misinformation likely to remain a consistent cybersecurity threat, the TRUST aWARE project incorporates an ad analyst monitoring tool to help counter falsified narratives and restrain the damage they cause. By monitoring a user’s digital life and accessing the ads they receive through a browser extension, the ad analyst tool provides the user with information, statistics, and reasons why the user is being targeted with such content. By providing this information, TRUST aWARE aims to help users detect when they are being targeted by disinformation or misinformation campaigns, allowing them to make safer choices when using social media.

Data breaches and leaks involving the cloud

Lastly, breaches and leaks of data stored on the cloud are expected to pose a major cybersecurity threat in 2023 [9]. Many businesses are becoming increasingly reliant on cloud-based services to store data that is potentially sensitive and confidential. This data can be attacked in numerous ways, including through the social engineering and malware attacks outlined above. Further, with users often using easily guessed passwords or the same password across multiple different accounts, poor password habits can allow hackers to gain access to sensitive data.

TRUST aWARE’s endpoint protection tools and educative dashboard remain important in tackling cybersecurity threats to cloud infrastructure. By ensuring that individuals are well versed on good password hygiene and data protection, TRUST aWARE’s tools enable users to identify and prevent S&P threats to data stored on the cloud.

Cybersecurity threats will continue to pose risks for individual’s S&P throughout 2023, demonstrating the importance of the TRUST aWARE tools as well as its mission to transform the S&P vicious cycle into a virtuous one.

References

[1] Tim Keary, “Google outlines 6 cybersecurity predictions for 2023” (20th December 2022, Venture Beat) Available at: https://venturebeat.com/security/google-cybersecurity-predictions/ Accessed 20th December 2022,

[2] John Wilson, “Cybersecurity threats in 2023: An Expert’s Top Five Prediction” (19th December 2022, Forbes Advisor) Available at: https://www.forbes.com/advisor/personal-finance/cybersecurity-threats-for-2023/ Accessed 21st December 2022

[3] Douglas Blakely, “2023 RBI Forecasts” (27^th December 2022, Retail Banker International) Available at: https://www.retailbankerinternational.com/comment/2023-rbi-forecasts-tomas-smalakys-cto-nordlocker/ Accessed 28^th December 2022.

[4] European Union Agency for Cybersecurity, “ENISA Threat Landscape 2022” (3rd November 2022) Available at: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022 Accessed 23rd December 2022, p.27-29.

[5] “ENISA Threat Landscape 2022,” n2, p.8-9 and p.32-33.

[6] Verizon Mobile, “2022 Mobile Security Index” (August 2022) Available at: https://www.verizon.com/business/resources/reports/mobile-security-index/ Accessed 22^nd December 2022.

[7] The Organisation for Economic Cooperation and Development, “Disinformation and Russia’s war of aggression against Ukraine,” (3^rd November 2022) Available at: https://www.oecd.org/ukraine-hub/policy-responses/disinformation-and-russia-s-war-of-aggression-against-ukraine-37186bde/ Accessed 28^th December 2022.

[8] Michael Gisondi et al, “A Deadly Infodemic: Social Media and the Power of COVID-19 Misinformation” 2022 24(2) Journal of Medical Internet Research.

[9] “ENISA Threat Landscape 2022,” n2, p.31-32.