Cybersecurity: a new major cyber-epidemic could take place in 2023

Will 2023 be the year of a major cyber epidemic? Cybersecurity researchers fear it, because several signs suggest that an attack of this type could take hold insidiously. CNEWS provides an update with specialists on future threats, particularly in terms of cyber warfare.

Our connected world still seems very vulnerable and, at the time of forecasts, 2023 could be a more than worrying year. Cybersecurity researchers rate the possibility of a major cyber outbreak as “high”. “According to statistics, this type of cyberattack comes back every six or seven years and the last dates from 2017 with the famous self-replicating ransomware WannaCry”, explains for CNEWS Pierre Delcher, senior researcher specializing in cybersecurity at Kaspersky.

A threat that is not to be taken lightly, since WannaCry had affected more than 200,000 computers across 110 countries and impacted important infrastructures including 45 hospitals in the United Kingdom and dozens of large companies, including sites of the car manufacturer Renault.

“It is believed that states have vulnerabilities that can be exploited for such attacks,” continues the researcher. If we think back to WannaCry, this code, inspired by an NSA attack, was destructive by definition. He sought to create destabilization by making data inaccessible by encryption. It is often a system that is programmed to install itself as much as possible with automatic propagation capabilities. One can imagine that it could affect hospitals, banking systems or even military infrastructure… And the effects are often indirect. For example, they will not necessarily prevent a hospital from operating, but the disruption of the computer system can have serious repercussions, particularly for the reception of patients.

A disturbing geopolitical theater

A digital epidemic that could affect several countries remains to be feared, especially as the geopolitical context is favourable. The war in Ukraine has created new tensions on a global level and “they considerably favor the chances that a hack-and-leak could take place”, underlines Pierre Delcher. These attacks, known as hack-and-leak, aim to break into infrastructures to plunder data and put them in the public square, the main goal being to destabilize a country and its economy. “The Ukrainian conflict is hybrid, because cyber actions take place in the heart of a war. There are fears that advanced actors will use this type of attack to disrupt and destabilize order, as the digital space is held hostage in this conflict,” he warns.

Drones and satellites vectors of attacks

Especially since new types of attacks could appear. Small civilian drones, for example, could be hijacked to enter prohibited sites more easily. “The idea here is to carry out local piracy. Mobile data interceptors or malicious WiFi hotspots can be stuck on a drone, then placed near a target business. We can also imagine drones capable of dropping a infected USB key in a company car park for an employee to pick it up and use it,” explains Pierre Delcher.

Satellites are also a point of vulnerability. The idea is not to necessarily take control of it, but rather to infiltrate it with a spy program that will allow monitoring of the data exchanges of a company that uses it. “This is a very serious threat, at a time when we know that Amazon and Google plan to place servers in orbit to host data,” he notes.

Also, malicious servers that act as intermediaries could be used more. “This is a method used by the NSA brought to light 10 years ago by whistleblower Edward Snowden. Malicious servers will inject malware before an official site responds to your request. If this process was used by the Americans, in 2022, Kaspersky discovered similar capabilities in China,” notes Pierre Delcher.

Cloud vulnerabilities exploited

At the same time, the Finnish company WithSecure, a specialist in cybersecurity, points to the vulnerabilities of the cloud in 2023. “This sector will also experience a generalization and sophistication of the attacks of which it is the target. Hackers can develop attacks designed specifically for the sector by exploiting its weaknesses (identity management, access, etc.), we note.

Finally, malware campaigns that were usually carried out in a quasi-manual way will now rely on artificial intelligence. “The most skilled cybercriminals will use machine learning techniques to achieve deployment automation for their campaigns. Rewriting malicious e-mails, registering and creating fraudulent websites, compiling malware codes… The use of machine learning will enable these campaigns to go from the speed of humans to that of machines,” we conclude. at WithSecure.

We would like to say thanks to the author of this short article for this incredible content

Cybersecurity: a new major cyber-epidemic could take place in 2023

Take a look at our social media accounts along with other pages related to them