As we navigate the evolving landscape of cyber threats, patterns from 2022 suggest heightened risks for businesses and individuals alike in 2023. More incidents of zero-knowledge attacks, credential leaks, and emerging cybercrime trends, particularly from Gen-Z, indicate a pressing need for awareness and preparedness.
Cybercrime continues to pose a significant risk globally, leveraging the rise of digital devices and the internet. With the expanding Internet of Things (IoT), attackers are presented with a growing number of vulnerable targets, allowing for increasingly sophisticated and profitable cyber attacks. As barriers to entry for cybercriminals lower, the monetization of these attacks is expected to grow, emphasizing the critical importance of robust cybersecurity measures.
This article outlines key trends observed in 2022 that are likely to persist in 2023, as elaborated in an upcoming webinar titled “The Rise of the Rookie Hacker – a new trend to reckon with“, set for January 11th.
Credential Leaks as a Primary Attack Vector
According to IBM’s 2022 Cost of a Data Breach report, compromised credentials remain the leading cause of data breaches. In 2022, malware like Info-Stealers, particularly the Redline Stealer, emerged as significant threats, extracting sensitive information from browsers, cookies, and crypto wallets. The emergence of tools such as the “Luca stealer” and “eternity stealer” indicates that threat actors now have tailored solutions to further their agendas. Alarmingly, 19% of breaches were initiated via stolen credentials, a trend poised for growth given that 59% of organizations have not adopted zero-trust frameworks, resulting in an average cost increase of $1 million per breach compared to their more secure counterparts.
Increasing prevalence of Zero-Knowledge Attacks
The dynamics of cybercrime are shifting, with services such as DDoS and ransomware being marketed on subscription-based platforms, significantly reducing the barriers to entry for aspiring cybercriminals. As reported by the Microsoft Digital Defense Report 2022, phishing kits are available on the dark web for minimal investment, alongside affordable DDoS attack services. Ransomware-as-a-Service models allow less experienced hackers to ‘rent’ established operations, thereby streamlining their attack strategies. The introduction of “clearnet malware” on mainstream platforms like Telegram further simplifies the initiation of cyber campaigns. The growing acceptance of cryptocurrency for transactions is facilitating this illicit trade, driving the evolution of the cybercrime ecosystem.
Demographic Shift in Cyber Threat Actors
The landscape of cyber threats is increasingly dominated by younger actors. Notably, the UK-based hacking group Lapsus$—composed chiefly of teenagers—gained notoriety for targeting high-profile tech companies such as Microsoft and Nvidia in 2022. Generation Z, now the largest demographic globally, is characterized by their digital nativity and innate understanding of technology. Their motivations often stem from social validation, as reflected in Lapsus$’s antics, where they reportedly engaged in these exploits for “kudos.” The accessibility of zero-knowledge attacks combined with a desire for digital approval is likely to contribute to a further decline in the average age of cybercriminals.
The Continued Need for Human Oversight
Despite significant investments in multi-layered security frameworks, the human element remains susceptible to manipulation. Social engineering tactics, designed to exploit psychological vulnerabilities, have become increasingly common among cybercriminals. In the case of Lapsus$, their method involved executing a SIM swapping scam, where they acquired access credentials and rerouted the victim’s SIM to launch attacks that circumvented multi-factor authentication measures. The simplicity yet effectiveness of such tactics underscores the persistent threat of human vulnerability.
As organizations face a cybersecurity workforce shortage, many are turning to managed detection and response (MDR) services for human oversight. The global MDR market is projected to grow significantly, from $2.6 billion in 2022 to $5.6 billion by 2027, reflecting the increasing recognition that, while technology is essential, human expertise is invaluable in navigating and countering cyber threats.
To further explore these cybersecurity trends, join Ronen Ahdut, Head of Cyber Threat Intelligence at Cynet, for the webinar “The Rise of the Rookie Hacker – a new trend to reckon with“, on January 11th at 10 AM ET / 3 PM GMT. This session will provide critical insights into emerging threats and the necessity of maintaining human oversight in safeguarding against them.
