Netskope Threat Labs: What We’ll See In 2023

Continuing our ongoing series of expert predictions, the following come from Netskope Threat Labs, including what we see on the horizon for software supply chain, phishing, and ransomware. 

Phishing operations will increase in sophistication to bypass MFA

Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorize you to access their accounts. MFA has long been touted as a “solution” to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA. -Ray Canzanese, Director, Threat Research

Software supply chain security will be a bigger focus for organizations. 

There has been a significant increase in software supply chain attacks in recent years. As we discover more vulnerabilities in application source code, especially among open source software, we expect this type of attack to continue growing. This calls to attention a need for organizations to strengthen their measures and strategies for software supply chain security. -Clive Fuentebella, Threat Research Engineer

Ransomware is not going anywhere. 

To state the obvious, ransomware is one of the most pervasive cyber threats. This is exacerbated by the inclusion of multiple extortion tactics, such as data exfiltration and DDOS, by the threat actors. And this is not going to change anytime soon. In fact, we will likely see more groups performing more devastating attacks, more affiliates being involved in these attacks, and newer payloads and tools being used along with newer techniques like collaborating directly with malicious insiders. -Dagmawi Mulugeta, Senior Threat Research Engineer

Data exposure from insider threat will get worse before it gets better

The adaptations that organizations have made to deal with a global pandemic, and now a remote workforce, also require security practices to evolve. With workers logging in from remote networks and using cloud-based services, it’s harder than ever to proactively identify insider threats. In 2023, we will see organizations realizing how little control they have over their own data. -Colin Estep, Principal Engineer

The threat of Ransomware-as-a-Service and extortion groups will continue to intensify

Attacks involving data encryption and theft of confidential information are on the rise. There is a growing trend that we believe will intensify in 2023, where we have two extremes. On one side, we have the infamous Ransomware-a-Service, in which attackers focus on both encryption and theft of sensitive data. On this side, we can even observe groups being even more aggressive, like LockBit, which implemented the triple-extortion model. On the other side, we have extortion groups, like LAPSUS$ and RansomHouse, which breach companies only to exfiltrate sensitive data, without encrypting any files. We believe 2023 will be filled with attacks sourced from RaaS groups and from extortion groups, perhaps even intensifying an Extortion-as-a-Service model. -Gustavo Palazolo, Staff Threat Research Engineer

Keep up with the latest research and reports from over on the Netskope Threat Labs page.