IT & Telecommunications

Likelihood of WannaCry happening in 2023 high: Kaspersky

Cybersecurity expert Kaspersky’s researchers believe the likelihood of the next WannaCry happening in 2023 is high.

One potential reason for an event like this occurring is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance that a ShadowBrokers-style hack-and-leak could take place, Kaspersky said in its 2023 threat predictions.

Statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines.

“Major shifts will be reflected in new types of targets and attack scenarios too, as experts believe next year, we may see bold attackers become adept at mixing physical and cyber intrusions, employing drones for proximity hacking. Some of the possible attack scenarios include mounting drones with sufficient tooling to allow the collection of WPA handshakes used for offline cracking of Wi-Fi passwords or even dropping malicious USB keys in restricted areas in hope that a passerby would pick them up and plug them into a machine.”

The 2023 forecast is based on Kaspersky expertise and the activity witnessed this year while tracking more than 900 APT groups and campaigns.

Other advanced threat predictions for 2023 include:

SIGINT-delivered malware

One of the most potent attack vectors imaginable, which uses servers in key positions of the internet backbone, allowing man-on-the-side attacks, may come back stronger next year. While these attacks are extremely hard to spot, Kaspersky researchers believe they will become more widespread and will lead to more discoveries.

The rise of destructive attacks

Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks, affecting both the government sector and key industries. It is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents.

The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors. There will be high-profile cyberattacks against civilian infrastructure – energy grids or public broadcasting may also become targets, as well as underwater cables and fibre distribution hubs, which are challenging to defend.

Mail servers become priority targets

Mail servers harbour key intelligence, making them valuable to APT actors, and have the biggest attack surface imaginable. The market leaders in this industry have already faced exploitation of critical vulnerabilities, and 2023 will be the year of 0-days for all major email programmes.

APT targeting

There is evidence of APTs being capable of attacking satellites, with the Viasat incident as an example. It is likely that APT threat actors will increasingly turn their attention to the manipulation of, and interference with, satellite technologies in the future, making the security of these technologies ever more important.

Hack-and-leak is the new black

The new form of hybrid conflict that unfurled in 2022 involved a large number of hack-and-leak operations. These will persist in the coming year with APT actors leaking data about competing threat groups or disseminating information.

More APT groups will move from CobaltSrike to other alternatives

CobaltStrike, a red-teaming tool, has become a tool of choice for APT actors and cybercriminal groups alike. It has gained significant attention from defenders, making it likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.

Meanwhile, about every third user in the META (Middle East, Turkey and Africa) region was affected by online and offline threats in January-September 2022, says Kaspersky.

Tunisia and Qatar had the highest number of users affected by online threats (40.3% and 39.8% respectively), followed by Turkey (38.5%), Kenya (38%). Fewer users were affected in Egypt and Jordan (28.1% and 28% respectively). The highest numbers of offline threats were reported in Nigeria (46.8%), Tunisia (45.3%), Morocco (44.8%) and Kenya (43.4%). South Africa had the lowest numbers of affected users in the META region (31.8%) by local threats.

Cyber Security Weekend – META

Kaspersky shared the evolution of the digital threat landscape in the META region and worldwide during its annual Cyber Security Weekend – META, which took place in Jordan. Kaspersky experts discussed various topics and threats specifically facing enterprises, businesses and industrial organisations and shared threat predictions for the upcoming year.

A special focus was made on security for emerging technologies, such as robotics, IoT, and critical industry-specific threats – these technologies should be addressed through a secure by design approach such as Kaspersky’s Cyber Immunity.

"Today's hyper-connected world requires us to reconsider the way we do cybersecurity. We need to shift toward a more reliable approach – one with no room for error. This is why we're working on developing Cyber Immune products with ‘innate’ protection against cyberthreats. Most attacks on the Cyber Immune systems are ineffective. It's through events like this one in Jordan that we're able to share our innovations and educate our audience about a safer and more resilient digital world where Cyber Immunity is the new norm," said Eugene Kaspersky, CEO of Kaspersky.

Increase in APT intrusions

In 2022 there has been an increase in the number of persistent and sophisticated attacks targeting various states in the META region and specifically in Africa.

Starting from the most recent threat actor Metador targeting telecommunication companies, HotCousin expanding its operations to this region, the numerous campaigns deploying various IIS backdoors, DeathStalker and Lazarus attacking multiple industries there and a mysterious SSP-library backdoor discovered on governmental and non-profit entities, there were several new threats active in the region over the last year.-- TradeArabia News Service

IT & Telecommunications

Likelihood of WannaCry happening in 2023 high: Kaspersky

e& Carrier & Wholesale launches off-net services to close ‘roaming’ gaps

Aveva previews industrial AI assistant along with Microsoft

stc Bahrain seals strategic partnership deal with HPE Aruba

Walmart chooses Swisslog ASRS powered by SynQ software

Bakery ups throughput, cuts errors with machine vision solution

Masdar City plans $1bn investment in critical sectors

Tamkeen launches 2nd phase of CIC Programme

MBZUAI presents innovative research at WFES 2024

SIRC and SAP extend partnership with new deployment

Bain & Company and stc 'top companies': LinkedIn

Microsoft invests $1.5bn in UAE-based G42

Cybersec leaders weigh in on Middle East cybersecurity

Alibaba Cloud unveils new pricing strategy, service availability

Hexaware and Novelty Group forge transformative JV

BITS Pilani Dubai achieves 'space' landmark

Five Saudi cities make it to 2024 IMD Smart Cities Index

Batelco first with fully automated number portability

Aramco, GCT to help boost 5G ecosystem in Saudi Arabia

International Business Hub to kick off at GITEX Africa

Next generation DCS Valmet DNAe launched

KBR awarded over $450m in US government contracts

Roshn signs deal with Google Cloud to optimise AI capabilities

Roshn teams up with Google Cloud to unlock the power of AI

Saudi Central Bank approves stc pay transition to STC Bank

GDA adds 20th bitcoin mining site in global expansion

Dubai Chamber explores private sector empowerment

PT detects a series of cyberattacks against Russia and the CIS

Threat actors deliver malware via ‘YouTube video game cracks’

SITE in deal with AhnLab to set up Saudi cybersecurity JV

e& launches ‘Wider Web’ for mobile to empower autistic users