Cyber Security Threats and Risks to Look out for in 2023

Published in

Accedia

10 min readJan 11, 2023

Cyber Security has always been a key part of every organization’s IT infrastructure. These days, with the rise of cloud computing, the challenges of keeping good security standards have become even more complex. Thus, in this article, we’ll discuss the most popular and dangerous security threats. We’ll provide an overview of their complexity and repercussions on organizations and even entire economies.

WHAT ARE SOME OF THE BIGGEST CYBER SECURITY THREATS?

Cyber Security attacks are becoming more common, malicious, and sophisticated. They target companies of all sizes and industries. Thus, it is important to be familiar with the threats that are most likely to occur and how to mitigate them by adopting the right protocols and practices.

Here are some of the most common Cyber Security risks you need to be aware of:

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK

One of the most common types of cyber-attacks is DDoS, also known as a subclass of Denial of Service (DoS) attacks. Here, using so-called botnets (connected online devices) to flood systems, networks, and servers with fake traffic, attackers overwhelm and exhaust the victim’s resources and bandwidth. Unlike the majority of cyber-attacks, DDoS is not focused on breaching security. Its main goal is to take over the traffic to a website and make it unavailable to real users. This can also be used as a distraction while hackers target other security parameters and take down appliances. It is interesting to note that during the first half of 2022 there was an increase in DDoS cloud attacks worldwide by 11% and by 54% in the US alone. Being extremely disruptive, DDoS can lead to loss of revenue, compensation costs, reputation damage, and more. Additionally, according to a report, the ransomware DDoS attacks in Q4 of 2021 increased by 175% in comparison to Q3 of the same year and by 29% in comparison to the same time the previous year.

When identifying DDoS attacks teams need to be on the look for:

Large amounts of traffic coming from a single IP address.
A surge in requests to a single endpoint.
Traffic patterns at an unusual time of the day.
Huge traffic coming from similar profiles — location, browser, device, and more.

MAN-IN-THE-MIDDLE ATTACK (MITM) ATTACK

Another popular type of cyber-attack is the Man-in-the-Middle Attack (MITM). In this case, a perpetrator intercepts an ongoing communication or exchange of data between two parties, such as a client and a host. The goal here can either be to eavesdrop or to impersonate one of the participants. Then — steal or manipulate data without them even realizing it. MITM attacks usually happen in two phases:

Interception — As the name suggests, this first phase includes the interception of traffic through the attacker’s network prior to it reaching the second party. Usually, hackers do that when they create an open Wi-Fi hotspot to which users can connect freely. When they do, they expose their personal data. Other approaches that might be taken during this first phase may include DNS spoofing, ARP spoofing, and IP spoofing.
Decryption — After the hacker reaches the victim’s data, it needs to be decrypted without notifying the application or user of the intrusion. Attackers can achieve that through SSL hijacking, SSL stripping, SSL BEAST (browser exploit against SSL/TLS), or HTTPS spoofing.

To stand a chance in front of MITM attacks, companies need to have implemented the necessary security practices and protocols, have a clear security plan in action, skilled talent, and have an allocated budget. Additionally, on a personal level, each team member needs to pay close attention to browser notifications reporting unsecured websites. It is also a must to avoid using public networks and connections that aren’t password-protected and always connect to the company VPN.

HYPERJACKING ATTACK

Hypervisors also often become a target of hyperjacking attacks. Only recently gaining popularity, hyperjacking as a term comes from the two words hijacking and hypervisor. During those attacks, intruders install malicious hypervisors which replace the original ones. They gain command and control of the Virtual Machines and then potentially of the entire VM server.

In September 2022 VMWare and Mandiant raised awareness of how real and dangerous hyperjacking attacks can be. Both companies stated that they have found malicious code inserted by hackers within their hypervisors, managing to bypass all adopted security measures. As a result, a speaker for VMware said: “While there is no VMware vulnerability involved, we are highlighting the need for strong operational security practices that include secure credential management and network security.” We can expect hyperjacking attacks to become a trend of the future as they are incredibly difficult to detect and offer hackers scale and leverage due to the large number of virtual machines the network of each organization can run.

Thus, one of Accedia’s projects includes the protection of internet-facing VMs by restricting access to them with a network security group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to a VM from other instances, in or outside the same subnet. To keep the machine as secure as possible, the VM access to the internet must be restricted and an NSG should be enabled on the subnet. VMs with ‘High’ severity are internet-facing VMs.

CLOUD MALWARE INJECTION ATTACK

The goal behind the injection of cloud malware is for hackers to eavesdrop, steal information, and manipulate data. They do that by creating malicious apps which then insert the malevolent service or code into the victim’s cloud infrastructure. Once injected, they alter and redirect the user’s original requests to the hacker’s module. This potentially creates an opportunity to exploit the service-of-cloud environment.

Some of the common cloud malware injection attacks are:

Cross-site scripting (XSS) — The attacker often chooses to manipulate more vulnerable and ill-protected websites, tricking them into returning a malicious JavaScript code to their users. In those cases, the perpetrators can take the cookies to access the victims’ accounts or mislead them into clicking infected links.
SQL injection (SQLi) — The attacker interferes with the SQL queries, made by the application, and gains access to data (passwords, credit card information, user information, or other sensitive data). Then deletes or causes changes to the application behavior or even harms the system’s server and backend infrastructure. There are different SQLi, including blind SQL injection, retrieving hidden data, database examining, and more.

WHAT RISKS DO CYBER-ATTACKS HOLD FOR BUSINESSES?

The severity of a cyber-attack can be measured by the impact it has on a business and its various aspects. Here are some of the main implications that weak Cyber Security can cause:

DAMAGING FINANCES

One of the first effects of cybercrime that comes to mind is always the possible financial damage. Just for reference, according to reports, global cybercrime is expected to cost $10.5 trillion by 2025. This can take many shapes and forms — paying fines, draining the company’s bank accounts, revenue loss, ransomware, drop in sales, decrease in company valuation, and more. And that is just the beginning. Let’s not forget the resources needed for immediate response and recovery, including investigation and analysis. Cybercrime can also affect a company’s revenue indirectly by losing a competitive advantage, customer trust, and operational momentum. Thus, taking the necessary steps to prevent and predict such events and investing in the company’s Cyber Security is always a winning practice.

RISKING INTELLECTUAL PROPERTY

A company’s intellectual property may include technologies, go-to-market strategies, product design, know-how, trade secrets, competitive advantages, and more. All extremely valuable assets, that if not protected correctly, are vulnerable to cyber-attacks. Still, to this day, the loss of intellectual property is one of the less obvious repercussions of cybercrime. Unfortunately, detecting viruses or malware can take time. According to IBM, the average time to detect a data breach in 2022 is 287 days. Shortening that time as much as possible is crucial as it gives less time for the hacker to either directly use the stolen information or sell it to a competitor. Once the data breach is discovered, the first thing a team needs to do is identify the thieves, recover the data if possible, and block the intruder. This eliminates the risk of further attacks. The second important step is to determine how exactly was the intellectual property stolen and how it can be modified to regain the competitive advantage. Thus, protecting intellectual property requires understanding where its vulnerabilities lie and recognizing the technologies and processes to comprehensively approach potential cyber threats in the future.

DISRUPTING OPERATIONS

Malicious activities can have a detrimental impact not only on the operations of a single company but also on entire economies in some cases. Such examples are the constant cyber-attacks on the Los Angeles port and more specifically on the software of the ships. The attacks halt operations daily due to ransomware, phishing, malware, and credential thefts. As of July 2022, the cyber-attacks over the port of Los Angeles are around 40 million resulting in processes and supply chain blockages.

The disruption of operations can happen in various ways — by erasing or stealing information, infecting systems with malware, or blocking access to systems. The damages may vary depending on the scope of the attack. Moreover, even once normal operations are resumed, IT teams need additional time to determine the root cause, evaluate security vulnerabilities and invest further in Cyber Security practices and technologies.

DAMAGING THE COMPANY’S REPUTATION

As Warren Buffet once said: “It takes 20 years to build a reputation and five minutes to ruin it.” Regardless of how satisfied a company’s client base is, it takes a single breach to damage the reputation of an organization. And this goes for customers, vendors, third-party suppliers, and investors. An example is the 2013 breach involving stolen credit card information of over 40 million customers of the US retailer Target. The inevitable loss of trust then resulted in the loss of customers, sales, and a reduction in profits. Losing sensitive data, especially in industries such as healthcare, insurance, or finance, damages the trust of clients and can have a long-lasting impact that some companies never recover from. On one hand, potential clients may view this as negligence and carelessness and would entrust a different company with their personal information. On the other hand, job applicants and employees would rather not associate themselves with a poorly regarded employer.

ACCEDIA’S INTERNAL CYBER SECURITY PRACTICES

We are aware that to provide Cyber Security services and assessments to our clients, Accedia needs to first and foremost be compliant with all industry standards internally. To help the team keep up with the latest news and trends in cyber security we create a monthly Security newsletter. It is distributed throughout the entire company, providing content on data loss prevention, fraud, technology, and cloud security. Here are more of the practices and competencies we have implemented and achieved in that area.

ISO 27001

Evidence of our dedication towards providing the necessary cyber security is Accedia’s compliance with the ISO/ IEC 27001:2013 standard. It’s a guarantee for establishing, implementing, maintaining, and continually improving the Information Security Management within the organization and striving to preserve the integrity and confidentiality of both the company’s and clients’ security. Additionally, the ISO/ IEC 27001:2013 standard helps to improve focus on data security tasks, mitigates damages, increases trust levels, and improves security awareness.

AUTOMOTIVE INDUSTRY SECURITY STANDARD — TISAX

Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for information security in the automotive industry. The TISAX label confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform. Accedia successfully achieved TISAX certification in 2022.

MICROSOFT GOLD SECURITY COMPETENCY

At the beginning of 2022, Accedia obtained the highest level of Security Competency by Microsoft demonstrating our goal to deliver the highest quality solutions to clients looking to protect their data while gaining full control of access management. By working with Microsoft platforms such as Microsoft 365 and Azure, the security competency provides:

Threat protection
Identity management
Information safeguarding
Security management, and more.

ACCEDIA CYBER SECURITY SERVICES

Driven by the goal to provide even better services to our partners, at the beginning of 2022 we started exploring further our Cyber Security capabilities and services. Its main goal is to develop and continuously maintain the needed skills of all security consultants within the company. One of our first success stories is the achieved certification in EC-Council — Ethical Hacker.

Another key part of our security services is driving different initiatives in the Cyber Security area. An example of such initiatives is the Accedia Cyber Security Hackathon, where participants try to “hack” (penetrate) some preconfigured environments and applicationс.

Last but not least, Accedia has started providing the service Security Vulnerability Assessment. We have already successfully executed several projects helping clients to better secure their applications.

CONCLUSION

With the exponential digitalization and cloud adoption, cybercriminals are constantly evolving their skills, capabilities, and the intelligence of their attacks. Being mindful of the severity they can have on a business application is crucial. It can help to adopt the right tools and standards and find the right security partner who can provide experience and knowledge into protecting your data.

If you are interested in learning more on the topic of Cyber Security, please don’t hesitate to reach out!

Note: This article was originally published on Accedia.com

This article is written in collaboration with Yordan Yordanov. Yordan is an Engineering Manager at Accedia with experience in managing projects and clients from various industries and sizes. Apart from his vast knowledge in Microsoft .NET technology stack and Cyber Security, Yordan is a skilled tennis player.