What kinds of technologies and attacks will threat cyber security in 2023? The Ministry of Science and ICT and the Korea Internet & Security Agency jointly published 2022 Cyber Security Threat Analysis and 2023 Cyber Security Threat Prospect.
2022 Cyber Security Threats
Cyber attacks causing national and social chaos
In 2022, global enterprises, government agencies, etc. have been globally damaged by continuous cyber attacks by global hacking groups such as LAPSUS$. In Korea, cyber attacks used accidents and incidents on which national attention has focused, such as the data center fire at Pangyo and Seoul Halloween crowd crush.
In addition, attackers extorted the official YouTube accounts of the government agencies and broadcasting companies, posted virtual asset videos, and distributed hacking e-mails impersonating government agencies.
Attacks using the changes in the IT environment such as telecommuting and cloud transformation
Since the COVID-19 outbreak, working environments has changed to non-face-to-face environments in which important data was divulged through infiltration into enterprises. As more and more enterprises use cloud and major systems are replaced by cloud, cloud security incidents are increasing. Representative security incidents include hacking into Alibaba Cloud leading to the divulgence of 1 billion users' personal information and the airport data divulgence incident resulting from Amazon Cloud setting errors.
Ransomware and DDoS attacks paralyzing the digital society
Security incidents reported to the KISA in 2022 increased by around 1.6 times year on year. 29% of the reports received were ransomware incidents. Small and medium enterprises and manufacturing businesses account for 88.5% and 40.3% of the total ransomware damage, respectively. It is necessary to expand security support for and investment in small and medium enterprises.
DDoS attacks are also continuously increasing. It was confirmed that most of devices used for such attacks were video storage media, set-top boxes, etc. infected with IoT malware.
2023 Prospect of Cyber Security Threats
An increase in global hacking groups' attacks threatening national industry and security
It is forecasted that global hacking groups will become more active and cyber attacks targeting global enterprises will continue with the prolonged Russo-Ukrainian War. In particular, it is predicted that attacks targeting virtual assets and cyber criminal organizations' activities will grow, including posting their attacks on social media.
Continued cyber attacks using sensitive cyber issues such as disasters and disabilities
Phishing, smishing, and advanced persistent threats using social issues are expected to grow and activities affecting the entire society with fake news using cutting-edge technology are prospected to increase as well. In addition, it is predicted that attacks using personal channels such as e-mail and social media will grow.
Evolution of ransomware armed with advanced persistent threats and multiple extortion
Ransomware attacks are evolving into advanced persistent threats (APT) which are a type of hacking technique to attack a specific target persistently with an advanced method.
Since attacks are evolving into multiple extortion such as the use of hacking e-mails, web server vulnerabilities, remote access, etc., the damage on back-up storage devices, and the threat against corporate customers with the restoration of encrypted files, the disclosure of divulged data, and DDoS attacks, it is necessary to take proper action against evolving ransomware attacks.
Increasing threats with cloud transformation in the digital era
The merits of cloud are that there is no physical limitation and it is easy to expand business. Therefore, the current trend is that many enterprises are replacing their on-premise environments with cloud. Security threats such as security vulnerabilities and data divulgence are revealed in the process of cloud transformation. Enterprises should formulate systematic cloud security management strategies and establish cloud security measures, taking into account their business characteristics and cloud operation types such as hybrid cloud and multicloud.
Growing threats and corporate SW supply networks getting more and more complicated
It is predicted that malware injection and source code extortion will increase since more and more SW developers are using development sharing websites such as Github.
With the increasing use of open sources, attackers may use the vulnerabilities of popular open sources such as Log4j or inject malware into libraries. They are also predicted to attack supply networks by directly infiltrating into SW development companies, forging update servers and source codes, and stealing certificates.
