Cybersecurity experts have warned that 2023 could usher in a new era of concerns over cyberattacks, which are expected to rise sharply this year as new threats emerge faster than ever.
"Myriad forces are causing the uptick in cyberattacks," John Wilson, a senior fellow responsible for Threat Research at Agari by Fortra and the head of the Agari Cyber Intelligence Division, wrote in Forbes last month. "The Russia-Ukraine war and rising poverty and food insecurity around the world are major contributors."
Wilson's warning comes as 2023 looks poised to become a record-breaking year for cyberattacks. According to an analysis by Cybersecurity Venture, the global annual cost of cybercrime could top $8 trillion in 2023.
That number could even underestimate the problem, according to numbers from Security Intelligence, who estimated that U.S.-based financial institutions alone lost close to $1.2 billion in ransomware attacks in 2021, an almost 200% increase over the previous year. If that rate increases at the same pace, global losses from cybercrime could be as high as $16 trillion in 2023.
CYBERATTACK ON MAJOR HOSPITAL SYSTEM COULD AFFECT 20 MILLION AMERICANS
However, financial institutions are not the only target for cybercriminals, who have used new technologies and exploited weaknesses in systems to target everyone from small businesses to individual people.
With those crimes expected to explode in 2023, here are five cybercrimes to be on the lookout for this year.
QR codes have become a common sight for users of smartphones in recent years, being used to quickly transmit data such as shipping information or a restaurant's menu.
However, experts are warning that malicious QR codes are on the rise, potentially exposing people to dangerous websites that could download their personal data or enable hackers to track their every move via apps that are geolocation-enabled.
"Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes," reads an FBI warning on the growing threat.
PRO-RUSSIAN HACKERS CLAIM CYBERATTACK ON FBI WEBSITE: REPORT
According to the FBI, the malicious codes could prompt users to a fake website or application to input log-in or financial information that would allow the attacker to easily steal money.
"Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim's mobile device and steal the victim's location as well as personal and financial information," the warning reads. "The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts."
To avoid falling victim, the FBI advises smartphone users never to download an application when prompted to do so after scanning a QR code. The agency also suggests staying vigilant of what links QR code scans prompt you to open and never to use third-party applications to scan codes, sticking instead to the built-in QR code scanning function native to your smartphone.
Ransomware attacks, which threaten to compromise a user's personal data or block access to it until a ransom is paid, are almost as old as the internet itself. However, experts are warning that the old tactic is expected to become a bigger threat in 2023, with cybercriminals adapting to the tools people have depended on to keep them safe.
"Ransomware is worsening, even more so than we predicted," Switzerland-based cybersecurity company Acronis warned in its 2022 Cyberthreats report.
RUSSIAN CYBERCRIMINALS ACCUSED OF HACKING AUSTRALIA'S LARGEST HEALTH INSURER
The report painted a grim picture for 2023, estimating that global ransomware damages will exceed $30 billion. Meanwhile, a Cybereason report this year found that roughly 73% of organizations were the target of at least one ransomware attack in 2022, up from 55% in 2021.
"Increasing complexity in IT continues to lead to breaches and compromises highlighting the need for more holistic approaches to cyber-protection," the Acronis report said. "The current cybersecurity threat landscape requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place."
Global supply chains that were severely hindered during the COVID-19 pandemic have been working to slowly recover, but 2023 will test them once again as cybercriminals look to take advantage of their vulnerability.
According to an analysis by BlackBerry, four out of five organizations faced threats to their software supply chain over the past year. The results of those vulnerabilities inflicted enormous cost, BlackBerry said, with 58% of those organizations facing operational disruptions and data loss, 55% experiencing intellectual property loss, and 49% suffering financial loss.
That problem is not going away anytime soon, BlackBerry Vice President for Product Security Christine Gadsby said, who warned organizations to be diligent in monitoring their own cybersecurity.
"Unknown components, and a lack of visibility on the software supply chain, introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property and operational downtime, along with financial and reputational impact," Gadsby said. "How companies monitor and manage cybersecurity in their software supply chain must rely on more than just trust."
A push by environmentalists to curb emissions by transitioning to electric vehicles has caused a boom in the EV industry, with electric vehicles becoming more mainstream over the last few years.
However, many of the vehicles contain technology that is vulnerable to attack by cybercriminals, who could target a vehicle's display, navigation, climate control, and even autonomous driving functions.
3 BIG MISTAKES THAT CAN GIVE SCAMMERS ACCESS TO YOUR BANK ACCOUNTS
"With new cars and electric vehicles being more connected and automated than ever before, they are also at higher risk of cybersecurity attacks," Steve McEvoy, vice president for automotive at Expleo, told Wards Auto earlier this year. "EV vehicles do not need to be inherently more at risk than a modern ICE vehicle – it is just that an EV vehicle to maximize its performance will naturally be using the most modern electrical architecture, including all manner of connectivity, which by its nature can create a greater level of risk."
Attacks on the nation's vulnerable electric grid could soon lead to power outages, fuel shortages and hinder energy production.
Russia's ongoing invasion of Ukraine has served as a case study in just how dangerous attacks on a country's power infrastructure can be, plunging Ukraine's civilian population into darkness and cold as brutal winter temperatures spread across the country.
Experts have warned for years that the U.S. electrical grid is increasingly vulnerable to attacks, whether it be a cyberthreat from a state actor such as Russia or an international terrorist group.
"Will it surprise me if at some point an electric company has an outage because of a cyberattack? No. If that doesn’t happen within the next five years, I’d be very surprised," Danny Jenkins, CEO of cybersecurity firm ThreatLocker, said in an interview with Forbes last year.
The Pentagon's Defense Advanced Research Projects Agency has been preparing for such a possibility since 2015, investing $118 million in a project called Rapid Attack Detection, Isolation and Characterization Systems (RADICS).
The program, which ran through 2020, offered 15 utility companies the opportunity to test for vulnerabilities and drill for the event of an attack in realistic scenarios, which experts called an eye-opening experience for the companies.
However, other experts argue the U.S. still has not done enough to prevent what could turn into a devastating attack.
"How at risk is this country? Maybe a better question is: How much have we done to prevent something like those scenarios at RADICS from happening?" Ang Cui, founder of Red Balloon Security, told Bloomberg earlier this year. "I think it’s pretty clear that we haven’t done nearly enough."