Marked with an unceasing flow of cyberattacks, 2022 confirmed cybersecurity isn’t nice-to-have paranoid bells and whistles. As companies expand their digital footprints, breaches involving mobile devices have increased by 22% in the last year1, and 95% of organizations observed attempts to compromise their applications2. International extortion-focused hacker group Lapsus$ alone has breached Okta, Nvidia, Ubisoft, T-Mobile, Microsoft, and Uber.
In the last couple of years, cybersecurity editors understood the needs for unification by providing advanced integrations with their digital ecosystem or even offering all-in-one solutions. But the fact that companies are now mostly equipped with cybersecurity tools and are still falling victims to hackers has us wondering: Has agility been prioritized over efficiency?
“IT security teams are teared between their strong belief cybersecurity should be reinforced, and the lack of funding, time, and human resources at their disposal to achieve their vision. As a result, many of them go for the easiest to deploy and less time-consuming solutions. But prioritizing simplicity comes with great risk. Unfortunately, this situation often unwillingly ends up with companies choosing solutions that tick the boxes of a cybersecurity checklist, but greatly lack of effectiveness when it comes to detecting and blocking threats. This is illustrated by many companies being breached by hackers while having cybersecurity solutions in place. This year, I believe technology efficiency will be a number 1 priority when defining strategies and selecting cybersecurity tools.”
Clement Saad, CEO and Co-funder of Pradeo
1. Clones and counterfeit mobile applications will thrive, even on iOS
Studies show mobile applications are not usually secured against cloning and code injection. As a matter of fact, even hackers with basic knowledge can clone mobile applications from their binary file, by using ready-to-use tools available online. Cloning or impersonating an app is common practice, and is usually performed to:
- Offer free subscription to paid applications by bypassing payment portals. These are called modded apps.
- Steal users’ credentials and critical data to compromise their account, company network, etc…
- Spread banking trojan by usurping a trusted name and visual identity.
Sideloading clones and fake apps on Android has always been easier than on iOS, but new iOS installer TrollStore seem to have changed the game. TrollStore was released last September and affects all iOS versions between iOS 14.0 and iOS 15.11. Before TrollStore, iOS users who wanted to install modded applications had to jailbreak their devices. With this tool, they can now install any app on their non-jailbroken device permanently.
As a result, a whole new attack surface has emerged in the iOS environment and will keep growing in 2023. We expect to see similar tools published online shortly as well as an increase in business applications’ clones being used to attack global organizations.
2. The golden age of social engineering
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. It is versatile, cheap, and accessible even to scammers with limited knowledge of information technology.
Last August, Cisco revealed details about an attack that occurred in May on their systems. “After obtaining the user’s credentials, the attacker attempted to bypass multifactor authentication (MFA) using a variety of social engineering techniques, including voice phishing (vishing) and MFA fatigue, the process of sending a high volume of push requests to the target’s mobile device until the user accepts,” wrote the Cisco Talos team on its blog.
Obtaining the credentials of one user is enough to gain a fraudulent access to the entire network of its organization. In 2023, mobile phishing using SMS (smishing) will be a leading factor in compromising identities. Besides improving their messaging, attackers will also increasingly rely on:
- Counterfeit apps (clones) that are disguised malware
- Audio and video deep fakes
3. 2FA will keep failing
Online transactions nearly always require at least a two-factor authentication. To do so, organizations favored options are to authenticate users through a one-time-password sent by SMS, or through a push notification request. The purpose of such a mechanism is to prevent fraud and data theft.
While 2FA started to show weaknesses years ago, recent events have put it on the spotlight. In the past year alone, several major companies including Uber and Okta were impacted by security breaches involving one-time passcodes.
Those real-life examples prove that hackers are acquainted with social engineering techniques such as spamming the employees attacked with push alerts until they accept, or in possession of malware such as screenlogger to intercept the temporary security codes. In 2023, we expect companies to reinforce their security by moving to stronger authentication methods.
4. Man-in-the-Middle attacks won’t get old
The normalization of remote and hybrid work has caused a resurgence of Man-in-the-Middle attacks post-covid. Over the last year, we have observed a 96% increase of Man-in-the-Middle attempts on the mobile devices we protect globally.
The MITM technique implies that an attacker secretly intercepts and relays messages, while also altering them sometimes, between two parties. MITM attacks are one of the oldest forms of cyberattack.
Peaks in the number of attempts are correlated with conference and travelling periods. This upcoming year, we expect a steady growth of Man-in-the-Middle attacks and call for a special vigilance in that regard. It is advised not to connect to public networks and especially not to handle sensitive data or make transactions if you connect to them without a proper protection.
5. Securing applications will become more agile
Identifying and remediating vulnerabilities in an application is an integral part of development cycles. Yet, industry professionals say that integrating source code analysis into software development cycles is often difficult and time consuming. Indeed, sorting out critical vulnerabilities among a thousand of them is like looking for a needle in a haystack.
As organizations are pushing to adopt the latest practices of DevSecOps to ensure compliance with security standards and thwart growing attacks target applications, application security professionals will demand tools that ease vulnerability management. Specifically, they will require automated vulnerability prioritization based on risk levels and remediation guidance that goes further than just providing general tips.
This will result in appsec solutions shifting toward more agility and intuitiveness to save some precious time for developers, pentesters, auditors and devesecops teams.
To strengthen their cybersecurity posture against tried and tested attack methods as well new techniques, we expect organizations to position technology excellency as one of their main adoption criteria, alongside agility. To do so, they will naturally lean towards offers that combine efficiency and simplicity, such as managed SOCs, and towards cybersecurity editors that have a specific expertise with comprehensive portfolios and integrations.
2. Radware study