Cybercrime Shows No Signs of Slowing Down

Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.

3 Min Read
Hand on a keyboard overlayed with the image of the world, with a blue filter.
Source: Pablo Lagarto via Alamy Stock Photo

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterized 2022. Cybercriminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared.

2023 will see a continuation of these challenges, especially as bad actors continue to take advantage of the chaos caused by the expected backlash from Russia due to the Ukraine conflict.

The following cyberthreat predictions are based on key observations made by the Zscaler ThreatLabz research team, made up of more than 125 security experts with decades of experience in tracking threat actors, malware reverse engineering, behavior analytics, and data science.

CaaS Offerings Continue to Rise

Crime-as-a-service (CaaS) encompasses the full range of cyber threat service offerings, including ransomware-as-a-service, where developers outsource ransomware to their affiliates who execute the attack and share the profits, and phishing-as-a-service, where cybercriminals can buy grammatically perfect email templates, replicas of popular webpages, and more.

As threat actors seek to increase payouts, they will leverage more service model offerings to increase the effectiveness of their attacks and cut out the development time to quickly scale operations. CaaS also lowers the technical barrier to entry, enabling novice cybercriminals to execute sophisticated threats.

Supply Chains Bigger Targets Than Ever

Supply chain attacks occur when adversaries compromise partner and supplier ecosystems to reach their ultimate breach target and goals, such as executing a ransomware attack. Compromising a target's weaker suppliers is more accessible and has led to successful upstream attacks, which is why this tactic will likely increase in the future.

Dwell Time Decreases

Dwell time is the period between the initial compromise and the final stage of an attack — for example, the median dwell time for threat actors to deploy ransomware is now just five days, according to Mandiant. For most organizations, this is also the length of time an attack can be detected and stopped by defenders before it causes damage.

Attackers Rebrand

Malware families, ransomware gangs, and other cybercriminal associations reorganize themselves frequently.

GandCrab rebranded as REvil, the group responsible for the spotlight attacks on JBS and Kaseya. The old groups typically go dark after an incident, then a new group appears months or years later. Researchers eventually discern that it's basically the old group getting back together, with similar techniques and code styles giving them away.

They may rebrand because of new member affiliations to avoid criminal charges and to ensure they can secure cyber insurance payouts.

Endpoint Protection Won’t Be Enough

Threat actors will increase the use of tactics to bypass antivirus and other endpoint security solutions. In addition, their attacks will have an increasing focus on core business service technologies, like VMware ESX, for example.

Last fall, researchers observed attackers using new techniques to install persistent backdoors on ESXi hypervisors, a virtualization software and a primary component in the VMware infrastructure software suites for virtual machines.

Because of this, organizations will have an even greater need for defense-in-depth, rather than relying solely on endpoint security to prevent and detect intrusions.

Leaked Source Code Leads to Forks

Forked malware, of course, is just another variant that include updates with more sophisticated techniques. Sometimes the source code for a specific malware is leaked online by a researcher, as in the case of Conti ransomware.

Since Conti ransomware was leaked, for example, parts of the source code have been found in other types of ransomware, borrowed or repurposed by different developers.

Updated and forked versions of malware and other threats make it harder for defenders to detect, because there are so many variants using custom techniques to deploy the same attack. We expect such variants will continue to evolve at different rates.

Read more Partner Perspectives with Zscaler.

About the Authors

Emily Laufer

Senior Manager of Product Marketing, ThreatLabz, Zscaler

Emily Laufer has been in cybersecurity for eight years focused on advancing the fields of security analytics, orchestration, incident response, and threat research.

Deepen Desai

CISO and VP, Security Research, Zscaler

As CISO and VP, security research, Deepen Desai is responsible for global security research operations and working with product teams to ensure that the Zscaler platform and services are secure. Deepen has been a cybersecurity leader for 15 years, with seven of those years at Dell SonicWALL.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights