Cybersecurity Attack Trends to Watch Out for in 2023

5G Device Cyber Attacks

For several years, the world has been buzzing about 5G, and it’s finally beginning to fulfill the promise of lightning-fast internet speed. As providers build the IT infrastructure, expect it to become a hot spot for attacks.

Bad actors are looking to take advantage of the 5G hardware used for routers, PCs, and mobile devices. Anytime you have a new technology such as this, it typically has some code vulnerabilities. This is exactly what hackers look for to exploit.

Prepare for these attacks by being aware of the firmware security in the devices you purchase. This is especially true for those devices enabling 5G. Some manufacturers build better firmware security into their designs than others. Be sure to ask about this when buying new 5G devices.

One-time Password (OTP) Bypass

This alarming new trend is designed to bypass one of the best methods of account security, Multi-factor authentication (MFA). MFA is known for preventing fraudulent sign-in attempts. It can block account takeovers even if the cyber criminal has the user’s password.

There are a few different ways hackers can attempt to bypass MFA. These include:

• Reusing a token: The bad actor gains access to a recent user One-Time Password and attempts to reuse it
• Sharing unused tokens: The hacker uses their personal account to get a One-Time Password. Then they attempt to use that password on a different account.
• Leaked token: Using a One-Time Password token leaked through a web application.
• Password reset function: The hacker uses phishing to trick the user into resetting their password. From here, they fool them into handing over their OTP via email or text.

World-Event Based Attacks

During the pandemic, cybercrime increased by roughly 600%. Large criminal hacking groups have realized world events and disasters are perfect windows of opportunity for capitalizing on profits.

They take advantage by launching phishing campaigns for these world events. Attacks will surface for everything from the latest hurricane or earthquake to the Ukrainian war. Unsuspecting people will often fall for these scams because they are distracted by the crisis.

People must be especially mindful of scams surrounding events like these. Bad actors will often use social engineering tactics like sad photos or “GoFundMe” pages describing tragic stories to play on emotions.

Mobile Device Attacks & Smishing

Mobile devices follow us just about everywhere we go these days. Cybercriminals love this ongoing direct connection to a potential victim. This is why mobile device-based attacks, including SMS-based phishing (aka “smishing”), are constantly emerging.

Many people are surprised to receive scam text messages to their personal numbers. But unfortunately, cellphone numbers are no longer as private as they once were. Hackers can easily buy lists of them online or on the dark web. Then they compose convincing fake texts to look like legitimate shipping notices or receipts. One wrong click on one of the embedded links is all it takes for an account or data breach.

Another cellular device attack to watch out for is mobile malware which is also increasing. During the first months of 2022, malware targeting mobile devices increased by nearly 500%. This is why ensuring that you have adequate mobile anti-malware and other protections on your devices, such as DNS filtering is vital.

Elevated Phishing Using AI & Machine Learning

These days, phishing emails take more effort to spot. In the past, you could easily identify which email was a scam since it almost always had spelling errors or grainy images. While some still do, most don’t.

Cybercriminal groups elevate today’s phishing using AI and machine learning. Not only will the email look identical to a real brand’s emails, but it is also typically personalized. Hackers use these scamming tactics to capture more victims. These tools also enable hackers to deploy more targeted phishing email messages in less time than in previous years.