Happy New Year! With a new year comes new opportunities, new technologies, and of course, new cyberattacks. Cybersecurity is an ever-changing landscape, so there is no surefire way to know what we will have to be wary of in the future. However, we can look at trends from last year, helping predict what is likely to be common attacks and scams for this new one. Let us review what we expect to be the consequential cyberattacks and scams to be on the watch for in 2023.
First up, there will likely be a rise in attacks targeting 5G devices simply because 5G is still a relatively new technology, which inherently leads to more vulnerabilities. As exploits are discovered, patches will be created to fix them, so the best thing you can do is keep your 5G devices up-to-date!
Theft of OTPs and MFA Spamming
We are quick to share the benefits of MFA (multi-factor authentication) as an excellent tool for cybersecurity. Unfortunately, hackers will never stop looking for ways to get around cybersecurity, and they have recently found a few to circumvent MFA. This is primarily through the theft of OTPs (one-time passwords). The most effective form of this that hackers employ is phishing attacks tricking users into giving up their OTP. Alternatively, when using push notifications for MFA, if a hacker manages to steal a user's password, they will often spam that user with push notifications until the user accepts one to get them to stop. It should go without saying that you should never accept a push notification that you did not request. If you are receiving unsolicited push notifications, you should immediately change the password on the account you are receiving them from.
Phishing using Urgency/Confusion because of Tragedies
Natural disasters and major world events can often be tragedies, and hackers often try and take advantage of the fear and confusion they create to scam more people. The COVID-19 pandemic, the war in Ukraine, and hurricane Ian all saw massive phishing campaigns follow in their wake, trying to take advantage of both people looking for help and those looking to provide aid. Remember to carefully vet any emails you receive, especially if they are unsolicited. (link to phishing blog)
Smishing - Text Message Phishing
Phishing has always been a major threat to cybersecurity, and it is only getting worse. The advancement of AI and machine learning is also being used for nefarious purposes, such as developing phishing emails that are much harder to detect. And phishing attacks are not limited to just emails either. Smishing attacks are much like phishing but through SMS in order to target mobile devices.
Hackers may never rest, but cybersecurity is constantly advancing to stay ahead of them. So long as we continue to practice best cybersecurity practices and stay vigilant of potential threats, we can greatly reduce the potential of being the victim of a cyberattack. Stay safe out there this year.