This is what Contrast Security experts see when they gaze into the cybersecurity crystal ball: Crooks will exploit the security and privacy vacuum at Twitter to turn it into a cyberattack platform. A major public cloud platform will be used to island hop so as to launch ransomware attacks on its customers. As you read this, more malware like the Denonia cryptominer is under development and will be unleashed on the serverless environment in the new year.
Mind you, those are just a few of the 2023 cybersecurity bombshells we should expect and prepare for, as predicted by Contrast Security Senior VP of Cyber Strategy Tom Kellermann.
Read on for more 2023 predictions and his rationale.
Denonia — a serverless cryptominer discovered by Cado Security in April 2022 that was the first publicly known case of malware specifically designed to execute in an AWS Lambda environment — won’t be the last malware that’s custom-made to prey on the serverless environment.
The number of targets in the space keeps growing, with a steady stream of businesses moving to serverless. Those businesses often presume that they’re protected by cloud providers (not necessarily!) and/or by the notion that serverless malware is more complex to create than traditional malware.
Maybe it is complex to create another Denonia, but conditions are ripe for adversaries to do so.
The way Kellermann sees it, Denonia was incubated inside an axis of rogue nation states: Iran, North Korea, China and Russia. Those nation states’ intelligence agencies and cybercrime cartels all share information with each other. This nexus is where the cyber criminals act as cyber militias, creating the R&D behind zero days such as the next Denonia or behind devastating island-hopping attacks such as SolarWinds or Kaseya.
“Much like the group behind Denonia, there are groups working on the next cloud-native malware,” Kellermann says. “Because of this, we will see attacks on companies that have moved to serverless environments.”
Don’t assume that public cloud providers can defend against the evolving threat landscape, he warns: “Developers will still be on the hook for securing serverless functions, and we will see more defenses created in 2023.”
The Pax Mafiosa has created such a fog of cyber war that cybersec defenders don’t even know who they’re hunting for, Kellermann asserts. One thing we do know: Denonia wasn’t created in a vacuum. Kellermann believes that there are people working on creating a new Denonia right now, even as you’re reading this.
Who will be the targets? Kellermann predicts that Twitter and a public cloud provider are both in the crosshairs when it comes to island-hopping attacks and Open-Source Software (OSS) zero days.
2. Twitter will become a cyberattack platform
Kellermann thinks Twitter’s likely to be turned into a cyberattack platform given that it’s enshrouded in its own fog — of disorder, if not straight-out cyber war — in the wake of Elon Musk’s tumultuous takeover.
“The massive reduction in the labor force and the recent resignations by [Twitter’s] C-level cybersecurity and privacy executives will create a vacuum,” Kellermann suggests. “Lack of investment in cybersecurity and content moderation will allow for cyberspies and cartels to launch targeted cyberattacks from the platform. Confusion over security policies and new management of the platform will be used by attackers to drop payloads and attacks, not just disinformation.”
Mind you, the disinformation will also get worse, as exemplified by the onslaught of scammers gleefully milking the $7.99 Twitter Blue paid verification check mark Musk rolled out, promptly snuffed and then promised to resurrect.
Besides Twitter, adversaries will focus on a big public cloud provider's environment. Think Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP): Kellermann forecasts that malicious actors will target one of them and use the platform to island hop and to launch ransomware attacks against its customers. “We will see a large public cloud provider be infiltrated and used as an island-hopping platform to launch attacks against their clients,” he says. “Cybercriminals and spies will continue to escalate their conspiracies by compromising public cloud infrastructure.”
If it happens, you’ll fare better if your organization has prepared data to be safe in the cloud — after all, public-cloud customers face unique challenges when it comes to securing serverless applications, such as those built with AWS Lambda.
To harness the power of serverless environments while still avoiding security risks, Contrast recommends securing applications from start to finish in the Software Delivery Life Cycle (SDLC): That means protecting code from the start, while it’s in development, when it reaches the cloud and on through production.
3. Regulations-R-Us
We’ve already seen the Feds move to suppress more world-shaking attacks like SolarWinds and Log4Shell. President Biden’s 2021 Cybersecurity Executive Order, meant to secure the supply chain, led to the M-22-18 memo from the Office of Management and Budget (OMB). M-22-18 will require, by the end of 2023, that virtually all software producers create Software Bills of Materials (SBOMs) and attest to their software security practices.
“After attacks like SolarWinds and Log4Shell, moving into 2023, the software industry will realize that cybersecurity incidents start in the software development process and supply chain,” says Contrast Co-founder and CTO Jeff Williams. “That means that during 2023, anyone building software will have to ensure that all the details of their app/[application programming interface, or API] security program are ready to be released in public. This includes security testing results, open-source security, runtime protection details and much more.”
Given the sophistication of recent software supply-chain attacks — with cybercriminals laying siege to software development, integration and delivery infrastructure — ensuring software integrity has become “paramount to protecting systems’ from systemic cyberattacks in 2023,” Kellermann asserts. “More zero-days in OSS are coming.”
To that end, expect to see regulators ramp up activity yet more in 2023, he predicts. “We will see more regulation from the [Securities and Exchange Commission (SEC)], the [Federal Trade Commission (FTC)], the [Federal Deposit Insurance Corp. (FDIC)] and the [Cybersecurity and Infrastructure Security Agency (CISA)] that require enhanced reporting and more transparent software supply-chain security. Companies will be forced to be transparent about their security practices in the new year as continuous monitoring will expand into development.”
4. Virtual currency exchanges will bleed crypto
Wouldn’t you expect that post-FTX, traditional banks would be treating decentralized finance (DeFi) platforms like the plague?
U.S. corporate restructuring expert John Ray — who worked on the Enron bankruptcy and who’s now heading up the bankrupt crypto exchange FTX — said in November that the colossal collapse of the giant digital currency exchange was an “unprecedented failure.” … as in, even worse than the cluster-muck that was Enron.
Regardless, traditional finance isn’t treating DeFi like the plague. Quite the opposite. As Coin Telegraph reports, as of mid-November, traditional financial institutions were still coming up with ways to use DeFi capabilities, in spite of current market conditions.
The unrelenting faith in DeFi must be sweet news to cybercrooks: As it is, they’re already been picking apart vulnerabilities in DeFi platforms to steal investors’ cryptocurrency.
In late August, the FBI warned investors that cybercriminals are dissecting smart contracts: the self-executing contracts that contain the terms of the agreement between buyer and seller, written directly into lines of code that exist across a distributed, decentralized blockchain network.
Cyber criminals are exploiting not only investors’ persistent interest in cryptocurrencies. They’re also exploiting the complexity of cross-chain functionality and the open-source nature of DeFi platforms, the FBI said.
According to the blockchain analysis firm Chainalysis, in the first three months of 2022, cybercrooks stole $1.3 billion in cryptocurrencies — nearly 97% of it taken from DeFi platforms — by exploiting multiple vulnerabilities.
Expect cyberattacks against virtual currency exchanges to “explode due to the viability of application attacks against DeFi platforms.” Kellermann predicts.
Stay tuned and stay prepared. While you’re gearing up for the new, renewed and refurbished cybersec challenges the new year will throw at us, you can also check out Jeff Williams’ Application Security (AppSec)-focused predictions. Forget “shift left,” Williams asserts — it’s better to shift smart!
Click here to see what else Williams thinks is in store for developers in the new year.
