TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

5 Cybersecurity Predictions for 2023

2022-12-05 · Read original ↗

ATT&CK techniques detected

11 predictions
T1486Data Encrypted for Impact
99%
“##ltrating ( stealing ) data. once they have their hands on it, they then have multiple ways in which they can monetize their efforts. aditya sood, senior director of threat research in f5 ’ s office of the cto, has recently uncovered a growing trend in ransomware directly target…”
T1486Data Encrypted for Impact
98%
“##lnerabilities, the best chance to detect the attacker is to have visibility into the internal ‘ east - west ’ traffic between software components and services ‘ inside ’ the application, as well as how those components interact with the underlying platform ( iaas ). today, thes…”
T1195.001Compromise Software Dependencies and Development Tools
91%
“and apis ), threat actors will naturally look toward other vectors. increasingly a preferred vector is the use of third - party code, libraries, and services within an application. as much as 78 % of code in hardware and software codebases is composed of open source libraries and…”
T1621Multi-Factor Authentication Request Generation
90%
“occurred in real time, the method of mfa used made little difference — sms messages, mobile authenticator apps, and even hardware tokens. none were able to thwart real - time phishing proxies. since 2020, we ’ ve also reported on the growing trend of mfa bypass techniques, from s…”
T1621Multi-Factor Authentication Request Generation
88%
“out of frustration. this type of attack presents an immediate risk to companies as employees are the most vulnerable threat vector to social engineering attacks. along with that, mfa is a key security control used to prevent unauthorized access to critical assets. oftentimes comp…”
T1556.006Multi-Factor Authentication
69%
“occurred in real time, the method of mfa used made little difference — sms messages, mobile authenticator apps, and even hardware tokens. none were able to thwart real - time phishing proxies. since 2020, we ’ ve also reported on the growing trend of mfa bypass techniques, from s…”
T1556.006Multi-Factor Authentication
68%
“the available api endpoints, details on acceptable parameters, authentication and authorization information, and so on. however, many organizations do not have an api inventory, and for others, apis in production and benefiting from continuous development will drift far from thei…”
T1556.006Multi-Factor Authentication
64%
“out of frustration. this type of attack presents an immediate risk to companies as employees are the most vulnerable threat vector to social engineering attacks. along with that, mfa is a key security control used to prevent unauthorized access to critical assets. oftentimes comp…”
T1525Implant Internal Image
60%
“1 : shadow apis will lead to unforeseen breaches application programming interfaces ( apis ) are exploding in popularity. the convergence of mobile apps, data sharing between organizations, and ever - increasing application automation all contributed to 1. 13 billion requests bei…”
T1525Implant Internal Image
52%
“, since the crypto - key used to authenticate users is based on the website address they are visiting. 2 it remains to be seen how quickly this new technology will be adopted by the average user. prediction # 3 : troubles with troubleshooting predicting security incidents with cl…”
T1657Financial Theft
41%
“##ams and downstream fraud ( e. g., applying for new credit cards ). these scams are getting more credible and, while they still contain obvious mistakes to the trained observer, will likely be quite successful ; the juice will definitely be worth the squeeze for the attackers. f…”

Summary

F5 Labs and experts across F5 share their experience from the past twelve months to predict what might be the biggest causes for concern in 2023.