The CyberArk Labs research team has analyzed how attacks will evolve and to what extent they will alter the cybersecurity landscape of the next 12 months. According to these experts, “the race in cybercrime” will begin this year, thanks to the commodification of credentials.
Hence future cybercriminals who lack skills or time will be able to navigate the market, fill their carts with cheap lists of Stolen credentials and cookies, standard ransomware, phishing, exploit kits, etc., without the need to verify or carry out attack legwork. In this environment, MFA and two-factor authentication will not suffice. Although there will be a silver lining to security teams taking a security approach defense in depth: In a hurry to become a millionaire quickly, many cybercriminals will make rookie mistakes and make too much “noise” on the Internet, which will end up thwarting their plans.
Web3 on Blockchain Promises Enhanced Privacy and Higher Payouts
Today, four in 10 consumers feel unable to protect their personal data. The need for greater data transparency and greater personal control will be strengthened in 2023, accelerating the global push for Web3 (also known as Web 3.0) in blockchain.
But as the technology infrastructure becomes more decentralized, the attack surface for financial applications will expand significantly, while the implementation of security practices will be delayed. Cybercriminals will use this to their advantage to target the cryptocurrency arena, taking inspiration from the 2022 Ronin crypto heist, which amounted to $615 million (about 552 million euros).
The goal: session cookies
The good news is that most organizations view multi-factor authentication (MFA) as a must for their business applications, which means that most users must have a stronger password and fill out a complex secondary authentication system before establish a web session. The bad news is that attackers are getting more sophisticated in capturing session cookies, which allow access to these third-party applications to bypass both primary authentication and MFA and account hijacking.
Therefore, as organizations continue to adopt more SaaS applications and consolidate them in the browser, session cookies will become even more critical and vulnerable. And as the Genesis Store and other websites that specialize in stolen session cookies are gaining popularity, cybercriminals will be looking for new ways to automate and further scale these types of attacks in order to increase their profitability.
