The Evolution of Cyber Threats: Trends and Predictions for 2023


Cybersecurity has been elevated to the top of the agenda for Southeast Asia’s organisations and governments in recent years. The region is home to some of the largest and fastest-growing digital markets in the world, providing the impetus for its digital economy to reach a staggering US$330 billion by 2025. Gaps in cybersecurity have emerged as a result of rapid digital transformation, making the region highly attractive to cybercriminals and today, a hotspot for cybercrime.

This trend is expected to persist as digitalisation remains central to the growth strategies of Southeast Asian economies. Moving ahead, we anticipate threat actors to adopt increasingly sophisticated methods and deploy attacks in tandem with current trends to maximise success rates.

Building a strong line of defense against cyberthreats should still very much remain top of mind for organisations across the region.

Vedere Labs have put together 5 of the biggest threat and security challenges organisations should be aware of as we progress into the new year.

1, Ransomware groups will increasingly target IoT devices and continue evolving their extortion campaigns

Ransomware remains one of the main threats faced by modern organisations, and is set to increase in complexity. Following increasing adoption of IoT devices in the enterprise, we are observing ransomware groups targeting vulnerabilities in connected devices for initial access, allowing them to launch further attacks on other areas of the organisation’s network.

Notable examples in 2022 have been the activities conducted by Lorenz and Deadbolt ransomware groups who exploited flaws in VoIP and NAS systems respectively. Additional research by Vedere Labs have identified IP cameras, VoIP, and video conferencing systems as IoT devices that pose the highest levels of risks for organisations, usually compromised as a result of weak credentials or unpatched vulnerabilities

In 2023, we can expect attackers to develop and adopt more sophisticated and effective extortion techniques, leveraging exposed devices with weak security postures for espionage, distribution, financial gain, or on critical devices for impact. Security teams will also need to be prepared to defend against the multiple extortion methods increasingly utilised by ransomware groups such as ALPHV, where data is both exfiltrated and encrypted to maximise impact.

2, State-sponsored actors will continue to expand their arsenal with new sophisticated malware.

In 2022, we witnessed the rise of state-sponsored actors deploying ransomware for financial gains or to facilitate espionage activities, with examples such as Bronze Starlight, Maui, and H0lyGh0st. This points to a trend that can have dire consequences for cybersecurity. These state-sponsored actors typically have far more funding and resources at their disposal than their regular counterparts, and thus have the ability to cause greater disruption that goes beyond exfiltrating or encrypting files.

In 2023, we expect these state-sponsored actors to continue to expand their arsenal, targeting other types of devices in espionage or disruption campaigns. Examples in recent years that demonstrate the outsized impact that state-sponsored malware can deliver include AcidRain which is designed to wipe modems and routers and iLOBleed which obstructs firmware updates. We have also observed the emergence of Industrial Control System (ICS) specific malware in the form of Industroyer2 and INCONTROLLER, which could point to a focus on Operational Technology among threat actors looking to cause real-world disruption.

3. Attacks on critical infrastructure will continue to increase.

There has been a rise in attacks on utilities and critical infrastructure organisations in 2022. These attacks either targeted OT systems directly, or were facilitated by ransomware starting on the IT network.

Designed to operate in isolation, the increasing convergence of IT and OT networks for enhanced efficiencies has created significant risks for organisations. This convergence has enabled threat actors that have gained access into organisational networks through vectors such as compromised IoT devices to move laterally to other connected IT or OT devices for further attacks. A Vedere Labs’ study also found OT vulnerabilities caused by insecure design to be prevalent today, affecting products from some of the largest manufacturers of OT products today.

With ransomware attacks set to be one of the leading cyber threats to organisations, we foresee similar attacks on critical infrastructure happening into 2023. A key differentiator will be a focus among threat actors on the exfiltration and extortion of data on critical infrastructure instead of encryption, with LockBit 3.0 being a prime example. The leaked data could also be re-used for disruptive OT attacks by other groups, increasing the risk to organisations.

4. Hacking groups that either appeared or became more active during the Russia-Ukraine conflict will continue to act regardless of how the war goes on.

The conflict between Russia and Ukraine has spilled into the digital space, prompting the rise of new hacking groups and existing cybercrime gangs that focused on politically-motivated attacks. According to our research, most of these attacks come in the form of distributed denials of service (DDoS), but also include data breaches, data wipers and psychological operations, such as distributing propaganda.

We have observed more than 100 groups conducting cyberattacks since the outbreak of war, with some of these groups being hacktivists such as Killnet, state-sponsored entities such as Sandworm, and ransomware gangs such as Conti. Regardless of the conflict’s outcome, we anticipate these groups to remain active, continuing their attacks on politically motivated targets or look to other sectors they can most effectively monetise their offensive cyberattack skills honed during the war.

5. Medical device cybersecurity challenges will persist.

With the increased adoption of Internet of Medical Things (IoMT) devices, attack surfaces have been expanded and cybercriminals can leverage on devices being poorly segmented and run-on legacy software to carry out attacks. According to Vedere Labs, electrocardiographs, CT scanners, imaging devices, medication dispensing systems and DICOM workstations were amongst Asia Pacific’s riskiest connected medical devices. This is particularly dangerous for healthcare organisations due to the potential impact on healthcare delivery and patient safety.

Moving into 2023, the challenges that come with medical device security are set to remain – and we may go as far as to see attacks not only spill over to medical devices but actually target them due to their insecure designs. Further, Deloitte estimates that 70% of medical devices will be connected by next year – further making cybersecurity for healthcare IoT an industry focal point.

Preparing for the New Year

The threat landscape will continue to become increasingly complex but, one thing that will remain constant is that preparation is key. With Southeast Asia remaining very much a hot spot for cyberattacks, organisations need to not only remain vigilant in carrying out cyber hygiene practices, but also have a reliable action plan to stop the new generation of attacks.

Effective protection means continuous cybersecurity innovation and improvement to defend against nascent threats that may arise. While current economic uncertainties and the ongoing cybersecurity talent crunch in the region may introduce challenges, implementing the right solutions can ease internal pressures and vastly improve an organisation’s overall security posture.

Beyond traditional cyber hygiene practices, processes such as asset inventory, patching, credential management, network segmentation, as well as automated visibility and monitoring solutions must be implemented to eliminate cybersecurity blind spots. These measures should also be extended to encompass the organisation’s entire digital terrain for comprehensive security.