How Are Cybercriminal Tactics Evolving in 2023?
Many people believe that artificial intelligence could drastically change both cyber security methods and how cybercriminals attack businesses in 2023. In fact, the link between artificial intelligence and cyber safety is one of the most discussed technology topics at the moment, as commentators struggle to decide whether the impact will be good or bad.
There is evidence that artificial intelligence could aid both cyber security technicians and cyber hackers. But how do we expect cybercriminal tactics to evolve in 2023, and how do we protect businesses from cybercriminals, as they get better at cyber espionage?
What Hase Cyber Attacks Looked Like So Far?
Initially, many commentators said that artificial intelligence would help cyber security programs and measures fight off malware and other cyber attacks. However, in 2023, we are still seeing rates of cyber attacks rise, particularly against large businesses. So far this year, we have already seen large and significant cyber attacks against large corporations and businesses which have been significantly damaging to that business. But can we study these attacks to predict how cyber attacks will evolve during this year, and after that?
Here are some of the largest cyber attacks that have happened recently:
Luxottica – May 2023
Luxottica is one of the largest and most popular eyewear brands in the world and owns Ray-Ban and Oakley. It is an industry leader when it comes to eyewear, working closely with fashion giants such as Armani, Versace and Dolce & Gabbana in order to design sunglasses and prescription frames. In recent years, it has suffered many cyber attacks, the most severe of them all starting in August 2020 which was thought to have stolen over 800,000 confidential patient records.
However, in May 2023 cyber researchers found that there have been multiple breaches over the years, resulting in the loss of 305 lines of data. While this may not seem like a lot, these 305 lines of data made up 74.4 million unique email addresses and personal data about their customers. Like most information, it was sold on the dark web, and according to the hacker, it included millions of full names, email addresses, home addresses and dates of birth.
The firm has got both the FBI and the Italian Police involved, who are looking for the perpetrator(s) who have been attacking the company over the past couple of years.
AT&T – March 2023
AT&T is pretty much a household name, especially if you live in America. The telecom giant has reported that over 9 million customers’ sensitive data has been taken due to a severe third-party data breach. A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organisation that is involved with the main organisation in order to steal information from the larger company.
Over 9 million breached records have been sold on the dark web, including AT&T customers’ names, wireless account numbers, phone numbers and email addresses. While this is a severe breach, it has been confirmed by cybersecurity experts that no financial data such as social security numbers or bank information has been compromised. Had AT&T’s cybersecurity defences not been up to scratch, this could have been a much worse attack.
Because telecommunications companies are a lucrative target for hackers seeking financial information, we could possibly see more attacks of this kind going forward into 2023, as a huge giant like AT&T has been attacked.
T-Mobile – January 2023
In terms of cybersecurity, T-Mobile has not had a great deal of luck in 2023. In March, they announced their second data breach of the year, with the first occurring in January. In January, T-Mobile announced that a whopping 37 million customers had their data stolen by a bad actor. Although no financial data was stolen during the January attack, names, addresses and email addresses were leaked due to the impacted API. After an attack of this large scale, T-Mobile invested heavily in its cybersecurity protection. Due to the measures they had implemented, they were able to track another bad actor which had stolen 836 customers’ information in March.
While this number pales in comparison when compared to 37 million customers, it is concerning that malicious actors are able to infiltrate a company of that size twice within the space of a couple of months. T-Mobile has fallen victim to 9 cyber attacks since 2018 – what could this tell us about the future evolution of cyber security?
What Do These Cyber Attacks Tell Us About Cyber Evolution in 2023?
One of the main ways we can assess how cyber security may need to evolve over time, with and without artificial intelligence, is by studying recent cyber attacks. Is there any way that artificial intelligence and machine learning could affect business cyber security? Here are the three main takeaways we can take from studying the evolution of cyber safety in 2023:
Unrelenting
One of the main trends we can see emerging by analysing cyber security breaches this year is how unrelenting cyber attacks are becoming. In two of the cases above, their systems were subjected to sustained attacks over a long period of time – T-Mobile has been breached 9 times since 2018. We can see that cyber hackers are specifically targeting certain organisations and are doing so over a prolonged period of time – could cyber security methods change by analysing these attacks and ensuring protection and analysis is happening at all times?
Sophisticated
In all of the cases above, each organisation is a well-respected multi-million dollar corporation, yet they have been breached by cybercriminals. These are not companies or organisations that cannot afford adequate cyber security, so the question remains to be asked – is this due to the high sophistication of the attacks, and how quickly the cybercriminals can learn how to change their attacks to bypass cyber security measures? Could manual machine learning or artificial intelligence help businesses predict how cyber attacks will evolve over time?
Adaptable
Cyber attacks in 2023 are ever-changing – as quickly as the cybersecurity measures, procedures and technology seem to evolve, so do the cyber attacks. It almost seems as if business cyber security and cyber hackers are in a race, trying to outdo each other. It has also been predicted that whole artificial intelligence could help cybersecurity measures evolve, it could also help cyber hackers. It would be important to keep an eye on this going into 2023.
Final Thoughts
There seem to be a lot of different methods being used to steal data from corporations in 2023, with ransomware being a particularly popular attack. Despite its popularity, when analysing recent cyber attacks, you can see a range of different attack styles being used. You can also see three main ways cyber attacks are evolving – becoming unrelenting, more sophisticated and more adaptable than ever before.
If you want to protect your business against cyber attacks in 2023, you should be paying close attention to how cyber attacks are evolving, so you can keep your cybersecurity measures up to date.