{"id":55897,"date":"2023-01-25T08:39:25","date_gmt":"2023-01-25T11:39:25","guid":{"rendered":"https:\/\/abes.org.br\/?p=55897"},"modified":"2023-01-18T14:11:57","modified_gmt":"2023-01-18T17:11:57","slug":"trend-micro-aponta-as-principais-vulnerabilidades-ciberneticas-para-2023","status":"publish","type":"post","link":"https:\/\/abes.org.br\/en\/trend-micro-aponta-as-principais-vulnerabilidades-ciberneticas-para-2023\/","title":{"rendered":"Trend Micro points out the main cyber vulnerabilities for 2023"},"content":{"rendered":"

Hybrid Workers, Connected Cars and Managed Service Providers (MSP) will be top targets for attacks in the coming year, according to Trend Micro report<\/em><\/p>\n

\"\"<\/p>\n

According to the Trend Micro study,\u00a0\u201cTight future: security predictions for 2023\u201d<\/strong>, cybercriminals will target the security blind spots of home offices and the cloud and software supply chain in the coming year. The report points to VPNs as a particularly attractive target, as a single solution can be exploited to reach multiple corporate networks, and highlights the fragility of home routers, which are often not patched or managed by central IT.<\/p>\n

\u201cThe pandemic may be passing, but remote work is here to stay,\u201d said Jon Clay, vice president of Threat Intelligence at Trend Micro. \u201cThis means a renewed focus by threat actors in 2023 on unpatched VPNs, connected SOHO (Small Office\/Home Office Routers) devices, and the\u00a0backend<\/em>\u00a0of cloud infrastructure. In response, organizations will need to focus on helping already stretched security teams by consolidating attack surface management and detection and response with a single, more cost-effective platform.\u201d<\/p>\n

Along with the threat of hybrid work, the report anticipates several trends for IT security leaders, including:<\/p>\n

\u2013 The growing threat to\u00a0Managed Service Providers (MSPs) supply chain<\/strong>, which will be hit because they provide access to a high volume of customer activity, maximizing ROI from ransomware, data theft and other attacks;<\/p>\n

\u2013 The techniques oflive off the cloud\u201d may become the norm for groups attacking cloud infrastructure<\/strong>, with the aim of remaining hidden from conventional security tools. An example is the use of a victim's backup solutions to download the stolen data to the attacker's storage location;
\n\u2013\u00a0Threat to connected cars<\/strong>, targeting cloud APIs that sit between the eSIMs embedded in the vehicle (electronic chips) and the backend application servers. In the worst case scenario (i.e. on Tesla's API) attacks could be used to gain access to vehicles. The auto industry can also be affected by malware lurking in open source repositories;<\/p>\n

- You\u00a0\u201cRansomware as a Service\u201d (RaaS) groups can rethink their business<\/strong>\u00a0as the impact of double extortion fades away. Some may focus on the cloud, while others may abandon ransomware and try to profit from other forms of extortion such as data theft;<\/p>\n

\u2013 Social engineering will be boosted with offers of\u00a0Corporate Email Compromise (BEC) as a Service<\/strong>\u00a0and the emergence of\u00a0BEC based on deepfake<\/strong>;<\/p>\n

\u2013 Companies will also have to pay attention to the\u00a0attacks targeting OT (Operational technology) systems\u00a0<\/strong>that control industrial equipment.<\/p>\n

Blockchain-powered virtual assets such as cryptocurrencies will continue to pique the interest of malicious actors, who like to act with freedom and anonymity, although actions against non-fungible tokens (NFTs) and the metaverse are expected to remain stagnant.<\/p>\n

Trend Micro recommends that organizations mitigate these emerging threats in 2023 by:<\/p>\n