Deeper ransomware attacks may put Indian firms at greater threat in 2023

According to Barracuda Networks, a leading provider of cloud-first security solutions, a new generation of smaller and smarter gangs will steal their limelight in 2023. During the year, organizations will experience an increased frequency of ransomware attacks with new tactics, the company said on Tuesday.

With the ransomware-as-a-service (RaaS) business model taking off, Indian organisations across the spectrum, after the massive AIIMS attack, will need to be more alert and ready to face aggressive cyber attacks.

According to Barracuda Networks, a leading provider of cloud-first security solutions, a new generation of smaller and smarter gangs will steal their limelight in 2023.

Advertisement

During the year, organisations will experience an increased frequency of ransomware attacks with new tactics, the company said on Tuesday.

"In 2023, organisations need to be ready to be targeted by every kind of cyberthreat, regardless of their size or industry sector. As existing authentication methods are challenged by attackers, security practitioners need to look at alternatives, and we expect to see password-less and FIDO U2F (Universal 2nd Factor) single security key technology receiving a lot of consideration," said Parag Khurana, Country Manager, Barracuda Networks India.

Advertisement

Also read | Cyberattacks could start war, Russian space agency warns after hacking attempt

The growing use of artificial intelligence (AI) in threat detection will make a significant difference to security, and "we expect to see more companies invest in 24/7 human-led threat hunting and response, making use of an expert SOC-as-a-Service if they don't have the resources in house," he added.

Advertisement

In 2023, "wiperware" emanating from Russia will likely spill over into other countries as geopolitical tensions continue.

The goal of pseudo ransomware, also referred to as wiperware, is to destroy the victim's systems rather than offer the opportunity to decrypt them.

Advertisement

This form of cyberattack is often geopolitical in nature.

Also read | Ukrainian govt websites hit by cyberattacks amid Russia's military operation

Advertisement

In 2022, there were 21,000 Common Vulnerabilities and Exposures (CVEs) registered. Many of them were classed as 'critical', and many were actively exploited by attackers.

"There were also a number of popular third-party software libraries that had critical vulnerabilities reported. Organisations need to have a team in place ready to patch software and remediate as soon as possible," said the report.

Advertisement

2022 was the year of the supply chain attack with a large number of high-profile incidents occurring around the world and it has led more attackers to look for the weakest link in attacking companies.

"We have seen impersonation techniques and spear phishing attacks constantly evolve and with multi-factor authentication (MFA) fatigue attacks, they are having more and more success," said the report.

Advertisement

Advertisement