Attacks on satellite technologies and mail servers, the rise of destructive attacks and leaks, drone hacking, and the next big cyber epidemic are some of cybersecurity solutions firm Kaspersky’s advanced persistent threats (APTs) predictions for 2023.

Kaspersky security experts foresee a record number of disruptive and destructive cyber-attacks, affecting both the government sector and key industries. It is likely that a proportion of them will not be easily traceable to cyber incidents and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors.

High-profile cyber attacks against civilian infrastructures, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.

“It is quite clear 2022 saw major changes to the world’s geopolitical order and ushers in a new era of instability,” said Ivan Kwiatkowski, senior security researcher at Kaspersky. “A portion of our predictions focus on how this instability will translate into nefarious cyber activities, while others reflect our vision of which new attack vectors will be explored by attackers.”

APT groups use spam emails to launch attacks — Kaspersky
Kaspersky reveals Kimsuky APT targets Korean media, think tanks

The 2023 forecast on APTs is based on the expertise and the activities the Kaspersky Global Research and Analysis Team (GReAT) has witnessed this year while tracking more than 900 APT groups and campaigns.

Kaspersky is seeing attackers, who are experts in physical and cyber intrusions, employing drones for proximity hacking as among the new types of targets and attack scenarios.

Hack-and-leak is the new black (and bleak)

The new form of hybrid conflict that was unrolled in 2022 involved a large number of hack-and-leak operations. These will persist in the coming year with APT actors leaking data about competing threat groups or disseminating information.

CobaltStrike, a red-teaming tool, has become a tool of choice for APT actors and cybercriminal groups alike. With it gaining so much attention from the defenders, it is likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.

Some of the possible attack scenarios include mounting drones with sufficient tooling that would allow the collection of WPA handshakes used for offline cracking of WiFi passwords or even dropping malicious USB keys in restricted areas in the hope that a passer-by would pick them up and plug them into a machine.

WannaCry-scale ransomware is likely

According to the company, some of the largest and most impactful cyber epidemics occur every six to seven years. The last incident was the infamous WannaCry ransomware worm which leveraged the “extremely potent” EternalBlue vulnerability to automatically spread to vulnerable machines. Kaspersky researchers believe the likelihood of the next WannaCry happening in 2023 is high.

The company has reason to believe that incidents of this magnitude are likely because threat actors may have in their possession at least one suitable exploit. There is a chance that a ShadowBrokers-style hack-and-leak could take place.

Mail servers harbor key intelligence so are of interest to APT actors and have the biggest attack surface imaginable. The market leaders of this type of software have already faced exploitation of critical vulnerabilities, and 2023 will be the year of 0days for all major email programs.

With existing capabilities, evidence of APTs being capable of attacking satellites — with the Viasat incident as an example — it is likely that APT threat actors will increasingly turn their attention to the manipulation of, and interference with, satellite technologies in the future, making the security of these technologies ever more important.

“Better preparation means better resilience and we hope our assessment of the future will enable defenders to strengthen their systems and repel cyberattacks more effectively,” said Kwiatkowski.