Kaspersky Security Bulletin

Cybersecurity threats: what awaits us in 2023?

Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.

As for KSB 2022, we invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year. The contributors include representatives from government institutions: H.E. Dr.Mohamed Al Kuwaiti (UAE Cyber Security Council), and public organizations: Kubo Mačák, Tilman Rodenhäuser, Mauro Vignati (ICRC), Serge Droz (FIRST), Sven Herpig (the think tank Stiftung Neue Verantwortung). Also, we’d like to thank Prof. Dr. Dennis-Kenji Kipker (the University of Bremen; European Academy for Freedom of Information and Data Protection (EAID)), Arthur Laudrain (The Hague Centre for Strategic Studies), Stefan Soesanto (The Center for Security Studies (CSS) at ETH Zurich) for their scientific and profound contribution. Moreover, we included predictions made by our fellow commercial organizations – James Range (White Rock Security Group) and Irena Yordanova (Polycomp Ltd.).

The opinions shared by the contributing experts do demonstrate a complexity of the modern cybersecurity industry and a strong need for collaboration among different organizations in order to combat cyberthreats that companies, individuals or even whole countries are exposed to.

What cyberthreats for business will be the greatest in 2023?

Vladimir Dashchenko, Security Evangelist, Kaspersky

The ongoing geopolitical storm brings not only classical cyberthreats for business, but also unpredictable risks and ‘black swans’. The main problem for 2023 will be supply-chain stability and cybersecurity. While supply-chain is a big challenge for business right now, its cybersecurity is not merely an issue, it’s a major problem. Supply-chain will become more of a sweet spot for targeted ransomware and state-sponsored espionage campaigns.

Another big issue is global semiconductor shortage. This will definitely play its role in corporate cybersecurity. While many companies need increasingly more computing power, (servers, workstations, network hardware and so on…) the price on the equipment continues to rise. There’s a possibility that, to cover hardware needs, some of the businesses will have to cut planned cybersecurity expenses.

Yury Slobodyanuk, head of content filtering research, Kaspersky

I think we will continue seeing attacks targeting the infrastructure of different countries and organizations. Phishing attacks are going to become even more sophisticated, since a lot of basic tactics have already been tried this year, and businesses learned to repel those.

Ivan Kwiatkowski, senior security researcher, Global Research and Analysis Team, Kaspersky

Businesses will still be mostly concerned with ransomware. The conflict between Russia and Ukraine has marked an end to any possible law enforcement cooperation in the foreseeable future. We can therefore expect that cybercrime groups from either block will feel safe to attack companies from the opposing side. Some may even perceive this as their patriotic duty. The economic downturn (caused by energy prices, inflation, sanctions, etc.) will lead more people to poverty, which always translates to increased criminality (cyber or otherwise), and we know ransomware to be extremely profitable.

James Range, President of White Rock Security Group

Zero trust will take on greater prominence with the continued role of the remote and hybrid workplace. Remote work will continue driving the need for zero trust since hybrid work is now the new normal. With the federal government mandating agencies to adopt zero-trust network policies and design, we expect this to become more common and the private sector to follow suit as 2023 becomes the year of verifying everything.

Arthur Laudrain, Strategic Analyst (Cyber Program), The Hague Centre for Strategic Studies

In 2023, we might see a slight decline in the raw number of ransomware attacks, reflecting the slowdown of the cryptocurrency markets. However, ransomware operators will keep professionalizing their operations and will target higher value organizations. At the same time, state-sponsored attacks will remain high in the threat landscape, with no ease of geopolitical tensions with Russia, China, North Korea, and Iran in sight. Businesses most at risk are aerospace and defense contractors, as well as critical infrastructure operators (utilities such as water, electricity, and Internet, but also hospitals and operators of large cyber-physical systems such as dams).

Stefan Soesanto, Senior Cyber Defense Researcher, The Center for Security Studies (CSS) at ETH Zürich

If I had a magic 8-ball, I would predict that the greatest cyberthreats to businesses in 2023 will be a significant increase in foreign intelligence services conducting operations under the cover of hacktivist groups, fighting big oil, climate change, fiscal policies etc. And that (b) we are also likely to see a steep increase in DDoS extortion campaigns as the Cyberwar in Ukraine leads to all-time-high levels of DDoS attacks.

Irena Yordanova, Product Manager Software, Polycomp Ltd.

We expect cyberthreats to rise in 2023, as unrest in the world contributes to an increase in cybercrimes. Malware attacks like ransomware will happen to businesses more frequently. And IT teams should be prepared to deal with evolving threats posed by emerging technologies which are becoming widespread, such as geo-targeted phishing or attacks related to Cloud Security, IOT and AI. Most probably more attacks on the education and healthcare sectors will occur plus targeted campaigns against industry leaders – especially those that hold critical information: sensitive data, top expertise, and latest technologies. Given that, employees should be educated and equipped to fight these mature attacks; and their companies can contribute by having experienced outside security partners to support them on this issue. End-users can prepare themselves with an easy-to-use security solution for upcoming challenges, whether it’s phishing attacks or threats related to multiple layers of security.

What cybersecurity challenges will industries face next year?

Vladimir Dashchenko, Security Evangelist, Kaspersky

Threat modeling approaches will be changed in 2023. Internet ‘balkanization’, ongoing military conflicts, changes, and tensions in existing political groups of countries are influencing cyberspace and cybercrime. We will see an increasing number of cybercriminals taking political sides and breaking the law with political statements. Also, script-kiddies (low skilled hackers) will be joining groups of cybercriminals led by more skilled perpetrators, or state sponsored hackers more often.

The major challenge for cybersecurity itself will be a lack of transparency and information sharing between companies. It will be extremely difficult to follow the ‘business as usual’ concept and remain neutral. Global political conglomerates will unfortunately influence cyberspace and cybersecurity.

Arthur Laudrain, Strategic Analyst (Cyber Program), The Hague Centre for Strategic Studies

Next year should see a continuation of existing trends. In particular, governments, critical infrastructure operators, and businesses with a large international footprint will face the continued challenge of ensuring the safety and integrity of their supply-chains, both in terms of software and hardware. Often, this will require closer integration with their contractors and suppliers, none the least to comply with new regulatory obligations in the U.S. and the E.U.

James Range, President of White Rock Security Group

Given the continued surge of ransomware attacks, which soared 288% in the first half of 2022 alone, the need for cyber insurance will be a bigger priority, especially in the SMB market. Although many industry experts argue against payouts, making cyber coverage a controversial topic, the evolving threat landscape means cyber insurance should be a top consideration as part of organizations’ cyber strategy. As such, we anticipate a booming cyber insurance industry as many organizations heed these warnings and seek to guard against ransomware attacks. Yet, in addition to cyber insurance, companies will need a designated DR or RR (Rolling Recovery) plan.

Kubo Mačák, Legal Adviser, Tilman Rodenhäuser, Legal Adviser, Mauro Vignati, Adviser on Digital Technologies of Warfare, ICRC

A key concern for 2023 is that civilians will be further impacted by cyber operations during armed conflict. Civilian data, devices, and networks – such as government services, critical infrastructure, or companies – risk being deliberately disrupted or damaged, often in violation of the laws of war. Civilians – individuals and companies – may get drawn into digital warfare activities, encouraged to engage in cyber operations or to support kinetic military operations through digital means. Such developments put people and societies in danger and undermine the cardinal rule that belligerents must at all times distinguish between what is military and what is civilian.

Stefan Soesanto, Senior Cyber Defense Researcher, Center for Security Studies (CSS)

I expect that the theft of medical data (ex. Finland’s Vastamoo in 2020 & Australia’s Medibank in 2022), as well as highly private personal data (ex. Ashley Madison in 2015) will become the major focus of ransomware groups and other cybercriminal actors alike. Underpinning this trend, the lesson learned is that imposing massive psychological pressure directly on thousands of separate victims, increases the likelihood of individual extortion payouts being made.

What cyberthreats will pose the most danger to end-users?

Yury Slobodyanuk, head of content filtering research, Kaspersky

As the geopolitical situation is quite tense, different types of fraud will take advantage of new events that will take place. Also, various techniques of generating fake news using AI may be used.

Sven Herpig, Director Cybersecurity at think tank Stiftung Neue Verantwortung

I believe cybercrime is the biggest threat to end-users, but mainly in an indirect fashion. Cybercrime is looming over providers of essential services and goods such as municipalities, hospitals and even producers of baby food offline, rendering them less or non-operational for several days or weeks. This has a direct impact on citizens’ lives in the real world and is therefore something that I would see as one of the most prevailing threats to individuals.

Prof. Dr. Dennis-Kenji Kipker, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)

Remote workers in home offices continue to play a major role in everyday working daily life, along with the increased use of BYOD, which takes control of devices away from administrators. Since 2020, therefore, forms of spear phishing, social engineering and CEO fraud, as well as ransomware, become increasingly prevalent and will continue to be of considerable importance in 2023. The professionalization of cybercrime, now an independent “industry”, is contributing to a further tightening of the security situation for end users, as low-cost mass attacks are made possible in this way.

H.E. Dr.Mohamed Al Kuwaiti, UAE Cyber Security Council

IoT Vulnerabilities. Security issues keep plaguing IoT devices dominating the market today. As IoT combines the physical world and virtual space, home intrusions are being added to the list of the scariest possible threats that IoT brings.

Vulnerabilities in Autonomous Vehicles. Due to the inherent risks of Autonomous Vehicles, they are increasingly vulnerable to attacks resulting in data breaches, supply chain disruptions, property damage, financial loss, and injury or loss of life.

What are the main challenges cybersecurity will face in 2023?

Ivan Kwiatkowski, senior security researcher, GReAT Kaspersky

The security industry will face direct pressure resulting from the political situation. Things were complex before and they will only get worse. The biggest challenge that vendors will have to face in 2023 will be to remain neutral, if they haven’t decided to align with one block or the other already. (My opinion on this bigger matter is explained in this talk.) Generally speaking, politics and threat intelligence will become more and more entwined, and we’re very unprepared for this as a community.

Yury Slobodyanuk, head of content filtering research, Kaspersky

I think attacks will evolve a lot quicker next year, and a main challenge will be to still be a couple of steps ahead.

Sven Herpig, Director Cybersecurity at think tank Stiftung Neue Verantwortung

I don’t think that there will be anything substantially new in 2023 – one of the key challenges will still be the lack of adoption of basic security and resilience measures which cybercriminals will successfully exploit.

Prof. Dr. Dennis-Kenji Kipker, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)

Cybersecurity requires not only secure software, but also sufficiently trustworthy hardware. For too long, we have relied on globalization in IT security and placed too little emphasis on protecting the digital supply chain. In Germany, this was made clear by the debate about protecting sensitive 5G networks; in the geostrategic conflict between the People’s Republic of China and Taiwan, we are now seeing that we are already in the midst of a semiconductor crisis that threatens the security of supply with trustworthy IT. Here, it can be assumed that significant cybersecurity challenges will continue to rise in 2023 as political tensions grow.

Serge Droz, Technical Advisor, Member of the Board, FIRST

Cybercrime will continue to focus on optimizing gains per investment, meaning that smaller and/or less mature organizations will be targeted even more. These may be SMEs or businesses in sectors that don’t include IT in their core business, in particular health services. The problem with this target group is that they either have very different priorities (a ransomed hospital simply cannot afford to delay recovery, and thus pays) and don’t have the resources to defend themselves, or they just don’t have the expertise. This is what Wendy Nater calls “living below the security poverty line”. And this will be the challenge to our industry: how can we provide effective protection that works and is affordable to these types of organizations. Or in other words, can we provide security services to people other than for security specialists? My guess would be that reaching this goal requires different industries working together, in particular I feel the role of insurance needs to be clarified and aligned.

James Range, President of White Rock Security Group

Cyber teams are going to be in the spotlight now more than ever. Understanding your security posture is crucial; knowing what current tools are available and the gaps that currently exist in your infrastructure will help you to protect your enterprise. The need for bigger cyber budgets and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.

H.E. Dr.Mohamed Al Kuwaiti, UAE Cyber Security Council

DDOS Botnets. One of the most recent severe attacks around the end of June 2021, was made using malware called the Mēris botnet which has climbed to the record. Due to the new nature of the malware as it has been described as a “new assaulting force on the Internet – a botnet of a new kind” and its impact is more likely to be that similar real-time emerging malware-related DDoS attacks like this one will be used in 2023.

Ransomware as a service (RaaS). Unlike other forms of malware, this new service provides “a sort of criminal Content Distribution Network (CDN) similar, in principle, to those used by major internet portals but used exclusively for malware”. Nearly half of breaches during the first six months of 2022 involved stolen credentials, Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, 2022. This has probably been the most discussed attack in 2022 as it’s the first time a country declared a national emergency in response to a cyber-attack. Ransomware-based malware had been quite active in 2022.

Deep fake enabled business compromise. Deepfake-enabled compromise is a type of attack where threat actors leverage synthetic content. This includes video or audio altered or created using artificial intelligence and machine learning to impersonate C-suite executives and trick employees into transferring large sums of cash.

Cybersecurity threats: what awaits us in 2023?

Your email address will not be published. Required fields are marked *


  1. Sylvia Morgenstern

    Wonderful theme…please send me nearer informations. Thank you.

    1. Securelist

      Hi Sylvia!

      If you want to see more of cyberthreat and cybersecurity predictions for 2023, you are welcome to read the articles in this category: https://securelist.com/category/kaspersky-security-bulletin/ We will continue to publish them in December and in the beginning of 2023.


Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox