Europe is on track to eclipse the United States as the target-of-choice for ransomware attackers, a trend cyber experts speculate could be the result of toughened policies in Washington.
Mandiant’s Cyber Security Forecast 2023 has provided an overview of the cyber security landscape in 2022, and offered forecasts for likely trends in 2023.
Among them is an expected rise in the number of younger threat actors motivated by ego or glory, rather than money or ideology, and the continued outsourcing of malicious cyber information operations to so-called “hacktivist” front groups.
Mandiant’s Cyber Security Forecast says the most striking trend is an increase in ransomware attacks in Europe coupled by a possible decline in activity in the United States.
“While reports show that the U.S. is the country most targeted by ransomware attacks worldwide, small indicators show that ransomware activity is decreasing in the United States and growing in other regions,” Mandiant’s researchers write. “In Europe, the number of victims is increasing, and if that increase continues, Europe will likely become the most targeted region in 2023.’’
Whilst it is difficult to definitively attribute a cause in the apparent decline in US hacks, Mandiant’s researchers say it could be a response to toughened policies in Washington.
That explanation, if true, offers a potential way forward for countries like Australia, which has been hit with a recent wave of high-profile ransomware attacks.
Other key trends include:
- An increase in malicious cyber activity associated with the war in Ukraine and a tendency for Russian hackers to co-opt third party front groups for plausible deniability.
- A rise in cyber-crime leading to problems in the cyber insurance market, with some insurers reevaluating their risk in the face of sky-rocketing claims.
- Indicators that cyber-criminals are starting to beat common security checks like multifactor authentication practices.
- Cyber criminals increasingly prioritising the hacking of user credentials over endpoint access in order to steal identities.
- A continuation of malicious cyber activity and espionage by North Korea and Iran for political, strategic and commercial motives.