Since “Prediction” posts seem to be the spirit of the new year, I’ll throw mine into the ring.
Ten predictions for 2023.
Hackers are going to keep hacking
Phishing will increase in scope and size
Business Compromise Attacks will become more sophisticated
Damage from insider threats will increase dollar loss
Paper check fraud will be huge as fraudsters exploit mobile banking
Ransomware will continue to wreak havoc
Small and medium businesses will continue to suffer devastating losses to cybercrime
Cryptocurrency will continue to be used for money laundering
People will continue to use weak passwords
Gift cards will continue to be the cybercrime currency.
The theme of my predictions is “Same ol’, same ol’”. It’s not hard to make predictions about crime, particularly cyber and financial crime when the same trends have been in place for the past five years or so.
Physical world crime will be the same old, same old also. I heard through the grapevine that it only took one hour and fifteen minutes for my local city to record its first shooting victim of 2023. The anti-police rhetoric spewed over the past two years is still having devastating effects. Law enforcement is insufficient in both morale and manpower to address the continuing spree of violent crime.
I will make one prediction that is new and hopeful. We’ll call it number 11.
Small and medium businesses will increase their cybersecurity awareness and prevention efforts to reduce their threat surface and potential for victimization.
Making prediction 11 into reality is my personal mission for 2023. And not only for my employer but for all of our associated organizations. In fact, any organization that will invite me to speak, ask me to consult, or just subscribe to the Threats Without Borders Newsletter.
Check back with me in one year and see how my predictions held up. One through ten are absolute locks. Put money on them. Number 11 is the long shot but I’m going all-in.
Welcome to 2023!
Who’s who of 2022
Zach Whittaker and Carly Page looked back at the most influential and notorious cyber-criminals of 2022 and wrote a summary. There have been so many breaches, compromises, thefts, scams, and frauds, over the past 365 days that it’s hard to keep track. Some of these I had to think, “Was that this year?”. Oh, how time flies. https://techcrunch.com/2022/12/30/meet-the-cybercriminals-2022/
Oversight, Please!
How much money does a charitable organization need to bring in that the bookkeeper can steal 29 MILLION dollars and it takes twelve years for anyone to notice? Thats 2.5 million dollars per year on average. A little too late, but this lady in Texas finally got caught. https://www.justice.gov/opa/pr/bookkeeper-pleads-guilty-embezzling-over-29-million
PAKs
Passwords for you, PAKs for me? I have to admit that I haven’t experimented as much as should with physical authentication tokens (PAKs). Several of my former government accounts were secured with an RSA token and I do have a Ubikey, but I moved away from it for the convenience of Google Authenticator and Duo for my high priority accounts. I really need to transition into PAKs, as this WIRED article correctly instructs. https://www.wired.com/story/hardware-security-key-passwords-passkeys/
Honor among thieves?
Doubt it. But the Lockbit ransomware group did the right thing and provided a Toronto children’s hospital the key for their ransomware locked files. You know what’s really admirable and honorable though? Stop spreading ransomware! In December, the SickKids Hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. Lockbit management issued a press release after learning of the situation and provided the hospital’s security team the decryption key. https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/
The Rest…
“Scammers love gift cards…”. Yes they do! https://www.thestreet.com/technology/scammers-love-gift-cards-heres-how-to-avoid-being-scammed
Software engineer using fraud scheme from movie to steal over 300K from employer. https://nypost.com/2022/12/31/software-engineer-stole-more-than-300k-from-employer-in-office-space-inspired-scheme-police/
Cool Tool
Transcribe Youtube videos for free. And fast. Really fast actually.
Cool Job
Cybersecurity Internship - Minitab in State College, PA. https://boards.greenhouse.io/minitab/jobs/5454593003
Irrelevant
The perennial teen prank Ding-Dong-Ditch is called “Nicky Nine Doors” in Canada. And someone in Vancouver is doing it while dressed as a cow. The police don’t find it as funny as you. https://vancouverisland.ctvnews.ca/a-moo-dunnit-campbell-river-rcmp-seek-mischievous-doorbell-ringer-1.6210727?
Mail Call
“Maybe you have your ye’s and thee’s backwards”. Probably. (see editorial in issue 110)
“What’s the status on the Incidentals series? I’ve only seen two”. You haven’t missed any. The two that I have made had the lowest engagement of all Tw/oB issues of 2022. I don’t know if it was the mid-week publishing that threw people off or the content caused the emails to get kicked as spam. Or people really just don’t care? For instance, the one about the dangers of screenshots only had 150 opens. Youtube doesn’t count video views that are through the Substack reader so there is no real way to see how many people actually watched the video, BUT from the number of times the link was clicked, I can tell it wasn’t many. I want to do more content like that but’s its hard sell with such low engagement.
“the police trend of quiet quitting hasn’t helped their cause either”. I like to call it “de-policing”. (See editorial of Issue 108)
Comments are open below. Feel free to comment on the issue or send email.
Thank You for opening this issue of the newsletter and for hanging around another year.
**I didn’t meet my subscriber goal for 2022 and really want to push the newsletter forward in both subscribers and original content in 2023. Word of mouth is the best way for the newsletter to grow. Please consider sharing it with friends and colleagues. It’s free and (sometimes) valuable.**
Matt
“NEVER FORGET THAT AS LONG AS YOU ARE ALIVE AND HEALTHY, YOU GET AS MANY SECOND CHANCES AS YOU WANT” - someone who’s seen me start everyday.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.