IT security trends 2023 (part 2): Why iPhones are hackers' best friends, rootkits are celebrating a renaissance, and uncertainty is bad for IT security

12/19/2022
G DATA Blog

In the second part of the blog series, Tim Berghoff, Stefan Decker and Karsten Hahn explore current trends in IT security. Their views focus on the effects on IT security of the past years of crisis, the importance of smartphones in cyber attacks, and the return of rootkits as part of the attack chain.

Every year, we ask our IT security experts the same question at the end of the year: “What risks will threaten the IT security of companies and private individuals in the coming year?” The first answer is provided by Tim Berghoff, Security Evangelist at G DATA CyberDefense:

The last two and a half years have been primarily characterised by bad news and conspiracy myths. The world is in turmoil, what with the coronavirus pandemic, the war in Ukraine and political infighting in numerous countries. In many places, people have lost confidence, be it in the media, in politics or in the intellectual maturity of their fellow human beings. And then there is the fear and uncertainty surrounding current trends and new developments in the world of cyber crime. Here, too, there is no shortage of disaster reports of all sorts about vulnerable infrastructure, critical security vulnerabilities and hacks of all kinds.

If you are bombarded with horror stories from all over the world every day, at some point you switch off and become jaded. A habituation effect sets in and people get used to the situation. This is a very natural human characteristic, because it helps people cope mentally with the flood of news. However, at the same time, this is a dangerous state of mind. Actors from criminal circles take advantage of this and rely on their victims being mentally preoccupied with other issues. They exploit this absent-mindedness and benefit from the fact that people have now become information junkies. Criminals find that the current climate of geopolitical uncertainty is a perfectly prepared breeding ground for their activities. Vigilance is therefore more important than ever in 2023 - at every level.

We continue with the subject of smartphones. Stefan Decker, Mobile Security Expert at G DATA CyberDefense, explains what the dangers are and how users can protect themselves.

Being a key digital tool, the smartphone will continue to be an attractive target for cyber criminals in the future - and not only because people use it for banking, payments or as a digital key. Criminal hackers will be increasingly targeting iPhones in the future. The reason is that iPhone users are considered to have more purchasing power and are therefore more lucrative for attackers. The criminals exploit vulnerabilities in the iOS operating system in particular, because this gives them root rights and thus complete control over the device. The current year has shown how serious the situation is, as Apple has had to provide patches for critical gaps on several occasions.

Smartphones also continue to play a central role in the context of social engineering attacks.  In the future, attackers will not only launch vishing or smishing, i.e. fraud attempts via SMS or phone calls, but will also increasingly contact potential victims via messenger services such as WhatsApp or Telegram. Their mobile phone numbers and other contact details can be found in underground forums. Current fraud attempts show how real the danger is. Perpetrators have moved scams targeting the elderly into the digital space, as a form of senior scam 2.0. Here the perpetrators pretend to be a family member in need and try to persuade their victim to transfer a large sum of money.

The good news is that mobile devices can be protected with a few basic precautions. These include an up-to-date version of the operating system, installing updates and installing a security solution. In addition, users should never leave their smartphone unlocked - when it is being repaired, for example.

Finally, Karsten Hahn, Lead Engineer Prevention, Detection and Response at G DATA CyberDefense, explains why rootkits will be increasingly used in attacks in the future and that tools such as video meeting apps will also be used for attack purposes:

The renaissance of rootkits as a feature in malware suites will continue in 2023. Cyber criminals abuse rootkits to hide malware from virus scanners and security solutions. The rootkit prevents users from detecting any illegal access to their computers. Messages to the criminals are disguised on the computer, as are the associated files and processes. The rootkit also enables dangerous programs to be hidden, to spy on things such as passwords, trade secrets, keyboard and mouse input, credit card information and the like. In a feasibility study, researchers have shown that attackers copy rootkits from GitHub and incorporate these programs into their attack chains. The problem is that rootkits are not considered to be malware in the original sense and are therefore legally available on GitHub. Such offerings are of particular interest for criminals with little IT knowledge, because programming rootkits is no easy matter.

In addition, cyber criminals will in future hijack and exploit widespread and popular programs for attack attempts. This means they will use Zoom or Teams for attacks; it is conceivable that they will invite people to a fake meeting by email and send a fake link. Instead of the meeting app, the victims download malicious code onto their system. In this context, criminals will increase their activities in exploiting vulnerabilities in these programs.

Den ersten Teil der Blog-Reihe finden Sie hier.

from Stefan Karpenstein
Public Relations Manager