Major cyber threats facing consumers in 2023
Cybersecurity specialist ReasonLabs has released its annual research report featuring comprehensive data and in-depth analysis of consumer cybersecurity threats from 2022 and predictions of the threats consumers are likely to face in 2023. Comprising data derived from the company’s users from more than 180 countries, the report highlights data from 2022 and 2021 to provide context on year-over-year cybersecurity trends.
Key takeaways from the report, which was developed by researchers from the company’s Threat Intelligence Center (TIC), include:
- The emergence of the metaverse and increased adoption of IoT devices carry new cyber risks, such as the metaverse attack vector identified by TIC researchers in 2022.
- Malicious web extensions are becoming more and more prevalent – 15% of all malicious extensions detected throughout 2022 came from users in the United States.
- Trojanized software such as coin miners, backdoors, infostealers, remote access trojans (RATs), and spyware continues to be a top threat to home users and remote employees, as they accounted for 31% of all detections.
- The rise in HackUtilities detections from 4% in 2021 to 20% in 2022 demonstrates that online piracy—the use of pirated or cracked software and applications—is either at or near an all-time high.
- Cyberwarfare is increasingly impacting average citizens around the world, with the most notable examples in 2022 coming from Russia’s war in Ukraine. We found a large increase in detections in Ukraine throughout February compared to January, signaling that Russia’s invasion was also paired with cyber attacks.
- The top five countries with the most detections per user throughout 2022 are Kazakhstan, Russia, Egypt, Ukraine, and Bolivia respectively. While the list is diverse, over 50% (11/20) of the most attacked countries are in Asia, while only 10% (2/20) are from Europe.
- Phishing remains the leading malware distribution method affecting home users and remote employees.
- Crimeware-as-a-Service (CaaS), the practice of providing cyber products and services to criminals to facilitate large-scale attacks, is on the rise. CaaS products and services typically deliver ransomware, malware, phishing threats, and more.
- As businesses improve their cybersecurity practices, attackers are increasingly focusing on home users. The proliferation of remote and hybrid work has made it easier for attackers to access corporate networks through employees’ home networks.
- The 2021 launch of the Ransomware and Digital Extortion Task Force in the U.S., along with government legislation around companies engaging with ransomware demands, means some attackers are deploying ransomware on home users instead of large corporations.
“ReasonLabs researchers have identified a number of critical threats facing everyday consumers — from a rise in malicious web extensions to the continued prevalence of phishing attempts and the use of Trojanized software,” says said Kobi Kalif, CEO and co-founder of ReasonLabs. “We are also seeing consumers face new threats due to emerging technologies like the metaverse; the ubiquity of remote and hybrid work; the rise in Crimeware-as-a-Service; and the growth in cyberwarfare, which often impacts ordinary civilians. In order to protect themselves and their families against both existing and emerging threats, home users should educate themselves about potential dangers, and utilize cyber protection solutions such as next-gen antivirus software, a VPN, a DNS filter, and parental control apps across their digital devices.”
The company’s researchers expect that 2023 will bring more sophisticated phishing and social engineering scams as consumers become more aware of common tactics. They also anticipate growth in Phishing-as-a-Service and overall CaaS.
Additionally, the researchers expect two-factor authentication to continue to be bypassed, likely leading to the increasing use of three- or four-factor authentication. The report also indicates that unsecured consumers, particularly young users, will continue to be susceptible as they engage with cryptocurrencies, the metaverse, and other digital assets.
Finally, the TIC anticipates the continued deployment of next-generation threats as emerging technologies, such as virtual reality, become more mainstream. For more, see “The State of Consumer Cybersecurity 2023.”
