Global digitalization increases the surface for cyberattacks that become more relentless, sophisticated, and capable of bringing down hundreds of enterprises and harming millions of people at once.
Forewarned, forearmed: We gathered the most prevalent cybersecurity threats in 2023 so that you can verify whether your current security policies are capable of warding them off effectively.
Table of Contents
A quick note on terminology
First thing first, let’s dig deeper into the key concepts:
- A threat is a possible disruptive action that an attacker can carry out;
- An attack is an attempt to gain unauthorized access to a system with malicious intent (data compromise or destruction, system disruption, etc.);
- A vulnerability is a flaw in an IT infrastructure that makes it open to harmful impact;
- An attack vector is a specific method, scenario, or path, associated with vulnerable components of the target system and used for gaining unauthorized access to the system.
For convenience, we will group the threats into attack vectors and vulnerabilities. Note that threats often go hand-in-hand (e.g., spam can be used as a social engineering technique to spread malware), or they may be embedded into each other (e.g., malware may exploit zero-day vulnerabilities).
Attack vectors
1. Social engineering
Social engineering covers all techniques aimed at manipulating human psychology to gain sensitive information, access restricted information, or coerce victims into performing desired actions (download a malicious file, authorize a transaction, etc.) Social engineering relies heavily on such human emotions as curiosity, greed, fear, and compassion, with criminals following a typical pattern of
- Gathering information about the victim;
- Engaging in communication;
- Exploiting the victim’s weak spots to perform the attack;
- Disappearing and covering the tracks.
Not all social engineering schemes require such thorough preparation. Sometimes, one excellently crafted email mimicking a legitimate message from the bank is enough to lure a person to a malicious site.
2. Malware
Malware is a program containing malicious software designed to steal data or destroy/disrupt computer systems. Hackers often use vulnerabilities in operating systems, applications, websites, or networks to plant malicious code. Malware attacks are becoming increasingly devastating: a single malware program can damage hundreds of organizations and cause millions of dollars in losses, like the infamous WannaCry or NotPetya did.
Types of malware include
- Ransomware — blocks access to data or the whole system until a victim pays a ransom for a decryption key;
- Spyware — secretly gets installed on user’s device to steal sensitive information;
- Computer viruses — attach to other programs, self-replicate, and spread to other devices to steal data, damage systems, or install additional malware;
- Cryptojacking — steals computer resources to mine cryptocurrency;
- Backdoors — get around authentication procedures to give attackers remote access to a system.
The first line of defense against malware is regular software updates to eliminate vulnerabilities that cybercriminals can use. Furthermore, it is recommended to use modern security solutions such as NGAV or NIPS discussed below to detect and block any suspicious activity in the network promptly.
3. Drive by download
Drive by download refers to the unintentional downloading of malicious software, files, or code on a device without the user’s awareness. Drive-by-download attacks can happen in two ways:
- Users authorize the download by
- Clicking on a link masked as a notification from a source they trust: an email from the bank, a security alert, etc.;
- Downloading free software bundled with malicious files;
- Users are unaware of the download. Hackers exploit a vulnerability in a website and plant a malicious component. Users visit a seemingly legitimate but already compromised web page and trigger the download without prompts.
As drive-by download attacks exploit existing vulnerabilities, developers can protect their sites by updating the software regularly and removing obsolete components that may be filled with security flaws.
4. Spam
Spam is an unsolicited message sent over the internet, usually to many users. Although, in many cases, spam is sent by businesses for advertising, it can be used as a social engineering technique to spread malware or get a grip on personal data. Malicious actors often use the following types of messages to try and lure the victims into giving up confidential information:
- Spoofing is when the message is masked as coming from a reliable source: your bank, employer, colleague, a known company, etc. The scammers imitate the logos, brand identity, or tone of voice for higher credibility to make a user click on the malicious link or take any other desired action (e.g., sending money or sensitive data);
- Antivirus messages are disguised as warnings from the antivirus system urging users to take action against an allegedly discovered virus;
- Emails asking for money to help somebody in need;
- Prize scams are messages announcing that a user won a prize, lottery, etc., and urging users to reveal their personal information or wire the money to get the award.
The best way to minimize the risk of a successful spam attack is to never click on any links or attached files from dubious sources. If the email seems to be coming from a legitimate source, verify it by checking the email header (containing metadata on the letter’s origin) or contacting the company/person for confirmation.
5. Insider job
Insider threat originates from within an organization and is caused by unintentional (negligent) or intentional misuse of system access by regular employees, privileged users, or third parties such as subcontractors, business partners, etc. Insider threats can cause more significant financial damage than a data breach caused by an external actor.
The risk of a data breach caused by negligence can be mitigated by raising awareness about proper security measures among employees, but what about malicious actors stealing corporate data out of spite or for financial gains? While it is generally hard to predict which employee is capable of committing the crime, the general protection measures include
- Monitoring user activity and behavior. One way to do that is to utilize user and entity behavior analytics (UEBA) technology, which analyzes various data to form a model of normal user behavior and detect any anomalous activity.
- Implementing Privileged access management (PAM) to control permissions, roles, and user access to sensitive data.
Exploitable vulnerabilities
6. Zero-day exploits
Software vulnerabilities are weaknesses or flaws in the code that an attacker can use as an entry point to the system. A zero-day vulnerability is a weakness discovered and exploited by hackers before software developers became aware of it, so there’s no patch available. Zero-day exploits often serve as the basis for malware attacks, as in the recent case of two Apple zero-day vulnerabilities used for planting spyware on iOS devices.
Zero-day exploits are extremely harmful because they can go unnoticed by users or security experts for a long time, and the system remains vulnerable until the patch is issued.
Given their nature, zero-day exploits cannot be completely prevented, but there are ways of minimizing the risks:
- Implement a good firewall to detect and block suspicious traffic promptly;
- Follow the principle of least privilege by restricting user access to files and resources and permissions strictly necessary to do their jobs. This way, even if one part of a system is compromised, the impact will be limited;
- Use cutting-edge security tools like a next generation antivirus (NGAV) and a network intrusion protection system (NIPS).
- In contrast to traditional antiviruses that can act upon a vulnerability only when it is added to their database, NGAV takes advantage of predictive analytics and threat intelligence to identify suspicious behavior and previously unknown malware.
- NIPS ongoingly monitors the system for suspicious activity and takes action against it by blocking it, alerting the administrators, resetting the connection, etc.
- Put a patch management system into practice. It will not protect against zero-day exploits per se but will allow you to implement the patches as soon as they come out, thus limiting the exposure window.
7. Known vulnerabilities
The only difference between zero-day and known vulnerabilities is that the latter have already been identified and patched. But why do they still present a threat?
Although software developers constantly monitor their products and release emergency or regular patches, users often neglect to update the software, thus leaving the backdoor wide open. The situation is even worse with large projects using hundreds of dependencies.
Regular software updates are the basics of cybersecurity that should come before any top-notch security tools. But what if a project uses open-source libraries that haven’t received any updates for months?
An excellent solution helping to increase the transparency of IT infrastructure is a software bill of materials (SBOM). An SBOM is a collection of data on all components used to build a software product, including the supplier, version, vulnerabilities, and licensing. An SBOM helps to promptly react to new or existing vulnerabilities and take corrective measures.
BellSoft provides Liberica JDK updates for all LTS versions (8, 11, 17), a current version, and legacy OpenJDK 6 & 7.
If you deploy containerized application and would like to secure both Linux and Java, consider Alpaquita Cloud Native Platform, an enterprise-grade solution that includes
- Liberica JDK Lite optimized for cloud deployments;
- Alpaquita LTS, a lightweight Linux with two libc implementations (musl and glibc) and additional security features;
- Liberica Native Image Kit for native image generation;
- 24/7 service from a leading OpenJDK contributor with emergency and off-cycle patches both for Linux and JDK.
8. Credentials breach
Stealing credentials is the easiest way to access a system, so user data remains a tempting target for hackers. According to 2023 Verizon Data Breach Investigations Report, 81% of hacking-related data breaches leveraged stolen or weak passwords.
As far as weak passwords are concerned, the Cybernews Investigation team analyzed 15+ billion passwords in public data breaches and found that the most popular one was “123456,” followed by “123456789” and “qwerty.”
Credentials can be stolen by breaching a database, but sometimes, it is a matter of human error. For instance, employees can send sensitive information via email, leave their computers unattended, or write the login credentials on paper.
Large collections of stolen credentials sold on the black market can be further used for credential stuffing — a kind of a brute-force attack when stolen login credentials are used to access the user accounts.
To minimize the risk of credentials breach, it is recommended to
- Use multi-factor authentication;
- Enforce strong password policy in a company and educate employees on basic security practices;
- Implement the least privilege principle described above to limit the harmful impacts.
9. Misconfiguration
Misconfiguration refers to mistakenly configured or missing / default settings, which create an entry point for unauthorized access. Configuration errors can be encountered in an application, network, or cloud environment, with examples including:
- Weak or missing encryption;
- Default username, password, and other setting;
- Improper error handling and logging;
- Coding mistakes, such as wrong XML parser configuration in Java that may lead to XSS attacks;
- Improper API configuration.
The risk of these errors can be mitigated by implementing strict configuration rules. Another good practice is to adopt a zero-trust architecture based on the principle “never trust, always verify.” It means that the trust within the corporate network is never granted implicitly. The zero trust approach implies using strong authentication, minimum privileges, granular access, and other techniques described in detail in the NIST Special Publication 800-207.
Tune your Java apps for enhanced security!
Although no solution guarantees 100 % protection from all cyber threats, the best risk mitigation techniques include:
- Regular software updates;
- Granular access to system components;
- Implementation of bleeding-edge security solutions;
- Awareness about the emerging dangers.
Find even more case studies, surefire recommendations, and valuable techniques for protecting your applications in our Java application security guide.