2022 was a year full of challenges for IT security. The digital association Bitkom estimates the total damage in this period for Germany alone to be 202.7 billion euros. The cyber attacks on the power grid during the Ukraine war have also fueled fears of a blackout in Germany.
A harbinger was the collateral damage to wind turbines nationwide. But the German economy and authorities were also increasingly in the hackers' crosshairs. The automotive supplier Continental, the chambers of industry and commerce as well as numerous district and local governments have fallen victim to cyber attacks this year.
One thing is clear: cybercrime has become specialized and targeted attacks on companies, organizations and authorities are now part of everyday life.
What awaits us in 2023 in terms of IT security?
In the coming year, ESET security experts expect a further increase in targeted attacks.
“The German economy was under constant attack from hackers in 2022. This will not change in 2023 and will even get worse. Hybrid working models will become a gateway for criminals to enter corporate networks. In addition to the classic vectors such as zero-day attacks or phishing emails, attacks via Teams, Slack and the like are also firmly included in the hackers' arsenal. We see a lot of catching up to do here, especially in medium-sized businesses. Endpoint detection and response, EDR for short, should no longer be a foreign word. Deepfakes are also increasingly becoming a problem for private users and companies. Attacks via CEO fraud or the spread of fake news are possible on a completely different level. The new regulations and guidelines for smart devices and the automotive industry are encouraging. These are a right and overdue step.”
Thorsten Urbanski, IT security expert at ESET
Smart helpers finally no longer a security risk?
The analyst firm Gartner predicts that 43 billion smart devices with an Internet connection will be in use worldwide by 2023. IoT devices - from smart wearables to home appliances, cars, building alarm systems and industrial machinery - have often proven to be a nuisance for IT security managers. Manufacturers often fail to protect these devices with security patches and updates. In their opinion, this was not necessary because in many cases smart devices do not store sensitive data.
But hackers have often used them as a gateway to other networked devices. In recent years, it has become less common for a device to ship with a default password or PIN, for example, without the user having to set their own password. In 2023, a series of government initiatives aimed at increasing the security of connected devices, as well as the cloud systems and networks that connect them all, are set to take effect around the world.
Hackers steal collaboration tool
Hybrid working models have so-called collaboration tools such as Slack or Microsoft Teams firmly integrated into everyday company life. While phishing attempts are also an everyday threat in the corporate environment, criminals will expand their range of attack tools in the coming year and specifically target these programs. Sensitive data can be stolen here because many employees continue to work remotely or permanently.
Ransomware remains a long-running issue
Ransomware has been tyrannizing companies and private individuals for years. Such encryption Trojans are now being used even more specifically by criminals. The business model is and remains attractive. ESET experts are currently seeing a move away from the model of mass distribution towards precise attacks on lucrative targets and towards “ransomware-as-a-service”, in which cybercriminals develop ransomware and rent it out for attacks.
Deepfakes are becoming a danger
In October 2022, a deepfake of US President Joe Biden was circulated. Instead of the national anthem, he sings the song Baby Shark in this video. Such recordings, faked with the help of artificial intelligence, imitate faces and voices in a deceptively realistic manner. Even experienced laypeople are able to manipulate media content such as audio recordings, images and videos using this technology. In the worst case scenario, biometric systems can be overcome. Such attacks are particularly promising for remote identification methods (e.g. video identification).
Deepfake methods can also be used in spear phishing attacks to obtain financial resources or data. Likewise, these methods can be used for disinformation campaigns to create and distribute fake media content from key figures.
“Security by Design” in the automotive industry
Companies in the automotive industry have also increasingly become victims of cyberattacks. Cybercriminals have been targeting production systems and processes, but also vehicle software, for a long time. The automotive industry has already introduced measures to protect vehicle owners' data (e.g. ISO 21434) and is now legally required to do so in Germany. These new standards are also necessary with regard to autonomous driving. But these measures must be continually reviewed and adapted to the current situation.
This example will be followed by other areas where consumer products store and process data. And in the future, manufacturers will also be held more responsible for vulnerabilities in their products in the event of violations.
Source:
Press release
Also read our fact checks on:
“Are vaccines dangerous” – How to use Google incorrectly
Power strips – Really now?
Fact check: Gas freighter Emirate-Germany produces as much CO₂ as all cars worldwide in 5 years
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

