In modern conditions, the security of information systems of corporations and government agencies is of particular importance, and in 2023 its role will increase even more.

Kaspersky Lab's DFI (Digital Footprint Intelligence) and DFIR (Digital Forensics and Incident Response) specialists have prepared an overview of threats that will be relevant for this segment in 2023 as part of the Kaspersky Security Bulletin:

- The trend of personal data leaks will continue to grow rapidly. Over the past year alone, more than 1.5 billion records have been publicly available. Considering that users use corporate email addresses to register on websites and services, the attack surface in the infrastructure of companies is increasing. Attackers will not just "merge" databases, but also combine information from various sources, which will cause a wave of more advanced, targeted schemes of social engineering and cyber espionage.

To reduce the risk of such threats, resellers recommend monitoring the digital footprint of the company and its employees, including through continuous monitoring of the open Internet and the darknet.

- The darknet market will become even more sensitive to the news agenda: events in the world will affect what data cybercriminals will put up for sale. Over the past two years, the attackers have perfected the skills of adaptation and rapid response to emerging information flows. 

To protect against incidents related to the sale of information and from targeted attacks on the organization next year, it is necessary not only to keep abreast of global events, but also to monitor their consequences in the world of cybercriminals.

- Blackmail in the media will increase: companies will learn about hacking from hackers' public posts with a countdown to the publication of data. In 2022, the number of publications in such blogs — both on open resources and on the darknet — has grown markedly: during the first 10 months of 2021 - about 200-300 posts per month, by the first half of 2022 - it already exceeded 500. Instead of trying to contact the victim company, the extortionists have already switched to immediately posting messages about hacking on DLS with a countdown to the publication of leaked data and are waiting for the victim's reaction.

- Cybercriminals will publish fakes about hacking more often. Information about a leak published in open sources becomes a tool for media manipulation, and even without a real hack, it can harm the target company. 

It is important to identify such messages in a timely manner and initiate a process to respond to them, similar to responding to security incidents. It includes monitoring publications about leaks or compromising the company on darknet resources and shadow sites.

- Cloud technologies and compromised data from the darknet will become popular attack vectors. More and more companies are moving their information systems to the cloud, and often use the services of external partners for this, without taking proper care of information security. In 2023, cybercriminals will more often buy access to already compromised networks of various organizations on the darknet. This trend is dangerous because the stage of compromising user credentials may go unnoticed. 

To achieve customer and partner loyalty, the corporation must maintain business continuity and implement reliable multi-level protection of critical assets, corporate data and the entire IT infrastructure. But even it does not exclude the risk of compromise, so it is very important to respond to the incident in a timely and correct manner.

- In 2023, the Malware-as-a-Service model will continue to gain momentum, in particular among ransomware. MaaS lowers the threshold for entry into the ranks of cybercriminals: anyone can organize a cyberattack using a cryptographer by renting the appropriate malware. In turn, the number of strains of cryptographers will decrease, and attacks will become more and more of the same type. At the same time, the attackers' tools will become more complicated, and only automated solutions will not be enough to build a full-fledged defense.