Mend’s Trends for 2023

At this point, it’s not too much to say that open source software runs the world. The GitHub Octoverse 2022 report shows that 90 percent of companies use open source, which appears in the vast majority of applications today. That popularity has driven increased attention from threat actors, who operate by the principle, “If it’s important to you, it’s important to us.” The surge in malicious activity in the open source space, along with an ongoing rise in open source vulnerabilities, represents a significant risk to organizations today.?

But what about tomorrow? The threat landscape constantly shifts as cybercriminals innovate and evolve their craft. With that in mind, we asked several Mend experts for a little insight into what they expect to see in the coming year -– and some ideas on how to prepare.?

Jeff Martin, VP of Outbound Product, Mend

Prediction:

In 2023 and beyond, we’ll start to really see a cybercrime AI arms race take shape. The use of AI for data pattern recognition —? for antimalware, antivirus, and traffic monitoring — is critical to r accurately identifying undesired behavior. On the flip side, bad actors are utilizing it for similar purposes, such as identifying weaknesses or even to create more effective phishing emails. Because it is unfortunately easier (and less expensive) to attack than to defend, we’ll see the bad actors benefiting more from AI on balance.

How to respond:

To prevent hackers from getting the upper hand, it will be crucial for defenders to ensure they’re handling the basics — known vulnerabilities, user education, zero trust frameworks and the like — to ensure that these more effective bad actors have a tough time finding anything to leverage into a breach.

Chris Lindsey, Sr. Solutions Architect, Mend

Prediction:

Over the course of the next year, we will unfortunately see more vulnerabilities like Log4j and Spring4Shell being exploited. A big trend that we’re noticing today is that malicious actors are buying up and changing the names of popular open source URLs, so a simple typo can go from directing you to the right thing to a malicious site — an attack vector known as typosquatting.

How to respond:

Having a good static application software testing (SAST) tool that quickly alerts you when it comes across malicious activity can help defend against these threats.

Prediction:

From an application security standpoint, we’re going to see open source getting more compromised. Cyberattacks will continue growing in frequency and scope.

How to respond:

If organizations adhere to good programming standards and app design, they can significantly reduce their chances of becoming the next victim.

Keep reading ?? go.mend.io/3jQzbAR