Various kinds of cybercrime-as-a-service (CaaS) offerings, the metaverse, virtual city attacks and money laundering-as-a-service (LaaS) are expected to pose crucial threats in cyberspace next year, according to Fortinet, a global cybersecurity company.
"Cyber-risks continue to escalate as cybercriminals are using more ways to weaponise new technologies at scale to enable more disruption and destruction," said Rattipong Putthacharoen, senior manager for systems engineering at Fortinet.
Some 2% of the global botnet traffic was detected in Thailand, he said.
In 2023, Wiper Malware is expected to enable more destructive attacks, with attackers introducing new variants of this decade-old attack method, said Mr Rattipong.
According to FortiGuard Labs Global Threat Landscape report, the first half witnessed an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 countries outside of Europe.
Malware that may have been developed and deployed by nation-states could be picked up and reused by criminal groups, including for the CaaS model, according to Fortinet.
Apart from ransomware and malware-as-a-service offerings, new "a la carte services" will emerge, he said, noting CaaS offers an attractive business model for threat actors.
Subscription-based CaaS offerings could potentially provide additional revenue streams, Mr Rattipong said.
He said cybercrimes will enable more effective attack strategies that involve reconnaissance. As attacks become more targeted, threat actors will likely hire "detectives" on the dark web to gather intelligence on a particular target before launching an attack.
LaaS, driven by automation, is another threat and it is difficult to trace, said Mr Rattipong.
Cybercriminals use machine learning for recruitment targeting, helping them to identify potential mules in less time.
Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace, he said.
"Regulators need to be stringent in monitoring as LaaS is going to become a mainstream threat," said Mr Rattipong.
Attacks on virtual cities and the metaverse are expected to escalate.
The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet driven by augmented reality technologies, he said.
This opens the door to an unprecedented increase in cybercrime in uncharted territory, said Mr Rattipong.
An individual's avatar is essentially a gateway to personally identifiable information, making them prime targets for attackers, he said.
Mr Rattipong expects Web3, which is the third generation of the Web involving decentralisation and blockchain technology, will become mainstream over the long run.
Users will be able to control their own data, but this also makes them susceptible to cyber-attacks, he said.
"Before Web3 becomes mainstream, we expect to see some regulations coming out," said Mr Rattipong.