The previous year was a big one for cybersecurity. Amidst the rampant ransomware attacks that saw critical attacks on the supply chain, double extortion, the continued rise of Ransomware as a service (RaaS), and the emergency patching of critical software and firmware, cybersecurity professionals were kept very busy.
Before we look at the coming year and speculate on trends, it is important to know what happened last year in terms of cybersecurity as a whole. We will examine some stats below:
The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
Ransomware strains have increased dramatically as well, with 130 different strains detected in the previous year by VirusTotal’s report. A couple of interesting facts about this:
The GrandCrab ransomware family was the most prevalent at 78.5% of all samples received, according to VirusTotal.
95% of all the ransomware samples are Windows-based executable files –or dynamic link libraries.
Major industry targets of ransomware last year included:
business, professional and legal
Financially, ransomware payout increased in 2021 over 2020. In the first six months of 2021, there was $590 million in ransomware-related activity, according to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). According to FinCEN, there was only $416 million in ransomware-related costs the previous year.
Cybercrime was not invented in 2021, and it will not end in 2022. Based on current trends we have observed, we expect to see the following trends become prominent in 2022.
A Wider Attack Surface
The pandemic created a sizeable attack surface for hackers to target. The tremendous growth of work from home, personal devices used on the corporate VPN has created tremendous holes in network security. Moreover, we are more mobile than ever, and more mobile devices are playing a larger role in business. Mobile malware and IoT exploits are on the rise leading to a sizable area that organizations have to cover in order to protect assets. If you work from home, try to get a count of how many devices you have on your personal network. These can be small IoT devices such as doorbells, smart lights, fridges, etc.. to other internet devices such as videogame consoles, laptops, tablets, phones or access points. How many of these are secured?
Hackers know that people are working from home, and are attacking easy targets in order to break into corporate networks.
We are also observing that there is a shift from attacks being endpoint focused to becoming cloud focused. More and more users are turning to the cloud and thus, the cloud is become an increasingly valuable target.
The “great resignation” is in full force and analysist predict that this phenomenon will accelerate in 2022. This is impacting nearly all industries and its effects have just started being felt. Sadly, IT is not spared from this and there will be expertise shortages in cloud, security an infrastructure as well. According to Forrester research, one in ten security professionals are leaving the industry – it is being called the ‘brain drain.’ This is on top of the existing shortage of experienced workforce to begin with. To make matters worse, a CISO turnover is overdue, as many have stayed in their existing jobs longer than average due to the pandemic timing.
Cybersecurity is hard and professionals are tired. We are fighting a shadow war and we don’t have a lot of support. It requires constant diligence and many in this industry are leaving because of burnout.
Increase in Third Party Attacks
Nearly every organization uses third party vendors to handle everything from software, to data support and various other services. With the larger arsenal of tools for operations as well as for security, third party vendors have become a larger target for attackers. It is becoming increasingly harder to manage the security gaps in all of the services that are available and hackers continually find ways to breach these systems. Expect a rise in attacks on third party software providers in 2022.
Targeted Ransomware Attacks
Ransomware will continue to skyrocket in 2022. Count on it. Many experts however, predict that ransomware attacks will become more targeted this year. More attackers will be selective of where, when and how they target specific organizations. As ransomware continues to climb in popularity, it also presents an opportunity for attackers with additional motives to hide malware in the process. These attacks are often well-planned over multiple months so as to maximize the damage and thus impact their payout. The attacks that targeted Solarwinds, Microsoft Exchange, and even the recent Log4J proved this to be true.
With the Microsoft Exchange attacks last year, we noticed a disturbing new trend: the development of automation tools that scan the Internet and automatically infect targeted machines. These automated tools could be used to install ransomware or advanced trojans for further exploitation later on. Not long after the Exchange hacks of 2021, security researchers noticed automated tools being developed for recent exploits. They were extremely effective. We predict that 2022 will see the continued use of these types of tools and as soon as an exploit is released on the Internet, there will be tools developed that will be able to scan for and automatically infect targeted machines. This will require cybersecurity personnel to be constantly on their guard to make sure that systems are patched and updated the moment an exploit is released.
End of the year update
As we approach the end of the year, we see that many of the trends predicted have indeed come true. New threats are continually on the horizon and companies need to start taking a serious look at their security posture as more advanced techniques are being deployed.
Recently, I shared in a security round table with other leaders in cybersecurity. Our responses can be found here. It’s worth a read to see what other cybersecurity professionals are seeing.
Contact online now & SAVE 10%
on your first project
Peter Vavrosky has worked in critical network infrastructure and security operations for over 20 years. An advocate for network and computer security, he got his start in the cybersecurity world when hired to pentest corporate websites in Saskatchewan, Canada. Since then, he has worked around the world educating leaders of the importance of cybersecurity and providing resources to help them secure their important data.