How to dodge – and neutralise – cyber attacks in 2022
The year 2021 has been one of transition for global businesses. After the second wave, companies focused on revamping workplace security to factor in the changes that the work-from-home model had necessitated.
Considering the lingering concerns of future waves, businesses are now more intent on keeping flexibility intact and being prepared to switch between office and home working. Thus, there is a greater need for hybrid office infrastructure and mobility that allows any device, any location working.
With such objectives, frameworks like Zero Trust and Secure by Design have made the biggest impact in 2021.
Another major trend of 2021 was the focus on cloud challenges and cloud security. Multi-cloud deployment has made operations simpler and security setups more challenging.
The threat landscape, hence, continues to expand, with cyber attacks becoming more sophisticated and complex. No wonder that the year 2021 saw a staggering increase in cybercrimes.
An intelligence report by global cybersecurity leader CrowdStrike reveals an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.
People Matters gathers insights from industry experts on cybersecurity threats that will likely give leaders and cybersecurity teams nightmares in 2022, and what companies can do to respond effectively.
Ransomware will continue to rise
Over the years, the threat actors have continued to change their tactics, techniques, and procedures (TTPs).
In 2022, it is expected that Ransomware-as-a-service (Raas) will evolve more.
“Threat actors will continue to use ransomware to extort money and target the healthcare, and Industrial Control Systems (ICS) or, in other words, organizations present in operational technology (OT) space, as the probability of successful extortion of money, is higher as it directly threatens human life,” says Anshuman Sharma, Senior Manager and Head of Investigative Response, APJ, Verizon, a technology solutions company helping empower enterprise and medium-sized businesses to drive scale and growth.
As per Cyberthreats Report 2022 by cyber protection company Acronis, ransomware is one of the most profitable cyberattacks at the moment and continues to grow and evolve despite US and Interpol/Europol efforts.
“Ransomware will expand further to macOS and Linux, as well as to new environments such as virtual systems, cloud, and OT/IoT. Anything that is connected to a reachable network is a potential target. This will increasingly lead to consequences and impacts in the real world, and thus also to more demand for official regulations and sanctions. Stealing data for double extortion as well as disabling security tools will be the norm; but it will also become more personal with insider threats and personal data,” says the report.
Cryptocurrency to be attackers’ favorite
With the price of Bitcoin at an all-time high, attacks are increasing with threat actors following profits.
End users have struggled with phishing attacks, infostealers and malware that swap wallet addresses in memory for quite some time. “We expect to see more of these attacks waged directly against smart contracts —attacking the programs at the heart of cryptocurrencies. We also expect attacks against Web 3.0 apps to occur more frequently in 2022. These new markets open new opportunities for sophisticated attacks (e.g., flash loan attack), which may allow attackers to drain millions of dollars from cryptocurrency liquidity pools,” says the Acronis Report.
Phishing for Business Email Compromise (BEC)
In 2021, phishing remained one of the top action varieties in breaches and had done so for the past two years.
Vishak Raman, Director, Security Business, Cisco India & SAARC, says phishing emails and scams may continue to target individuals and corporate offices this year. “The accelerated roll-out of 5G and IoT services will also give rise to cyberattacks on digital networks and services,” he adds.
“This increase can be attributed to work-from-home arrangements for most of the workforce worldwide as stay-at-home orders went into effect. When examining breaches (Verizon DBIR 2021) that included a reported loss, 95% of BECs fell between $250 and $985,000, with $30,000 being the median,” says Sharma of Verizon.
The Acronis report adds that phishing will continue to be the main infection vector.
Malicious emails and phishing in all variations are still at an all-time high. Despite constant awareness campaigns, users still fall for them and enable the attacker to compromise their organization.
“We don’t expect AI to fully take over phishing emails in 2022, but instead expect increased automation and personalized information with these various data breaches, making them more effective. New tricks against OAuth and multi-factor authentication (MFA) will continue to generate profit for attackers, allowing them to take over accounts, despite plans from companies such as Google to auto-enroll 150 million users to 2FA. In order to bypass common anti-phishing tools, attacks such as BEC will make use of alternative messaging services, such as text messages, Slack, or Teams chat. This goes hand-in-hand with the hijacking of legitimate email distribution services, as for example in November, when the FBI’s own email service was compromised and started sending spam emails,” says the report.
Cloud Infrastructure to be targeted more
Cloud Infrastructure will be targeted more as many organizations continue their journey towards cloud migration as part of the digital transformation journey, cloud assets will be more common than on-premises ones, says Sharma.
“API attacks Cloud services are booming and so are serverless computing, edge computing, and API services. In combination with container orchestrations like Kubernetes, processes can be efficiently automated and dynamically adapted to various circumstances. Attackers are trying to disrupt this hyper-automation by going after such APIs, which can seriously impact the business processes of a company,” adds the Acronis Report.
Supply chain attacks will be lucrative to cybercriminals
Due to the scaling prospects, supply chain attacks will be lucrative to cybercriminals. Sharma says Kaseya supply chain attack leveraged REvil ransomware group to compromise thousands of organizations. Due to the shear impact and quantity that can be impacted, it is expected that the supply chain attacks will continue to increase in 2022.
Data breaches for everyone
Despite the increase in data privacy regulations, the number of reported data breaches will also continue to increase.
As per the Acronis Report, this is not just because they have to be reported, but because of the complex interactions and IT systems. “Many companies have lost the overview of where all their data is and how it can be accessed. And automated data exchange from IoT devices and M2M communications increases the spread of data further. Unfortunately, we expect to see many large-scale data breaches in 2022. These data leaks will enable attackers to enrich their target profiles easily,” it adds.
Adversarial attacks in AI
As Artificial intelligence (AI) is more frequently used to detect anomalies in IT systems and automatically configure and protect any valuable assets in them, attackers increasingly will try to attack the logic within the AI model.
“Being successful at reversing the decisions inside the AI model can allow an attacker to remain undetected or generate a denial-of-service attack with an undesired state. It may also allow them to identify timing issues, whereas slow changes are not seen as anomalies and thus are not blocked,” the Acronis Report adds.
Staying safe in 2022
To effectively protect their entire workloads across the complex ecosystem of cloud, office, and home office, organisations require efficient solutions that integrate cybersecurity with data protection, as well as management and monitoring of endpoints.
Murtaza Bhatia, Sales Director, Cybersecurity, global technology and services provider NTT in India, says as we move into 2022, some trends will dominate the landscape.
- Greater usage of automation, AI and ML based tools and technologies to fight the increasing sophistication of ransomware threat.
- Businesses will find multi-cloud posture management a lot more challenging especially in the area of uniform security policy enforcement across on-premises and cloud environments.
- The advanced nature of threats and vulnerabilities will make observing and managing challenges more daunting. Outsourcing to expert Security as a Service providers will gain momentum.
- There will be greater discussions on the switch from a proactive to predictive approach for security review, tech and operations. We will also see the rise of AI and ML automation with SecOps adoption across the board.
According to a Cisco study, over one-third of cybersecurity technologies used by Indian companies are outdated. “Implementing practices such as Passwordless Authentication and multi-factor authentication, built on the foundation of a comprehensive Zero Trust strategy will help build a strong security posture for companies in the modern cloud-first and application-centric world,” says Raman of Cisco India.
Sharma of Verizon says organizations should implement policies and technical controls. Some of the recommended technical controls include patching third-party applications as soon as possible, testing and validating data backup processes, deploying File Integrity Monitoring (FIM) solution and Deploying Group Policy Objects (GPOs) to block executable files and disable macros.
“Organization should define and develop risk management strategies for the suppliers. Additionally, the organization should strengthen threat intelligence and leverage it to conduct threat hunting. Implement Endpoint Detection & Response (EDR), Network Detection and Response, deception solutions, and focus on the vulnerability management program,”he adds.
To be better prepared for the threats, businesses must favor security vendors who provide wider security coverage under one product or umbrella of products. “This helps to minimize supply-chain attacks, and allows faster reaction and recovery, which are crucial for keeping businesses up and running. Cybercriminals are profit-driven and will try to maximize their gains by automating their business and attacking companies where they are most exposed. They aggressively pursue each opportunity that they can find, and so it is therefore key to have strong authentication with MFA, timely patching of vulnerabilities, and visibility in place across the whole infrastructure,” says the Acronis Report.