2022 and You: Cybersecurity Threats and Trends

It’s that time of year once again – to take a look ahead at what we can expect in cyber threats and cybersecurity trends for the new calendar year. The effects of the global pandemic continue to impact not just our health but our global economy, and cyber-attackers are just as persistent as those fighting for our wellbeing. Not surprisingly, ransomware is expected to remain a top cybersecurity threat for businesses worldwide. As supply chain challenges grow due to the pandemic, attackers are expected to also grow, evolve, and further automate attacks against suppliers. Vigilance is crucial, layered security is key, and even traditional methods of prevention have an important role to play in defending against these cyber attack trends – provided we are doing our part in keeping them tuned and our cybersecurity programs current.

Attackers Grow Cyber Threat Operations and Monetize Services

Development Operations in criminal enterprises will continue to proliferate as attacker tools grow in demand. CyberArk Labs anticipates malware as a service (MaaS) to be as popular as legitimate software, with cloud infrastructures used to develop exploits in much the same way businesses use them. Mandiant reports that this activity will become more complex due to “outsourcing in malicious operations via mechanisms such as ransomware affiliate programs, exploit vendors, commercial contractors, malware vendors and freelancers,” with no signs of slowing down in 2022.

However, CyberArk states “[j]ust like any other enterprise, they’ll face new security challenges in managing multi-tenant SaaS applications, securing remote access to sensitive systems and data and more.”

Zero-Day Cyber Attack Trends Using Open-Source Software and Ransomware

Security research firms like CyberArk Labs also expect an increase in cybersecurity threats against open-source libraries, which often go undetected and can be executed quickly. These attacks can allow for 1.) credential theft and 2.) access to create backdoor functions to install ransomware, which in turn is expected to continue to trend upward. Ransomware has become a lucrative business, with criminals operating from locations outside legal jurisdictions. Mandiant reports that attackers will continue to leverage multiple extortion in ransomware attacks and will even try to recruit insiders to carry out the ransom demands.

Deepfakes for Cyber Threat Trends Compromising Business Emails 

“Deepfake” is a combination of “deep learning” and “fake”. This method of manipulating media started in 2017 using new artificial intelligence technology to create videos or photos of people doing things they didn’t actually do. It has quickly grown and improved in sophistication – to where it is expected to be used to bypass authentication and identification systems as well as facilitate business email compromise schemes and social engineering attacks. Mandiant’s report states that “the effectiveness of deepfakes in information operations has been discussed in the cybersecurity community, but state sponsored and financially motivated actors have also demonstrated growing interest in this technology.”

Many Traditional Protection Methods Against Cybersecurity Threats Are Still Effective

The fact that cyberattacks continue to grow in sophistication does not necessarily mean we have to abandon how we’re currently protecting our technology environments. For starters, we must remain vigilant. It is imperative that everyone understands the cyber threats that could impact business operations and how to best defend against them. It is also imperative to maintain focus on the traditional protection methods and ensure they are configured for optimal effectiveness¹:

1. Social engineering/security awareness training.

   Conduct ongoing cybersecurity awareness training to help reduce the risk of individuals inadvertently providing access credentials or clicking on malicious links or attachments. This is a critical component of any comprehensive information security program.

2. System access reviews.

   Periodic review of the account creation process, as well as a review of privileged accounts, can help ensure the principle of least privilege is being followed. Enforce the requirement to create unique passwords. Ransomware commonly spreads due to the re-use of local administrator passwords or compromised privileged accounts.

3. Vulnerability/Patch Management.

   Proactively scan for, and address, vulnerabilities in your systems. Devices in your environment should have the latest security updates (patches). Annual reviews of patching policies and procedures should be part of your risk assessments.

4. SIEM. (Security Information Event Management)

   Implement a Security Information Event Management system to alert you to any changes in the environment that can point to a potential spread of ransomware. This includes alerting when employees open malicious attachments, monitoring for known ransomware file extensions, and configuring alerts for an excessive number of files being renamed or encrypted.

5. Air-gapped backups.

   Protecting backups from ransomware is a critical concern. Ensure your critical system/data backups are stored offsite in a network that's completely separate from your production network.

Your risk appetite is the ultimate measure of preparedness. Having proactive measures in place depends on the cybersecurity threats to your business and your tolerance for disruptions.

Source:

¹ The Wild World of Crypto Ransomware Payments