In 2021 cybersecurity professionals faced the same vulnerabilities and attacks as decades before, just more nefarious, persistent, and far-reaching. Ransomware is everywhere, critical infrastructure is vulnerable, and security teams struggle with finding talent.
Cybercriminals are more profit-motivated than ever going into 2022. Expansion of edge and satellite devices plus working from home have exponentially expanded the global threat surface. The good news on the defense is that many businesses have become savvy to build cyber-resilience into their business operations. Here are ten prominent features of the 2022 threat landscape.
Unfortunately, phishers will continue to leverage that *&$# virus as an effective social engineering tactic in 2022.
Phishing emails masquerading as healthcare professionals or government officials offering pandemic information are continuing into 2022. According to CISA, "Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware." Sales of fake vaccine certificates also generate cash flow for counterfeiters.
In response, security-conscious organizations have improved employee cybersecurity awareness training, including aggressive pen-test like internal phishing campaigns.
In 2022 cyberattack targets range from your lost smartphone to crypto wallets, IoT, edge devices, and satellite gear. Researchers have discovered EATs for Edge Access Trojans that infect edge devices. EATs are concerning given edge devices often have elevated privilege, access to APIs and can be used as pivot points within a network from the edge.
Using 'find my device' phishing kits, threat actors have developed scams mimicking features to track and locate misplaced digital devices. The attack workflow informs victims that 'by clicking the link', they can log into their account to find the device location. Once the threat actors access the victim's account, they disable any 'find my device' features and wipe the device for resale.
DDoS (Distributed Denial of Service) attacks continue to attack IoT (Internet of Things) devices. These attacks are becoming increasingly persistent and, in conjunction with the growth of mobile networks, give attackers a broader attack surface and are expected to spur a new wave of DDoS attacks.
Expect attackers to escalate attacks on crypto wallets. There is much value in cryptocurrency and digital wallets now. Stealing bank credentials to siphon funds has become too complicated than attacking digital wallets and cryptocurrency, where funds are relatively easy to transfer.
Unfortunately, ransomware has generated significant profit for cyber-gangs which motivates more in 2022. Zerofox reported that in Q3'21, 47% of observed cybercriminal underground forum events focused on ransomware. 40% was dedicated to data breaches or network access which can lead to ransomware events.
Ways cybercriminals are turning a profit:
Ransomware attacks are everywhere, and threat actors are introducing updated extortion tactics. According to the Zerofox threat landscape review, in Q3 2021, 75% of observed ransomware and extortion attacks were carried out by one of only ten groups, including Hive, Conti, and Lockbit. In July 2021, a new cybercrime forum dedicated to data leaks and ransom actors called RAMP for Ransom, Anonymous, Market Place emerged on the Tor domain.
In 2022, ransomware is expected to become more aggressive as threat actors add destructive capabilities to create new threats. They will be holding systems for ransom and probably doing their best to destroy a few to demonstrate their abilities and stoke fear.
Cryptocurrency remains the favored method of ransom payment. In an effort to prevent victims from complying with threat actor demands, the US Dept of Treasury drafted sanctions for organizations who choose to pay using the SUEX exchange.
According to CISA, critical infrastructure "describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety." The Colonial Pipeline attack was a stark wake-up call as to vulnerabilities in OT systems and the socioeconomic impact a successful infrastructure attack could have.
The good news is that there are now proven tools and processes enabling companies to evolve from a security mindset to one of building cyber-resilience into their information systems. Cyber-resilience refers to an organization's ability to discover quickly, respond and recover from cybersecurity incidents. Businesses are taking a holistic risk-based approach to build resilience from the inside out as an integral part of their people-and-technology infrastructure.
Security savvy organizations receive value from tools like pen testing to identify holes in their cybersecurity posture and fix them proactively. Vulnerabilities are often found in things like 'unintentional' security misconfigurations. Pentesting can be a game-changer by finding those types of errors that can be quickly addressed.
Twenty years ago, no one wanted to talk about their cybersecurity events. Given the reality that all systems are facing the same threat landscape, information sharing is vital. In 2022, businesses are leveraging an industry or regional information sharing and analysis organization (ISAO) to crowdsource cybersecurity information. The threat landscape evolves rapidly, and organizations need to share information to respond to risks as close to real-time as possible.
Security organizations are cultivating the next generation of cybersecurity professionals by looking for aptitude and developing hands-on and certification programs. Holding advanced certifications is one-way businesses and individuals are demonstrating their expertise.
There are only so many 'heavy' cyber-pros with 10+ years of deep experience to go around. And the ones you can find are expensive. Companies that are large enough and businesses that specialize in cybersecurity services are developing new engineering talent with the interest, passion, and aptitude and providing a training platform where newbies can learn from more seasoned cyber-pros as they become experts.
Large organizations sometimes have the capacity to create a cyber-talent farm team when it is compatible with their business model. Most businesses will not have enough internal resources to drive effective cybersecurity and privacy programs. Specialized cybersecurity and privacy consulting and service firms have the resources to both cultivate new talent and offer experienced teams. Outsourcing enables businesses to effectively outsource cybersecurity and privacy risk management while focusing on their primary business objectives.
No doubt 2022 will experience an evolved dynamic threat landscape. As mentioned, the good news is that there are now proven tools and processes businesses are using to build cybersecurity and cyber-resilience into their people-and-technology information management systems. Most companies do not have the internal resources to drive effective cybersecurity and privacy programs. That's where Truvantis can help.
Truvantis is a cybersecurity and privacy consulting organization with comprehensive expertise in implementing, testing, auditing, and operating information security and privacy programs. We specialize in helping our customers improve their posture through practical, effective, and actionable programs—balancing security, privacy, technology, business impact, and organizational risk tolerance.
Whether you want complete risk-based management of your information security and privacy system or need an effective pen testing program, Truvantis can help you.
The Truvantis penetration testing team uses a hands-on approach with custom tools senior cybersecurity engineers. Our experts will guide you through the entire process, ensuring that you feel comfortable and confident throughout the test. We'll begin by helping you develop a penetration testing plan for your specific needs, goals, and system.
If you want real insight into what might be lurking out there and understand how ransomware attacks may breach and propagate within your organization, reach out to a Truvantis consultant today. We'll help you understand what sets us apart from the rest of our industry and help our partners succeed in this complicated, risky world.