Cybercriminals are getting more motivated, organized, and sophisticated in executing attacks. Read our blog to learn about 2022 cybersecurity trends.
The increasing number and severity of ransomware attacks are believed to be among the most significant concerns of 2022. At the same time, the main victims in 2022 are expected to be the critical infrastructure and their supply chains. As cybersecurity experts develop new ways and methods to resist these threats, threat actors become more inventive and engage in more sophisticated attack methods and channels. Sophos Threat Report outlined the main 2022 cybersecurity trends as well as showed the main opportunities for the mitigation threats. Take a quick look at the 2022 security landscape with Planet 9.
Ransomware shows no signs of slowing down in 2022, so businesses should keep their eyes on any of the threat’s manifestations. For those unaware, ransomware is a form of malware that seeks to deny users’ access to data and systems by encrypting the files — thus locking out legitimate users. To unblock the access, criminals usually extort their victims for a hefty ransom. Ransomware will not disappear in 2022, though its business model has gone through some changes.
The point is that ransomware is shifting from a “vertically oriented” model, in which threat actors attack organizations using their custom ransomware, to a Ransomware-as-a-Service (RaaS) when one group builds the ransomware and then rents out its use. In other words, a single ransomware attack may involve several cybercriminal groups responsible for different aspects of the attack. One group might specialize in exploiting vulnerable services like Remote Desktop Protocol (RDP), while another might “buy” access to an organization previously compromised by a different malware group.
If you think that these are all 2022 ransomware updates, then you do not fully understand the scale and complexity of the RaaS threat. The threat actors raised their stakes and created guidelines designed to instruct attackers “affiliates” on the steps required to conduct a ransomware attack. An affiliate of the Conti RaaS service developed such “guidance” in 2021. The ways and methods of delivering ransomware are becoming more sophisticated. Hence, businesses should be forewarned and take all necessary measures to avoid becoming ransomware victims in 2022.
As the cybercrime ecosystem expands, the threat actors narrow their range of activities. To hack big corporations or critical infrastructure objects, cybercriminals should be not only highly-professional and inventive but also less visible. Instead of performing attacks on a “turnkey basis,” criminals are becoming more concentrated on doing small single jobs like developing and renting ransomware or obtaining access to organizations’ networks. Such a tendency provoked the proliferation of a new class of criminals known as “initial access brokers” (or IABs). In other words, these “brokers” make the attackers’ job easier by providing them with initial access to the victim’s environment. To obtain the initial access to organizations’ networks and sell it to other criminals, IABs get and maintain archives of credentials and sell those to ransomware groups looking for a quick (or a big) score. Credential theft happens millions of times a day worldwide, and organizations often do not even know that their credentials are already stored in an IABs “clearinghouse” to be sold onward to other criminal groups. According to SophosLabs’s estimations, the market for IABs will grow in 2022, and these services will continue to feed the ransomware epidemic we’ve been experiencing.
To obtain an organization’s credentials, criminals use nearly every type of malware. However, more interesting are the malware delivery channels. The most frequently used channels are RDPs, commercial remote access, and other remote management tools to support the remote workforce. Since remote working is now an inseparable part of successful business operation, the number of challenges will increase in 2022.
The threats posed by IABs or other criminals can be severe, but the risks they pose are reducible. The root cause of many cyber attacks is initial access through a service that only requires a password. As long as businesses continue to pay little attention to authentication methods, threat actors will continue to take advantage of this. Businesses can effectively cope with many cybersecurity risks by adding multi-factor authentication to every possible endpoint. Putting services like RDP, TeamViewer, or other remote management utilities behind a VPN or zero trust access method, which also enforces multi-factor authentication, is even better. As such, applying advanced authentication mechanisms is a great investment for the safety and security of your business.
2021 has shown a significant breakthrough in how technologists may use Artificial Intelligence (AI) and Machine Learning (ML). At the same time, it became clearer how these advancements may change the perception of cybersecurity in the future. The main 2022 AI and ML trends would be using neural networks and natural language processing technologies to solve security challenges. Notably, researchers at Google and Open AI demonstrated how they use Codex neural networks to produce source code, given human-readable programming prompts. They noticed that a neural network with a million parameters is unable to generate a high-level code that works more than about one percent of the time. But being scaled up to billions of parameters, the network begins to generate working code more than half the time. The key takeaway from this result is that the massively sized neural networks become capable of solving challenges (such as automatic vulnerability identification and patching) that were previously deemed intractable.
While the potential of AI and ML for cybersecurity is huge, it also becomes increasingly accessible by threat actors. For instance, generative adversarial networks (GANs), which can synthesize completely fabricated images, have been significantly improved to become a serious weapon. In 2021, GANs were accessible to non-expert adversaries seeking to wage disinformation campaigns and spoof social media profiles. Furthermore, it’s a matter of time before adversaries adopt neural networks to reduce the cost of generating highly variable malware.
These realities prompt security defenders to investigate leveraging neural networks and natural language processing technologies to better detect malicious code and attacks. Thus, in 2022 and beyond, innovative cybersecurity companies will distinguish themselves by demonstrating new AI and ML applications to solve a wide range of security issues.
The above-mentioned cybersecurity trends demand intensifying the vigilance of experts and induce reconsidering legislation in this sphere. For instance, the attacks on SolarWind and Colonial Pipeline have not only shown the rising threat of ransomware but also underscored the vulnerability of the networks on which the corporations and government rely. In addition, the emergence of GNA, RaaS, and IAB tools has also shown how inventive the threat actors may be. The threats have become “wake-up calls” that raised questions about the national preparedness for the cyber era. Meanwhile, the government’s attempts to mandate cybersecurity changes on the national level were moved off dead points in 2021. Specifically, a long-gestating Executive Order on Improving the Nation’s Cybersecurity, as well as the draft bills Cyber Incident Notification Act of 2021 and the Cyber Incident Reporting for Critical Infrastructure Act of 2021 were introduced. These legal updates are expected to address the known and emerging security threats while we are expecting significant legislation changes in cybersecurity on the national level as early as 2022.
The aggregate picture of the 2022 cybersecurity landscape is challenging. Furthermore, the more advanced the cyber environment becomes, the more sophisticated cybersecurity threats emerge. Hence, the future of a safe cyber environment depends on effective mitigation and prevention methods. To keep updated on the most acute trends and challenges in cybersecurity, keep reading our blog or contact the Planet 9 team. We’ll be happy to assist!