Biggest Cybersecurity Challenges in 2022

The last couple of years has been far from ordinary, both for cybersecurity and business in general. The COVID-19 pandemic has permanently changed how business is done, and cybercriminals have adapted to these changes, tailoring their tactics to the new reality.

While 2020 and 2021 have been exceptional years for cyberattacks, there is little indication that things will return to “normal” in 2022. Instead, cyber threat actors have tried new tactics and techniques, found them successful, and added them to their core arsenal.

In 2021, several cyberattack campaigns and cyber threat actors became household names as the impacts of cyberattacks were felt far beyond their target companies. The modern threat landscape comprises more significant, flashier, and higher-impact attacks as cybercrime becomes increasingly professionalized and cyber threat actors look to extract maximum value or impact from their attacks.

Below, we look at the significant challenges that businesses face through 2021 and what they can expect in 2022. 

Biggest Cybersecurity Challenges in 2022

Increase in Cyberattacks

Every year, specific threats multiply as cybercriminals focus their efforts on a particularly compelling or lucrative attack technique, such as ransomware or crypto-jacking. However, one of the most worrying trends in 2021 was the growth of cybercrime across the board.

In 2021, the total number of cyberattacks increased by 50% year over year. However, certain areas were harder hit than others, with education, research, and healthcare bearing the brunt of the damage. This indicates a focus by cyber threat actors on the areas that are rapidly growing more reliant on technology and least prepared to protect themselves against cyber threats.

Such rapid growth in attacks bodes ill for 2022. As cyber threat actors refine their techniques and leverage machine learning and automation, the number and impacts of attacks are only likely to grow.

Supply Chain Attacks Are on the Rise

Supply chain attacks rose to prominence in late 2020, grew through 2021, and are likely to continue to be a major threat in 2022. In December 2020, the discovery of the SolarWinds hack led to this trend. 

Threat actors compromised SolarWinds’ development environment and inserted backdoor code into its Orion network monitoring product. The discovery of the Sunburst malware kicked off an extended investigation that uncovered not only the details of the SolarWinds hack but also multiple malware variants and an attack campaign that impacted over 18,000 public and private sector organizations.

SolarWinds kicked off a surge in supply chain attacks that continued throughout 2021 and into 2022. Another high-visibility supply chain exploitation in 2021 was the Kaseya attack, which leveraged the relationships between managed service providers (MSPs) and customers to distribute ransomware using MSPs’ remote monitoring and management software. A few months later, an attacker with access to the npm account of a widely-used library modified the code so that malware was installed on the systems of anyone who downloaded and used the malicious version of the library.

While these and other 2021 supply chain attacks had a far-reaching impact, the most famous is likely the exploitation of the Log4j zero-day vulnerability. Log4j is a widely-used Apache logging library, and the zero-day vulnerability allowed an attacker who could control the contents of log messages or their parameters to achieve remote code execution. This “Log4Shell” flaw was widely exploited, with Check Point Research detecting about 40,000 attempted attacks within two hours of it becoming public and over 830,000 attempts within the first three days.

The high-profile supply chain attacks of 2021 have demonstrated that it is a viable and potentially profitable attack vector for cyber threat actors. Going into 2022, cyber threat actors are likely to expand their use of supply chain attacks to amplify the reach and impact of their attacks.

3. The Cyber Pandemic Continues

The COVID-19 pandemic drove a dramatic shift in how business was done. Instead of employees primarily working from the corporate office, a much greater percentage of the workforce is working remotely and is likely to continue to do so for the foreseeable future.

The pandemic kicked off a cyber pandemic as cyber threat actors adapted to and took advantage of changes in corporate I.T. operations. For example, the Rise of remote work made employees’ computers – often personal devices – a company’s first line of defense. 

Two years into the pandemic, little has changed. Many companies are still supporting a mostly or wholly remote workforce, and cloud adoption is growing. As cybercriminals continue to take advantage of the vulnerabilities and secure gaps caused by this rapid I.T. transformation, companies struggle to secure their systems and protect corporate and customer data.

4. Cloud Services Are A Primary Target

With the pandemic-inspired shift to remote work came a rapid adoption of cloud-based infrastructure and services. Software as a Service (SaaS) solutions closed crucial gaps – such as the need for online meetings and file sharing – and cloud-based infrastructure was more accessible and easier to manage by a remote workforce.

Since the rapid shift to remote and the cloud in 2020, companies have had the opportunity to close many of the biggest security issues caused by a rapid transition with little or no planning. However, some cloud security gaps remain, and cyber threat actors continue to work to outpace security personnel in taking advantage of the newly vital role that cloud computing holds in modern business.

Many of these attacks target vulnerabilities in the cloud infrastructure itself, allowing an attacker to exploit many targets with a single vulnerability. For example, in September 2021, the OMIGOD vulnerability was discovered. The exploitation of Microsoft’s Open Management Infrastructure (OMI) software agents embedded within Azure VMs could have enabled attacks against up to 65% of Azure customers until it was patched.

OMIGOD was not the only security issue discovered in Azure in 2021. In August, the ChaosDB vulnerability provided complete control over Azure Cosmos D.B. clients’ cloud resources through a compromised key. Azurescape targeted Azure’s Container as a Service (CaaS) offering and enabled exploitation of other customers’ Kubernetes clusters within the same public cloud service. While Azurescape was patched before it was exploited, the potential fallout could have been significant.

Azure is not the only cloud service that suffered from vulnerabilities and attacks in 2021. A vulnerability in Google’s Compute Engine (GCE), used in Google Cloud’s Infrastructure as a Service (IaaS) offering, could have allowed complete takeovers of hosted V.M.s. HTTP header smuggling can attack AWS’s API Gateway and Cognito (authentication provider) to evade access restrictions and perform cache poisoning. A configuration error in AWS permissions could allow AWS support personnel to read data stored in S3 buckets rather than just the metadata.

With increased cloud adoption comes increased scrutiny, both by ethical hackers and cyber threat actors. 2021’s example shows that it is likely that more cloud security issues will be discovered in 2022 and beyond.

5. Ransomware Attacks Are on the Rise 

Ransomware rose to prominence with the Wanna Cry outbreak in 2017. Since then, many ransomware groups have emerged, making it a top-of-mind and expensive threat for all businesses.

In 2021, ransomware groups demonstrated their ability and willingness to impact organizations beyond their direct targets. The Colonial Pipeline hack is the most obvious example of this, as the Dark Side ransomware group caused a weeklong shutdown of one of the main pipelines servicing the U.S. East Coast.

However, Colonial Pipeline, while possibly the most visible ransomware attack of 2021, is far from the only one. Another episode in the same month targeted JBS S.A., the biggest meat processing company in the world. This attack had global impacts, causing shutdowns of plants in the U.S. and abattoirs in Australia, resulting in cancellations of 3,000 workers’ shifts and layoffs of 7,000 employees.

Beyond these high-profile attacks, ransomware groups also heavily targeted the education and healthcare sectors. These attacks caused school closures, loss of sensitive educational and healthcare information, and the delay of elective and non-emergency medical procedures. Additionally, multiple attacks by hacktivists caused public disruption in Iran by targeting railways and gas stations.

Ransomware attacks have proven to be effective and profitable for attackers. Unless this changes, they will continue to be a leading cyber threat to organizations.

6. Mobile Devices Introduce New Security Risks

Another impact of the shift to remote work was the widespread adoption of Bring-Your-Own-Device (BYOD) policies. By allowing employees to work from personal devices, companies may have improved productivity and employee retention and lost vital security visibility and the ability to respond to infections that threaten corporate systems and solutions.

The upswing in mobile device usage has made cyberespionage tools like Pegasus more effective and dangerous. Developed by the NSO Group, the malware uses several zero-click exploits to gain access to target devices before taking them over and collecting data from various sources (texts, phone, email, etc.). Pegasus is officially available only to governments, law enforcement, etc. but has a history of being abused to target journalists, activists, government officials, and business executives. Inspired by Pegasus’s success, Cytrox, a North Macedonian country, now offers a similar tool called Predator, and this threat is likely to spread to familiar cyber threat actors.

In 2021, cybercriminals adapted their tactics to take advantage of growing mobile adoption. As a result, several mobile malware Trojans have emerged, including the FlyTrap, Triada, and MasterFred malware. These mobile Trojans take advantage of social media, weak app store security controls, and similar techniques to gain access and the necessary permissions on target devices.

Mobile malware and cyber threat actors have also adopted Smishing tactics, sending phishing content over SMS messages rather than email. The FluBot Android botnet is notorious for this, even using a text message about a fake FluBot infection to spread itself. Smishing attacks have caught on because they require few technical skills and are relatively inexpensive, with phishing kits selling for $50-100 US.

Mobile devices have become a new front in the fight against cybercrime. Mobile security is a vital part of a corporate cybersecurity strategy for modern business.

Which sectors are at risk?

Almost all sectors are at risk when it comes to cyber threats, some more than others. This case may include the healthcare sector. This sector was highly attacked in 2021 and will also be targeted in 2022.

Nowadays, data breaches are a going threat to organizations. But during the pandemic situation, healthcare companies had invested in a security, even though they had poor relations in cybersecurity till now. Employees and patients remain the primary target for cybercriminals.

When we come to the education sector has also seen dark times during pandemics. The Rise of online courses became a gold mine for hackers. This case will still be in 2022. The education sector is often the target that is not secured enough.

Including this, the financial sector will remain under attack, with phishing and malware data breaches being widespread in this industry.

Defending Against Evolving Threats in 2022

2021 demonstrated that cyber threat actors adapt their techniques to fit a changing world and reflect a maturing industry. Instead of remaining in the shadows, cybercriminals are pulling off massive supply chain attacks with global impacts, disrupting key industries with ransomware attacks, and molding their tactics to an increasingly mobile and cloud-centric workforce.

In 2022, companies can expect to face sophisticated attacks that target every part of their I.T. infrastructure, especially where they are weakest. Companies lack crucial visibility and control in the cloud and on BYOD devices, so those are cybercriminals’ prime targets.

Defending against modern cyber threat campaigns requires responding quickly and correctly to rapidly-evolving attacks that can strike anywhere within an organization’s I.T. infrastructure. Organizations need comprehensive security visibility, access to real-time threat intelligence, and integrated security architecture to support automated and coordinated threat prevention and response across the entire corporate I.T. infrastructure.


 

Comments

Post a Comment

Popular posts from this blog

What damages could one claim in a data breach?

Image
What damages could one claim in a data theft lawsuit? The answer depends on the circumstances of the case. For example, it may be possible to claim that the company was negligent in handling patient data or that the company had no idea that the information contained in the systems would be vulnerable to hackers.  In addition to the breach itself, there may also be other damages associated with the leak, such as the cost of forensic investigations after the data was stolen. Further, the victim may have to hire credit monitoring services and spend time recovering from the incident. Finally, if the defendant knew of the breach, it may have taken appropriate measures to prevent fraud or other losses.  In these cases, the plaintiff may claim that the company knew of the risk but failed to take action or was unaware of the breach. Medical Identity Theft As medical records are increasingly shared online, more people may be at risk for medical identity theft. In such a situation, the ...
Read more

E-book | How IAM Technology brings HIPAA compliance

Image
The impact of medical identity theft on healthcare providers is considerable in terms of business loss, regulatory penalization and reputational damage. Since the implementation of the  Health Insurance Portability and Accountability Act (HIPAA)  in 1996, there has been exponential and constant adoption of digital capabilities within the healthcare industry. Such capabilities include  maintaining patient information in a number of scattered sources, usage of mobile technology to access sensitive information by clinical staff, access to payment-related information by administrative staff, a repository of numerous patient health records in the custody of lab managers and so on . Identity and Access Management (IAM) Technology  fits the requirements of any healthcare establishment to comply with HIPAA. In addition to various automated mechanisms such as audits, notifications, password self-service, strategically aligning business goals to identity management, acces...
Read more

Testing IT Risks in Healthcare IT Systems

Image
  With a strong foundation for an information security framework, organizations need to put the basics in place and then evolve. In a healthcare setting a reasonably practical IT Security strategy to eliminate all possible cyber security risks is not usually possible. Given the extent of access required by various clinical and lab, the staff keeps changing, the dynamics of the IAM framework in a healthcare setting is quite different. In addition to the brick and mortar, IT fixes – to discover and close any possible loopholes. Keeping this in perspective, a smart and very simple risk assessment strategy safeguard a possible attack into the system. Risks in cyberspace (IT Security aspect) in hybrid healthcare IT System emerges from users, devices, applications and IT connections. Depending on the load on threat points, each organization has a different set of challenges while coming up with an IT System that is 100% foolproof. On top of IT Security considerations there are some areas...
Read more