The last year saw cybercrime flourish as working from home presented new attack surfaces and the scrambling to move online widened holes.
We’ve seen ransomware rise in popularity as cybercriminals have added extortion to the list of dangers as well. Now you don’t just have to worry about your data being locked up, but threats that it will be made public as well.
As we move into a new year, ransomware is expected to continue being the most popular sort of attack. Attacks in 2022 however, are likely to be more targeted and even more popular than they have been.
This rings especially true for companies who are making use of cloud services and platforms for web-based applications. We’ve already seen these environments being used as a vector for attack locally and the frequency of these sorts of attacks are expected to ramp up in 2022.
Speaking of cloud, Trend Micro anticipates that cloud threats will increase in 2022.
“Malicious actors are expected to continue to use low-effort but high-impact strategies in gaining access to cloud applications and services. They will continue to wage tried-and-true types of attacks and at the same time carry out ones that use new trends in technology to stay ahead of the game,” states Trend Micro Security.
These “low effort” strategies include using phishing to steal credentials but more worrying is that cybercriminals can and will make use of historic exploits that haven’t been patched.
“Different iterations of previously seen attacks are expected which means that the first line of defense must include a revisit of cloud security basics. If cloud environments are to be defended these basics must be assessed, retested and reemployed. This includes understanding and applying the shared responsibility model, using a well-architected framework, encrypting, patching, and bringing in the right level of expertise, amongst others,” the security firm states.
The importance of cybersecurity education cannot be reiterated enough and it’s vital that businesses invest long term in equipping employees with the tools and knowledge needed to avoid falling prey to cybercriminals.
We saw a large number of attacks and hacks of cryptocurrency exchanges throughout 2021. This trend will continue into 2022 says Kaspersky.
“As cryptocurrency is a digital asset and all transactions take place online, it offers anonymity to users. These are attractive features for cybercrime groups. However, it’s not only cybercriminal organisations but state-sponsored threat actors who have targeted this industry. We have already witnessed APT groups rising to attack the cryptocurrency business aggressively, and we anticipate that this activity will continue,” writes Kaspersky.
IoT school fees must be paid
Since firms began turning into the internet of things, we’ve been pleading with manufacturers to focus on security. According to predictions, the hens have come home to roost because IoT systems are set to become a massive target in 2022.
Not only do IoT devices present a threat in that they can be corralled into a botnet like a horde of mindless zombies, they can also present a gap through which ne’er-do-wells can slip through.
If your business makes use of IoT devices, it’s time to harden your defences and keep a close eye on network traffic and the like. Gird yourselves, 2022 is looking messy already.
Finally, we suspect that zero-trust models of security are going to become the latest fashion and rightly so. With supply chain attacks set to spike in 2022, zero-trust is quite frankly the only way to be secure these days. That’s not to say it’s bulletproof but it will make breaches and intrusion slightly more difficult.
We also expect to see great automation from cybercriminals as botnet-as-a-service platforms rise in popularity and SMEs become an easier target owing to the lower security compared to enterprises.
Rest easy while you can because cybercriminals aren’t.
[Image – CC 0 Pixabay]
