2021 was a year to forget in terms of cyber security breaches and targeted attacks as organizations struggled to cope with the pace with the attackers as they exploited all business sectors creating havoc. With excessive ransomware attacks and Zero-Day exploitations, State-sponsored groups also kept countries and healthcare providers on their toes as they leveraged network exploitation and gained unauthorized access.
With mobile phones becoming moving targets and tons of malicious applications available to download, the general masses were seen losing their data and huge sums of financial losses were reported. 46% of the companies lost their data because of at least one employee downloading a malicious app and eventually leaking organizational data.
Privacy and data protection laws became more significant during these times where countries were more vigilant about the use of data and information and this threat continues to loop on.
2022 will be no different, threat actors will continue with their malicious activities and keep on targeting networks, infrastructure, and general masses for their gains with hopes to increase their fortune.
Here are some predictions for 2022.
Already seen as the worst year in terms of volume and exploitation of zero-days, this trend will carry on for this year as well and threat actors will continue their targeted attacks on the organizations.
As 2022 fast approaches, attackers are operating at full tilt and especially state-sponsored threat actors who will continue to exploit vulnerabilities for their gains. Diversity in the attacks for the targeted applications and their consequences were seen in the year 2021 where organizations failed to respond to the sophistication of the attacks. There’s only one way out of it, PATCH!
Last year ended with supply chain attacks, and this year started with supply chain attacks. This tells us that the attacks on supply chains are not going to slow down anytime soon. 2020 saw a sudden rise in the frequency of supply chain attacks and 2021 continued with the same momentum. Attackers are targeting vulnerabilities and weaknesses in the supply chain to attack the customers of those compromised suppliers. Since supply chain attacks equal big payouts, the interest of threat actors lies in the disruption of such victims.
As remote work comes to an end in most places, still the danger of abusing PII (Personally identifiable information) remains a constant threat. The ease of getting your favorite things just by a click of a button has made life easier. Threat actors continue to leverage on this opportunity, targeting leak/stolen credentials via phishing, smishing, and other social engineering spam campaigns has been on the rise in the year 2021 and around 70% of the security breaches included PII, more than any other compromised data type.
A surge in banking frauds emerged as a national and international threat where banks were targeted on continuous occasions and this threat continues to loop around and the financial sector remains a very lucrative target for cybercriminals. With economies plunging and currencies plummeting, more activity is expected in terms of financial fraud. Targeted attacks against banking customers and banking infrastructure in 2021 was a big success. 150% increase in the social engineering and phishing attacks were recorded in the financial sector with most of them successful due to the lack of awareness in the users of what to click and what not, threat actors were able to leverage on that opportunity to gain unauthorized access and made a lot of fortune from that.
Threat groups like Magecart were the front-runners in the race of exploiting credit card information and skimming payment from online shoppers, they even had to hire more affiliates to increase their activity and took giant steps to gain more information as they could. They were able to get their hands on huge sums of money during the pandemic.
Ransomware emerged as the biggest threat of 2021, with an average amount of $102.3 million ransomware transactions per month, based on SARs data, organizations were targeted left, right and center. Organizations struggled to keep their confidentiality intact, as large sums were demanded by threat actors to keep them from publishing confidential data online.
With economic sanctions and devaluation of the currency, a lot of countries are agreeing to accept bitcoin as legal tender or a way to store the value of their items. Threat actors, who were already accepting payments in bitcoins, had their hands full with an estimated $5.2 billion transactions in 2021 alone with the most active variants being REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.
APT (Advance Persistent Threat) groups have been seen developing more tools to target mobile devices. Threat actors like OceanLotus, Transparent Tribe, OrigamiElephant, and many others were targeting mobile devices with their sophisticated toolsets. Considering all these threats that are to be executed on broader levels in 2022, security teams will have a strenuous new year, where new technology and budget cuts owing to covid-19’s economical destruction will have to be incorporated in cyber security postures.
In nearly 50% of the organizations, at least one employee downloaded a malicious application unintentionally and with mobile phones being the carrier of most business information, threat actors have found a way to crack the code to gain access to information and exploit it for their gains. These attacks have also been used for cyberespionage activities where APT groups are targeting government officials luring them to download malicious apps and installing backdoors for persistence and this trend is likely to go on.
Conventional war stands offs have gone out of the question, powerful nations have shifted their tilt to cyber warfare to defend themselves from the onslaught of their rivals. Nation-sponsored state actors, operating on behalf of world powers, are now on the mission to destabilize their arch-rivals and gain an upper hand on them. From discovering secret political information, sprea ding misinformation, and attacking critical infrastructure, state-sponsored groups are actively targeting adversaries of their funders for different reasons.
Targeted attacks on network devices doesn’t come as a surprise as APT groups surfaced to target specific appliances, for example, APT31 leveraged a network of infected SOHO devices and used it as an anonymization network to host C2s. There were continued targeted attacks on VPN devices as sessions were hijacked as a result of the exploitation of software vulnerabilities (such as Microsoft Exchange). Era of Misinformation
Politicizing the matter and creating a toxic legacy to keep people unvaccinated, a well-organized campaign surfaced against masks and vaccines as part of the misinformation campaign to keep on playing with the fear and stigma of people. As the world still fights with the latest variant of Covid Omicron, there are tons of rumors and myths spread about different variants which have created a movement to stop people from getting vaccinated, this has also increased the number of deaths, especially in the North American region.
Healthcare providers were on the receiving end in the year 2021 and there was a rapid increase in the targeted attacks against them. Around 80% of the major pharmaceutical providers in the world were targeted and data breaches were suffered. Vaccine researchers in Canada, France, India, South Korea, and the United States were targeted by nation-state actors attacking seven prominent companies directly involved in researching vaccines and treatments for Covid-19.