2020 and 2021 saw more than their fair share of cybersecurity challenges, largely caused by the mass transition to remote work in response to the COVID-19 pandemic. As individuals and businesses rushed to ensure that work continued remotely during lockdowns, hackers were devising ways to take advantage of the resulting vulnerabilities. These issues, coupled with technological developments like the rapid adoption of IoT, saw cyberattacks and cybercrime rates rise rapidly. Businesses and individuals need to understand and be prepared to adjust their cybersecurity strategies in the coming year to adapt to the coming cybersecurity challenges that await in 2022.
Ransomware attacks increased in 2021 compared to the previous year. This trend is likely to continue in 2022 as organizations adopt hybrid working models and system vulnerabilities grow. Attackers use these vulnerabilities to, for example, inject malware into systems. The malware encrypts files on the network, rendering them unusable. Attackers then demand a ransom from the organization in exchange for keys to decrypt the files. Organizations have a duty to identify any vulnerabilities in their networks and find ways to mitigate them. Moreover, keeping operating systems updated, using multifactor authentication and enforcing password best practices can go a long way toward preventing these attacks. VPNs are also a great way to mitigate such attacks.
Supply Chain Attacks
Hackers continue to find new techniques to gain entry, and using supply chains is one such method that has proven successful for them. They take advantage of the complexity of software supply chains today as well as the fact that many software supply chains lack a software bill of materials (SBOM) that details the components and the provenance of each artifact. The absence of monitoring within a supply chain can enable attacks to perform malware injections and data breaches and then ask for a ransom from the affected organizations. In 2022, supply chain attacks are likely to increase. Governments are beginning to implement regulations and recommend best practices to stop these attacks, and are working with the private sector to identify global and regional attackers. But organizations should remain vigilant, as well.
Campaigns focused on spreading false information about organizations on social media have also been on the rise. In 2022, these campaigns will intensify as hackers try to make their ransomware attacks more lucrative. They’re betting that organizations will pay more if their reputation is at stake. These kinds of attacks are also used to manipulate stock prices for large multinational organizations, in some cases. Companies need to employ the latest data gathering and monitoring techniques as well as back up their data to stay secure.
Hackers are cashing in on the vulnerabilities present in some digital wallets. Unfortunately, the anonymity of cryptocurrency and of digital wallets makes it difficult to trace and attribute theft to culprits. Governments need more stringent regulations related to cryptocurrency, and organizations and individuals that accept cryptocurrency as a form of payment should make it a point to stay up-to-date on attack vectors and methods as well as indicators of compromise.
Deep Fake Technology
As technology advances, techniques used to make deep fake videos or audio recordings are also advancing. Hackers are using this technology to create content that can be used to obtain permission, manipulate opinion and more. One case in 2020 showed just how destructive deep fake technology can be when a bank manager in the United Arab Emirates was tricked into transferring $35 million to cybercriminals. Such cases are likely to be more common in 2022.
Mobile Malware Attacks
Mobile devices continue to be the most preferred device for accessing content, mobile banking, online shopping and more. As reliance on mobile devices continues to grow, cybercriminals will continue to find new techniques to try and exploit users. For this reason, individuals need to be careful what they click on and download.
Remote Desktop Software Attacks
Many companies are considering making remote work permanent since the pandemic kicked off the transition. This means an increase in the use of remote desktop software among remote workers and an associated rise in security incidents involving RDP. Brute force attacks on remote desktop software are already on the rise, and companies need to increase security strategies around this technology in the coming year.
IoT Vulnerabilities will be Targeted
IoT technology is finding its way into more homes and offices every day. However, despite its benefits, it also comes with increased security risks. These vulnerabilities may stem from a lack of regular updates, insecure interfaces, weak password protection or poor device management. In 2022, IoT devices will be among the most targeted by cybercriminals and users should work toward mitigating any attacks.
Credential Stuffing and Bots
Most people reuse their login credentials across different applications because it’s easy to remember. Attackers know this; they often steal credentials from one application and use them to log in to another. By using bots and other techniques and attack tools they can mask their true location and impersonate multiple IP addresses and locations.
Phishing threats are likely to continue. Even with so much anti-phishing advice and ubiquitous email security tools available, most people still struggle to identify malicious emails. Cybercriminals are also upping their game by creating emails that are harder to detect. Training and creating awareness about phishing can continue to assist in avoiding these attacks.