Top Five Threats In Cybersecurity For 2022

Cybersecurity has continued to evolve as hackers have discovered the profitability of hacking large companies. In 2020, we saw significant growth in many areas of cybersecurity[1]:

• 238% rise in attacks in the finance sector
• Cloud-based attacks increased by 630% between January and April
• Ransomware attacks increased by 148%
• Phishing attacks increased by 600%
• Average cost of cyberattacks was around $133,000

As we approach 2022, we can expect cybercrime to continue to grow. Here are our predictions for the top threats in cybersecurity in 2022:

Social Engineering

Social engineering is the psychological manipulation of a person to perform a malicious action. Social engineering has been consistently growing as an attack vector in the last decade, and all indicators suggest that it will continue to be a popular attack strategy in 2022. Social engineering attacks from June 2020 to May 2021 grew by 56%. One study, Spear Phishing: Top Threats and Trends Vol.6 – Insights [2], found that the average company received over 700 social engineering attacks per year.

Supply Chain Attacks

A supply chain is a collection of entities, processes, and products used to deliver goods and services to consumers. Each of these elements has trust relationships with one another, and 2021 has shown us that hackers can take advantage of the trust between these different groups to compromise businesses. An example of this is the SolarWinds incident earlier this year. Hackers hacked into SolarWinds and uploaded malware into a scheduled software update for their clients. Since these were clients of SolarWinds, they installed the software update without looking at what was inside of it. As a result, hundreds of businesses had malware on their systems. We can expect that in 2022 this will continue to be a technique that hackers use to compromise businesses.

Insider Threats

An Insider [3] is a threat to an organization that comes from inside the business itself. An insider can be a current or former employee, a contractor, a third party, or a business partner. According to the IBM 2015 Security Intelligence Index,[4]roughly 31.5% of attacks were performed by malicious insiders, and inadvertent insiders performed 23.5%. Astonishingly, 95% of breaches involve human error. The consistent element is that they have:

1. information concerning the organization's security practices, data, or systems.

2. the means to access and tamper with company assets.

Tampering with a company's assets is an enormous risk because traditional security measures (such as firewalls, antivirus, IDS/IPS, etc.) protect your company from external threats, not internal threats. Working within a company allows insider threats to circumvent many of the security controls that companies have implemented. Source @ helpnetsecurity

__Ransomware __

Ransomware is a type of malware [5] that encrypts all of the information on a computer system. Any files and systems they rely on become unusable. Cybercriminals will demand their victims pay a ransom to retrieve their stolen information. They will even threaten to release the exfiltrated information if the ransom is unpaid. Ransomware has proven to be one of the most profitable types of malware on the market. It will continue to be a sought-after threat vector going into the future.

Denial of Service Attacks

As cloud computing has grown more popular, so have DDOS attacks. Hackers know that cloud service providers (CSP) provide services for several companies and target their servers with the knowledge that they can negatively impact multiple companies at once. These attacks are indiscriminate and aim to affect as many servers of the cloud service provider as possible. Therefore, an effective strategy would be for clients to pressure their cloud provider to stop the attack by paying the ransom.

Preventative Methods Against Threats

Threat Intelligence

One of the best methods to protect yourself from these threats is to stay informed through cyber threat intelligence. Cyber threat intelligence gathers information about threats and threat actors that may help mitigate harmful events. Cyber threat intelligence is conducted manually through research, but this is impractical. Everyday, new types of malware are being created and discovered. It is unrealistic to expect the security staff to track this information. A better approach is to use automated tools; they collect and aggregate the information for the user. One such example of this is a platform called ThreatConnect.

ThreatConnect

ThreatConnect [6] is a platform that allows people to obtain threat intelligence information from other cybersecurity professionals. This platform permits thousands of analysts to upload data on new threats and share that information nearly instantly. By using ThreatConnect, you can discover data on new cybersecurity threats, associated indicators of compromise (IOCs) and sort them by risk level. The most pivotal element of threat intelligence is identifying IOCs. IOCs are forensic artifacts that identify potentially malicious activities on a system or network. IOCs are vital for both the prevention and detection of cyber threats. By inputting IOCs of new cyber threats into software products, they can block any processes that match these IOCs and therefore detect the threat before it enters the network.

Other notable mentions in threat intelligence:

Virustotal: This tool allows you to upload files, URLs, or IP addresses to see if they are associated with any known malware campaign. It is a great free tool for performing investigations and checking for indicators of compromise.

AlienVault Open Threat Exchange: This platform is an open exchange provided by the cybersecurity company AlienVault. This tool allows private companies, security researchers, and governments to collaborate and share information. AlienVault has more than 80,000 participants in 140 countries who share information on over 19 million threats per day.

Recap

Cybercrime continues to grow at an alarming rate as hackers find new ways to profit from hacking businesses. As we enter into 2022, we can expect that social engineering, ransomware, DDOS attacks, and supply chain attacks will continue to be used to compromise businesses. The best way to avoid falling victim to these techniques is to stay aware of what is happening via cyber threat intelligence. Cyber threat intelligence provides companies with information on the attacks before they happen and prevents successful attacks. An essential element of cyber threat intelligence and an artifact used to identify attacks is indicators of compromise (IOCs).

Sources:

https://www.sumologic.com/blog/cost-of-cyber-attacks-vs-cost-of-cyber-security-in-2021/ [1]

https://www.barracuda.com/spearphishing-vol6 [2]

https://www.cybrary.it/course/insider-threats/ [3]

https://essextec.com/wp-content/uploads/2015/09/IBM-2015-Cyber-Security-Intelligence-Index_FULL-REPORT.pdf [4]

https://www.cybrary.it/course/malware-threats/ [5]

https://www.cybrary.it/course/threat-connect-tutorial/ [6]