As hackers find new techniques to breach secure networks or automate assaults to target vulnerably systems, cyberattacks are continuously changing. Cyberattacks appear to be present everywhere these days.
The transition to remote work posed several new attack vectors for us to deal with in 2021, and those are expected to persist far into 2022. Organizations must take into account developing trends to remain ahead of the assaults and enhance their current cybersecurity risk management processes, from a rising requirement for intelligence-led security to greater insider risk.
- An exponential rise in the volume of cybercrime
Cybercriminals are now teaming up to execute a multi-leg relay race, transferring the baton from one specialised criminal organisation to another, as seen by the rise of ransomware as a service, which we see every year. Operations have advanced to the point that fraudsters may now access customer support for payment interactions. Yes, you did read that right. Even cybercriminals contract out their “customer support.” Nobody is familiar with bitcoin, much less how to buy it to pay a ransom.
Because of this, criminals are targeting and infiltrating additional attack surfaces for reasons other than financial gains, such as damage, disruption, and misinformation
- Intentional herding assaults
To “herd” traffic to another platform or service provider that could be more exposed or already compromised, a cybercriminal must first attack a piece of shared or core infrastructure. BGP hijacking is more common these days, which causes internet traffic to, for instance, take the “scenic route” from your computer to your banking website, maybe via Russia or China. Attacks that cause a distributed denial of service (DDoS) can also be used to herd animals.
A DDoS assault can be used to “direct” a company’s or an industry’s traffic and communications toward a backup channel or provider that is less secure but that the cybercriminal may already have access to or is presently monitoring. In September 2021, cyber actors impersonating the ransomware organisation “REvil” launched a DDoS assault against Bandwidth.com, a prominent US voice over IP (VoIP) company, seeking 100 bitcoins ($5.7 million as of this writing). VoIP services are often targets of DDoS extortion attempts since they are Internet-based services.
Once a corporation has been penetrated or one or more of its computers or servers have been infected, cybercriminals expect to be paid a ransom. If the victim declines to pay, the assailants will look for alternative means of payment. The skincare firm declined to pay a ransom, so the cybercriminals posted on a forum that they would sell information at an auction.
- Adversaries’ increased use of automation
Cybercriminals can identify all of a system’s vulnerabilities that are appearing for the first time online in a matter of minutes. They will either immediately exploit it once they find it or assign a team to do it for them. Some of the quickest APTs may start a lateral movement within 18 minutes after infecting “patient zero” with malware or ransomware, according to research studies on worldwide threat trends and patterns.
Now more than ever, cybercriminals can find and take advantage of weaknesses quicker than most firms can take protective measures. Even generating spyware that is precisely crafted for the target victim is a business. The idea that one size fits all is no longer valid. Customized malware is distributed using specific phishing schemes created after thorough social media research and sold as bundles on dark websites.
- Targeting key infrastructure without hesitation now
Targeting essential infrastructure has been a trend in recent years, as seen by events from this past year. Until recently, hospitals, schools, power, gas, and food were only accessible to nation-states (ex. North Korea, China or Russia). However, cybercriminals are now openly attacking these companies. What is worse is that these sectors have typically lagged in terms of detection and security posture. Therefore, the expanding cybercriminal sector may readily break into these networks.
- Insider danger, corruption, and aggressive recruiting
Cybercriminals now openly advertise to workers by promising them a portion of the compensation in exchange for their cooperation and information—and for a fairly cheap cost, no less. Additionally, although job security and employee job satisfaction are factors in this desire to sell access to a company’s infrastructure, the majority of targets are low-responsibility people with high access (receptionists, security guards, etc.).
Businesses must deal with the issue of “outsized” access privileges in the upcoming year and set up an insider risk programme to help them identify and look into abnormalities. Using the “least privilege” approach, where people only have the access and permissions necessary to perform their job, is a good practice. Another well-liked strategy to lessen the likelihood of insider threats that get your business in the news, like the recent hack at Electronic Arts, is zero trust architecture. A little social engineering and the purchase of a Slack session token on the dark web led to the theft of 780 GB of source code for games in the Electronic Arts incident.
- Regulation-related insight
Regulatory bodies are taking on the task of cyber risk management and mitigation due to breaches brought on by negligence and a lack of diligence. To properly punish “willful failure to address” vulnerabilities of enterprises under their authority, regulators wish to improve their position. To enhance their game, they must move beyond simple regulatory governance and adopt regulatory intelligence.
The May 12th Biden Executive Order, software labelling, and the Software Bill of Materials (SBOM) are all anticipated to significantly extend the governance and monitoring responsibilities of regulatory bodies. But it will take time, as software labelling will not instantly make us more “cyber” healthy, just as food labelling did not make us suddenly eat healthier. However, it will enable us to choose better software in the future.