In 2021, cyberattacks increased 50% year-over-year, with organizations facing 925 cyberattacks per week globally. As these attacks increase, one may think that our knowledge on how to prevent them follows suit — but as cybersecurity tools improve and become more sophisticated, so too do the methods and attack vectors used by cybercriminals. Technological progress is only expanding and widening potential surfaces for bad actors to open new doors and carry out new attacks … and we’re already seeing new and prolific attacks jeopardize an array of industries in 2022.
Stemming from our conversations with industry leaders, reporters, analysts and clients, these are the biggest threats impacting organizations today.
What We Anticipated: Ransomware and Malware
Web malware (47%) and ransomware (42%) top the list of security threats, according to a report from Menlo Security. Whether these attacks targeted schools, hospitals, government agencies or financial services – no industry was left untouched. This is a trend we’ve seen time and time again because its anonymous nature allows cybercriminals to make money with little consequence at the expense of organizations that need critical data returned to their systems.
Early on in 2022, the FBI also issued a warning that hackers were sending malicious thumb drives via mail to companies hoping that recipients would plug them in and ultimately infect their networks. Regarding this attack method, Veeam noted that portable storage media (like USBs, floppy disks, compact discs and DVDs) have long been a threat vector in cybersecurity. While many IT organizations got into the practice of disabling autorun of these media on endpoint devices, chances are that current administrative conditions, BYOD and the sheer number of devices in use made this an untenable practice for 100% compliance. If the activity in Q1 is any indication, ransomware and malware attacks aren’t going away anytime soon, which is why many cybersecurity experts continue to call out the need for having established remediation plans in place.
On the Rise: Open-source Supply Chain Attacks
Last year exposed the many security risks associated with software supply chains — something that was largely neglected prior to the SolarWinds attack. Following the infamous attack, every software company was exposed to an increase in methodical supply chain attacks. Just last month, a cyberattack on Toyota’s supply chain shut down its 14 factories in Japan for 24 hours, a suspension that hit output of around 13,000 vehicles.
Technological progress is only expanding and widening potential surfaces for bad actors to open new doors and carry out new attacks … and we’re already seeing new and prolific attacks jeopardize an array of industries in 2022.
A Rapid7 report also revealed that attacks on open-source libraries as part of supply chain attacks were on the rise over the 2021 calendar year. Cue when cybersecurity researchers discovered a flaw in a popular open-source coding framework called Log4j. The impact? Hackers could exploit this vulnerability to carry out destructive cyberattacks across the globe by taking control of targeted computers with remote-code execution. And what did this flaw expose? That hackers can infiltrate open-source code and let themselves in to millions of computer systems worldwide.
The trickledown effect of an attack against third party vendors causes the number of victims to grow exponentially, and this, paired with the complications around securing supply chains, makes it that much easier to go unnoticed and therefore become more damaging.
While a Software Bill of Materials (SBOMs) — a complete inventory of what is inside software packages, including which open-source components programmers used during development – should help organize and get ahead of potential security gaps, Synopsys delved deeper into the benefits and potential challenges organizations still face around SBOMs with The Wall Street Journal in, Push to Explain What Software Contains Gains Steam After Log4j Flaw. While progress is certainly being made to defend against these attacks, we likely won’t be free of them anytime soon.
What’s Ahead: Cryptocurrency, the Metaverse and Midterm Elections
As we look toward technology trends and current events fueling conversations in Q2, we should expect to see the potential cybersecurity threats accompanying them.
- Cryptocurrency has been skyrocketing in popularity (according to TechCrunch’s Alex Wilhem, “investments in crypto-themed companies… set records in 2021, records that could be beaten in 2022 if early data indicates where capital will flow this year”). However, with this interest comes an expanding threat landscape with security concerns that organizations and individuals may be overlooking. This varies from identity fraud and scams to the innate complexity of using blockchain. We can anticipate that more cryptocurrency users will open themselves up to cyberattacks and so we’ll see security experts weighing in on how users can secure their assets and avoid falling victim.
- There’s no avoiding the craze buzzing around Meta’s newest endeavor with the Metaverse. As these new virtual worlds that mimic aspects of the physical world through VR/AR, AI and more is taking the media landscape by storm, it’s likely we’ll start to see the security risks associated with this alternate world come to life. A few that come to mind include issues with data privacy, insecure currency exchange, and an increase in scams and impersonation.
- Where there is an election, there are also threats of cyberattacks – and this trend doesn’t seem to be subsiding as we gear up for the 2022 midterm elections, especially on the heels of mounting cyber unrest with Russia. Whether it be disinformation campaigns, cyberattacks spreading malware or hacking into election officials’ emails, conversations will undoubtedly lean heavily on advice from experts on the best ways to prepare and protect against these threats leading up to this year’s voting season.
There’s no denying the many benefits of today’s latest technological innovations, but it’s crucial to remember that a wise superhero once said, “with great power comes great responsibility.” As we reflect on Q1 and look ahead at what’s in store for Q2 and beyond, it’s clear that every person, organization, and industry will have to adopt a security-first mindset to stay ahead of bad actors and keep valuable information and assets safe. The cybersecurity market is poised for explosive growth – and the conversations that drive awareness, importance and the necessity of having robust cybersecurity plans will play a huge role in its success.