In 2021, cyberattacks increased 50% year-over-year, with organizations facing 925 cyberattacks per week globally. As these attacks increase, one may think that our knowledge on how to prevent them follows suit — but as cybersecurity tools improve and become more sophisticated, so too do the methods and attack vectors used by cybercriminals. Technological progress is only expanding and widening potential surfaces for bad actors to open new doors and carry out new attacks … and we’re already seeing new and prolific attacks jeopardize an array of industries in 2022.
Stemming from our conversations with industry leaders, reporters, analysts and clients, these are the biggest threats impacting organizations today.
Web malware (47%) and ransomware (42%) top the list of security threats, according to a report from Menlo Security. Whether these attacks targeted schools, hospitals, government agencies or financial services – no industry was left untouched. This is a trend we’ve seen time and time again because its anonymous nature allows cybercriminals to make money with little consequence at the expense of organizations that need critical data returned to their systems.
Early on in 2022, the FBI also issued a warning that hackers were sending malicious thumb drives via mail to companies hoping that recipients would plug them in and ultimately infect their networks. Regarding this attack method, Veeam noted that portable storage media (like USBs, floppy disks, compact discs and DVDs) have long been a threat vector in cybersecurity. While many IT organizations got into the practice of disabling autorun of these media on endpoint devices, chances are that current administrative conditions, BYOD and the sheer number of devices in use made this an untenable practice for 100% compliance. If the activity in Q1 is any indication, ransomware and malware attacks aren’t going away anytime soon, which is why many cybersecurity experts continue to call out the need for having established remediation plans in place.
Last year exposed the many security risks associated with software supply chains — something that was largely neglected prior to the SolarWinds attack. Following the infamous attack, every software company was exposed to an increase in methodical supply chain attacks. Just last month, a cyberattack on Toyota’s supply chain shut down its 14 factories in Japan for 24 hours, a suspension that hit output of around 13,000 vehicles.
Technological progress is only expanding and widening potential surfaces for bad actors to open new doors and carry out new attacks … and we’re already seeing new and prolific attacks jeopardize an array of industries in 2022.
A Rapid7 report also revealed that attacks on open-source libraries as part of supply chain attacks were on the rise over the 2021 calendar year. Cue when cybersecurity researchers discovered a flaw in a popular open-source coding framework called Log4j. The impact? Hackers could exploit this vulnerability to carry out destructive cyberattacks across the globe by taking control of targeted computers with remote-code execution. And what did this flaw expose? That hackers can infiltrate open-source code and let themselves in to millions of computer systems worldwide.
The trickledown effect of an attack against third party vendors causes the number of victims to grow exponentially, and this, paired with the complications around securing supply chains, makes it that much easier to go unnoticed and therefore become more damaging.
While a Software Bill of Materials (SBOMs) — a complete inventory of what is inside software packages, including which open-source components programmers used during development – should help organize and get ahead of potential security gaps, Synopsys delved deeper into the benefits and potential challenges organizations still face around SBOMs with The Wall Street Journal in, Push to Explain What Software Contains Gains Steam After Log4j Flaw. While progress is certainly being made to defend against these attacks, we likely won’t be free of them anytime soon.
As we look toward technology trends and current events fueling conversations in Q2, we should expect to see the potential cybersecurity threats accompanying them.
There’s no denying the many benefits of today’s latest technological innovations, but it’s crucial to remember that a wise superhero once said, “with great power comes great responsibility.” As we reflect on Q1 and look ahead at what’s in store for Q2 and beyond, it’s clear that every person, organization, and industry will have to adopt a security-first mindset to stay ahead of bad actors and keep valuable information and assets safe. The cybersecurity market is poised for explosive growth – and the conversations that drive awareness, importance and the necessity of having robust cybersecurity plans will play a huge role in its success.