Emerging Cybersecurity Threat Trends in 2022
Updated: Jul 14
2022 is proving to be a big year for the cybersecurity industry. With companies disclosing breaches from successful cyberattacks every day, it’s incredibly important for businesses to develop and maintain a strong defensive strategy.
Aside from a financial impact, breaches can cause irreparable brand damage and loss of consumer confidence. On average, public companies’ share prices fell an average of 8.6% after a breach.
Over the last year, RISCPoint’s cybersecurity specialists have noticed certain threat trends that even the most diligent businesses may be vulnerable to. Read on to learn more about these threats and the steps you can take to protect yourself:
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Cybercriminals will demand ransom (many times in the form of hard-to-trace cryptocurrency) in exchange for decryption, and they will often threaten to sell or leak exfiltrated information if the ransom is not paid.
Many attackers determine ransom demands based on the size of the organization and the sensitivity of the information they gain access to. These ransoms can range from a few hundred dollars to tens of millions of dollars for decryption. Acer, a computer manufacturer, recently fell victim to a ransomware attack and received the highest ransom demand to date: $50,000,000.
Even if proper backups are maintained, the cost of service interruptions and remediation efforts can be substantial.
In 2021, these attacks dominated the cybersecurity risk landscape. The FBI's Internet Crime Complaint Center received 2,084 ransomware complaints from January to July 31, 2021, which was a 62% year-over-year increase from the same period in 2020.
Unfortunately, early 2022 trends have proven that this threat is only going to increase in frequency and severity going forward, as ransomware is an effective and lucrative way for criminals to make money – with little risk of apprehension.
While social engineering and lacking security controls remain the primary vector for ransomware infection, one emerging trend is the ransomware insider threat. Some cybercriminal groups have been targeting disgruntled employees with an offer of commission on ransom payments (as high as 40%) for using their access to install ransomware within their corporate environment.
Software Dependencies & Supply Chain Attacks
In mid-December 2021, two high-impact vulnerabilities were publicly disclosed by security researchers. CVE-2021-45105 and CVE-2021-44832 describe vulnerabilities discovered in the software library, Apache Log4j. These vulnerabilities were assessed to be the highest severity, as they allowed attackers to remotely execute malicious programs on vulnerable systems.
Many organizations had never heard of Apache Log4j and assumed they were safe from this threat. Unfortunately, the Log4j software was a commonly-included component of many services and applications, including VMware, AWS, and Okta. As a result, many off-the-shelf software products and services inherited these vulnerabilities. According to SonaType, a company specializing in software supply chain security, more than 7,000 software products are known to include the Log4j library, and it is in the top 0.003% percentile of most downloaded Java libraries.
The sheer number of vulnerable targets, combined with the ease of exploitation, proved appealing to threat actors across the globe. According to Check Point Software’s research, more than 200,000 attack attempts were identified within the first 24 hours of the vulnerability being disclosed, with this number quadrupling after 72 hours. By the end of 2021, this number grew to a staggering 4.3 million attack attempts, with roughly 48% of all corporate networks being targeted.
While the Log4j vulnerability was a perfect storm of timing, ease of exploitation, and patching complexity, it highlights an important fact — organizations are facing an increasing threat from their software supply chains, as widely used software and libraries are attractive for threat actors due to the broad ranges of potential targets.
The software supply chain presents an appealing target for attackers, as well as a unique challenge for organizations. Due to the nature of software supply chain attacks, it is likely impossible to mitigate all risk of attack even by following security best practices. However, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) recently released a report and guidance to help companies better defend themselves against compromised software supply chains.
The organizations found that software supply chain attacks have primarily been carried out by hijacking a vendor's update and code signing mechanisms. This is done by compromising the vendor’s network or targeting open source software projects that are included in vendor code. The report also stated that third-party applications using elevated privileges and performing frequent communication with software vendors are most likely to be targeted.
To combat these threats, it is recommended that businesses use guidelines like NIST’s Cyber Supply Chain Risk Management (C-SCRM) or Secure Software Development Framework (SSDF) to inform their purchase and implementation of third-party software.
When it comes to ransomware and software supply chain attacks, an ounce of prevention is worth a pound of cure. The following are some practices that can help mitigate the likelihood and impact of attacks on your organization:
Security Awareness Training - Educating employees about the risks of social engineering and phishing campaigns is one of the best steps toward preventing these attacks. The effectiveness of security training can be benchmarked through simulated social engineering attacks, which can provide valuable metrics regarding the current preparedness of your workforce.
Environment Logging - Recording the actions taken by users and automated processes provides the ability to look back and see when certain actions occurred and what initiated them. Additionally, they are critical to the success of incident response efforts post-breach and are used to understand where attackers gained access and what information may have been compromised. Ensuring systems are performing adequate logging, and that those logs are able to be reviewed on demand, will pay dividends in the event of a security incident.
Regular Backups - Ransomware targets company data, hoping to find important information that can be withheld until payment is made. By having reliable backups, the risk of data loss can be minimized.
Patch Management - Ransomware often targets known vulnerabilities within the software. By keeping software and systems updated on a regular schedule, you can eliminate a possible attack vector.
Vulnerability Scanning and Penetration Testing - Routine vulnerability scanning and penetration testing helps organizations identify where they are most likely to face an attack and proactively increase their security posture. One service that gained popularity in 2021 is continuous penetration testing. Unlike an annual penetration testing schedule that many companies follow, continuous penetration testing monitors an organization's systems regularly throughout the year. This offers companies greater insight into their overall attack surface and provides more timely identification of emerging vulnerabilities.
Where to Go From Here
If you are looking to bolster your organization’s security or achieve compliance, RISCPoint has advanced services tailored to your needs. Our certified cyber security professionals have successfully supported companies across a wide range of industries and sizes, from Fortune 10 to pre-Series A startups.