In 2021, cybercrime was more widespread and more sophisticated. Cyber criminals were relentlessly attacking critical infrastructure in healthcare and financial services.
A Microsoft report stated there were 25 different kinds of malicious e-mail techniques in addition to phishing. Cybercriminals do not even have to know IT today. They can buy cyber attack services, added the report.
An attacker-for-hire can be had upwards of US$250 per job, while ransomware kits can be bought for US$66 and a denial-of-service attack can be bought for US$311.88 per month.
As the world steps into 2022, the turmoil over cybersecurity continues. There will be more and bigger threats, and faster threats on the horizon, say cybersecurity experts.
Such attacks will also become increasingly more sophisticated as attackers turn to advanced learning capabilities of artificial intelligence and machine learning to break into IT infrastructure.
Cybersecurity experts point to six leading types of cyber attacks in 2022:
1. Phishing will continue: It is an effective technique for gaining access to an organisation’s network and systems. The Microsoft report pointed out that phishing was responsible for about 70 per cent of data breaches. Employees can be tricked into handing over sensitive data like login credentials or to download a file that has malware that can stealthily tunnel through an organisation’s network to steal digital assets.
2. Ransomware will become more sophisticated: They will be more aggressive and adept at dodging security defences. Check Point Software reported an increase of 168 per cent of such attacks in the Asia-Pacific. This will spur other attacks especially when ransomware-as-a-service is readily provided by operators who develop and sell high-quality malware to less sophisticated attackers.
3. Infiltrations of cloud environments will increase: A new focus will be on Linux-based cloud entities, said Bill Swearingen, a security strategist at IronNet, which helps organisations collectively detect, share intelligence and stop security threats in real-time. Splunk’s Distinguished Security Strategist Ryan Kovar predicted that a major cloud provider could be hacked this year, “if it hasn’t happened already”.
4. Global supply chains will become a new target: They have become critical infrastructure and considered high-value targets by cyber criminals. Often, these companies, especially smaller providers in the supply chain, are good targets because they lack the tools and funding needed to defend themselves, said Amit Sharma, a security engineer at Synopsys.
5. Emerging threat of deep fakes can harm individuals and organisations: The Microsoft report highlighted that improvements in AI allow deepfake videos and audio to be created which can then be used to compromise business e-mail and bypass multi-factor authentication protocols.
6. Crypto platforms, such as exchanges, are attractive “playgrounds”: Interest is growing in cryptocurrency trading, and malicious forces are looking to extract ransom from data heists, as well as profit from manipulating and stealing cryptocurrencies, said Jason Schmitt, general manager of Synopsys’ Software Integrity Group.
Related to this is the many millions of digital wallets sitting unprotected on laptops and smartphones, which also make an easy target for cyber criminals.
Going forward, more international cooperation on cybersecurity will emerge, said Anthony Grenga, IronNet’s vice-president of cyber operations.
Countries have realised that international cooperation is necessary to bolster efforts to create a safer, more secure interoperable cyberspace for everyone, he added.
A step in this direction was taken last year, when Singapore and the United States signed three Memorandums of Understanding to strengthen cyber security cooperation.
Another significant trend is that organisations cannot hide from cyber threats. There is no security perimeter any more, so basic diligence is the new perimeter, said Mick Baccio, Splunk global security advisor.
Organisations have to focus on the bread-and-butter work, the cyber hygiene, he said in Splunk’s Data Security Predictions 2022 report. “It’s patching your systems regularly and quickly, it’s implementing multifactor authentication, it’s the basics, the eat-your-vegetables of cybersecurity.”
This is a view held by Microsoft too. In its report, it said cybersecurity hygiene training remains essential to the prevention of a variety of attacks. It highlighted that awareness of security hygiene by employees protects against 98 per cent of attacks.