Several of the cybersecurity experts we present here warn that 2022 is one where attackers will thrive, building on coalitions, creative attacks, and our own failings to deal with the threats.
Dealing with attack behavior
Experts at Attivo Networks, via their 2021 Verizon Data Breach report, shared their evidence-based forecasts into cyberattacker behavior and tactics, techniques, and procedures (TTPs).
The report said 61% of breaches involved credential data. “If there is one thing we can learn from 2021, is that the cyber attackers focus on credentials to expand their reach into their victim’s networks,” said Ray Kafity, Vice President Middle East Turkey and Africa (META) at Attivo Networks. Recent Examples are the Colonial Pipeline incident where fuel shortages resulted from a single compromised password or the Solarwinds breach.
Increased investment in identity security solutions
Traditional security solutions are no longer enough. And while existing solutions like Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) provide basic identity protections, their focus on authorization and authentication leave gaps for attackers to exploit. To close those gaps, enterprises need to invest in Identity Detection and Response (IDR) solutions.
Ransomware defenses need a badly needed refresh
Ransomware 3.0 is here, characterized by double extortion where cybercriminals encrypt files and leak information online to drastically impact the company’s image, profits, stock price, and more. With over 300 variants, stopping ransomware requires a multi-faceted approach that starts with protecting Active Directory and privileged credentials.
Insurance companies will raise rates and technology requirements
Cybersecurity Ventures estimates that ransomware costs will reach $265 billion by 2031, with an expected 30% year-on-year growth in damage costs over the next ten years. To help minimize their risk, insurance companies will increase their premiums and institute stringent security technology requirements as a prerequisite to extending coverage or making payouts.
Supply chain issues to increase risk
Supply chain issues force enterprises to order supplies months in advance, in larger quantities, and from new providers. This change will introduce new supply chain security risks that could arise from software, hardware, and logistics security exposures.
Skills gap to impact attraction and retention policies
With many employees stepping away from their jobs in 2021, combined with the skilled IT shortage and the anticipated Great Resignation of 2022, organizations will continue to compete to attract and retain highly-skilled cybersecurity talent.
Global threat landscape
Group-IB, a global leader in cybersecurity, said in a report titled Hi-Tech Crime Trends 2021/2022 that scammers are banding together to automate and streamline fraudulent operations.
One of the underlying trends on the cybercrime arena is that the number of offers to sell access to companies almost tripled over the review period: from 362 to 1,099.
In H2 2019–H1 2020, the Group-IB Threat Intelligence team detected only 86 active brokers. In H2 2020–H1 2021, however, this number skyrocketed to 262, with 229 new players joining the roster.
Most companies affected belonged to manufacturing (9% of all companies), education (9%), financial services (9%), healthcare (7%), and commerce (7%).
In the Middle East alone, the total cost of all the accesses to the region’s companies available in the underground rose by 37% in the review period and totaled $247,836. Most of the accesses on the sale belonged to organizations from the UAE (24%), which was followed by Turkey (13%), Saudi (12%), and Iran (12%).
In total, data relating to 2,371 companies were released on DLSs (Data Leak Sites) over H2 2020–H1 2021. This is an increase of an unprecedented 935% compared to the previous review period when data relating to 229 victims was made public.
Group-IB analysts identified 21 new Ransomware-as-a-Service (RaaS) affiliate programs, which is a 19% increase compared to the previous period. There are more than 70 phishing and scam affiliate programs. Participants aim to steal money as well as personal and payment data. In the reporting period, the threat actors who took part in such schemes pocketed at least $10 million in total. The average amount stolen by a scam affiliate program member is estimated at $83.
It is noteworthy that in the first three quarters of this year, ransomware operators released 47% more data on the attacked companies than in the entire 2020. The number of companies that opt for paying ransom is estimated at 30%.
Conti became the most aggressive ransomware group, which made public information about 361 victims, followed by Lockbit (251), Avaddon (164), REvil (155), and Pysa (118).
In the Middle East, at least 50 organizations fell prey to ransomware attacks in 2021. To compare, in 2020, the data on 27 companies in the Middle Easter region was released, which is an increase of 85%. In the current year, the majority of publicly known ransomware attack victims in the Middle East originated from Turkey (20%), the UAE (18%), Saudi (18%), and Iran (6%).
Over the review period, the carding market dropped by 26%, from $1.9 billion to $1.4 billion compared to the previous period. The decrease can be explained by the lower number of dumps (data stored on the magnetic stripe on bank cards) offered for sale: the number of offers shrank by 17%, from 70 million records to 58 million.
The Middle East stuck to the global trend and showed the carding market drop of 49% in the review period: it decreased from $47.6 million in H2 2019 – H1 2020 to $24.4 million in H2 2020 – H1 2021. The total number of bank cards belonging to the bank customers in the Middle East offered for sale over the examined period totaled 1,546,842, which is a 34-percent decline compared to the previous review period, when 2,353,854 bank card records were offered.
This was accompanied by the increase in the average price of text card data from $8.95 to $14.09 and a dramatic drop in the price of a dump from $69.82 to $22.91.
Cybersecurity implications of digital transformation
Abed Samhuri, Cyber Institute Lead at Axon Technologies, said one of the greatest challenges facing organizations aiming to securely implement digital transformation is not having enough resources (budget and manpower).
“For this reason, our first recommendation is to outsource this aspect to a third-party cybersecurity firm,” he said. The following are three key tips to mitigate any security risks that arise from digital transformation:
1- Cloud Security: Cloud security starts with choosing the right cloud service provider, one that already has a strong security policy
2- Multi-Factor Authentication (MFA): You need to enable/ enforce MFA to prevent account compromise, session hijacking, and other attacks
3- Enable Auditing and Logging: Whenever you utilize a cloud-based service, ensure to enable logging of various actions (permissible or otherwise). In times of crisis, those logs are the first thing that will give you clues of what is happening, why it is happening, and how to fix it
Towards zero trust security
With zero-trust, enforcement of authentication and authorization always takes place between entities regardless of their network or location. No network is regarded as trusted where entities in it can interact with no authentication. Thus, it is about eliminating trust.
The zero-trust approach reduces any chance of an attacker exploiting a trust relationship and gaining unauthorized access including spoofing, hijacking, privilege escalation, etc. due to that trust. Attacks get reduced tremendously in an infrastructure designed with zero-trust principle.
However, zero-trust security requires more effort in designing a network infrastructure and continuous monitoring and auditing of users and devices.
Kaspersky believes state-sponsored groups will target the cryptocurrency industry, while cybercriminals will take advantage of investors by fabricating rogue wallets with backdoors included.
The industry is also likely to witness the growth of attacks against payment systems and more advanced mobile threats. These are the key predictions from Kaspersky’s ‘Cyber threats to Financial Organizations in 2022’ report.
Kaspersky researchers have forecasted several important tendencies expected to occur in 2022. They include:
- We have already witnessed APT groups rising to attack the cryptocurrency business aggressively, and we anticipate that this activity will continue.
- Cybercriminals will take advantage of manufacturing and retailing rogue devices with backdoors, followed by social engineering campaigns and other techniques to steal victims’ financial assets.
- We should expect more mobile banking trojans for the Android platform, especially RATs that can circumvent security means adopted by banks (such as OTP and MFA).