May 04, 2022

Top 7 Attack Trends for 2022

Since the 90’s era, cybersecurity has become a topmost priority in the realm of cyber world. After the dotcom empowered the world with online measures, the internet was attacked too, leading to a freeze of 13 domain name system’s root servers with a DDoS attack for an hour, in 2002. Since then, unprecedented events like the COVID-19 pandemic forced people to work from home, conceding them to make the utmost usage of technology from home, as a “new normal” for more than a year.

The global costing of cybercrime was $3 trillion in 2015, predicted by cybersecurity experts to escalate up to $10.5 trillion by 2025, as per Cybercrime Magazine. Supply chain and ransomware attacks took over the headlines in 2021, concluding the year with security practitioners scrambling to guard against the Log4j vulnerability exploit, leading hundreds of millions of devices at risk.

Highlights of several reports showcase the predictions for the attack trends in 2022. With a major hearsay over diverse attack trends such as Business Email Compromise (BEC), Ransomware, Supply Chain targeting and crypto jacking to name a few, listed beneath are some of the attack trends that might come forth in 2022:

Business Email Compromise (BEC): An exploit that aids an attacker an access to a business email account, imitating owner’s identity, defrauding the company and its employees, this kind of attack still lies at the topmost potential breach over the years. Stated by FBI as a” $26 billion scam”, over 50 percentile of the incidents that took place in 2021 were BEC attempts.

Various companies like Facebook, Google, and Snapchat along with Toyota went through the BEC scam, resulting in 100’s of millions of collective losses. Furthermore, Puerto Rico’s finance director Ruben Rivera was scammed too, resulting in $2.6 million loss. Apart from these, gift card BEC scams are still prevalent in the cyber community throughout the world.

Digital Supply Chain Targeting: An attack procedure that targets a trusted third-party vendor who offers services or software crucial to the supply chain, the biggest supply chain targeting occurred in July 2021, when an IT infrastructure management company was attacked by REvil, demanding $70 million and holding more than 1,000 companies’ ransom.

Other supply chain attacks sufferers in 2021 were Microsoft, Uber, Apple and Tesla due to compromised dependency, Mimecast due to compromise of security certificates, SolarWinds due to backdoor injection, ASUS due to introduction of malware as an auto-update damaging 5 million systems, and Event-stream due to malware injection. As these kinds of attack do not wear off easily, many organizations are bound to guard against the common pattern of attack.

Ransomware: Designed to obstruct access to a computer system for a ransom, the biggest ransomware attack occurred in May 2017, when WannaCry ransomware fast-spread across the world. Infecting 110000 IP addresses in just 2 days, it was acclaimed as one of the most notoriously destructive ransomware attacks of all time. Apart from these, the biggest ransomware attack shareholders were TeslaCrypt in 2015, NotPetya in 2017, REvil or Sodinokibi in 2019, and SamSam in 2018.

The average length of system downtime after a ransomware attack is 21 days. As 80% of ransomware victims who gave a ransom payment stated that they faced another attack soon after, ransomware strengthens its wings outright, as the average cost of recovery from a ransomware attack doubled from $761K to $1.85 million between 2020 and 2021, contributing to be the largest security issue in cybersecurity world, as per Business Leader UK.

Attacks in vulnerable Cloud Infrastructures: Vulnerability in cloud due to ill-configured firewall, an unpatched OS or unencrypted data leading to unauthorized access, misusing the data and information can be referred as a cloud vulnerability. Over the last 5 years, the increase in cloud vulnerabilities have increased by 150% as per IBM. Also, the Verizon’s DBR encountered that 90% of 29,000 breaches were caused by web app breaches. With the major cause of attack being improper management of RDP (Remote Desktop Protocol), the cloud data security falls in the hands of attackers due to weak authentication, shadow IT use, misconfigurations, and more.

Accenture, fell prey to an attack via the LockBit ransomware in 2017 and 2021 repeatedly, as the data breach was encountered including misconstrued critical systems, inadvertent disclosure, and subsequent malware infections. Similarly, Verizon fell prey to DDoS attack in 2020, Cognyte had its database unsecured without authentication protocols, and Raychat faced a database configuration breach due to MongoDB misconfiguration.

Remote Work Attacks: In today’s world, the large-scale adoption of mobile wallets and touchless payment technology has had its adverse effect due to security breaches, despite of limitation in germ transmission. Also, the new trend of “work-from-home” after the pandemic has resulted in exploitation of home-based systems and devices at a greater extent.

As mobile devices and home-based systems account to 60% of digital fraud, from phishing attacks to stolen passwords. The leak of data due to erroneous app usage, connection to random open Wi-Fi network, Identity theft to add new mobile phone accounts, usage of systems that are way older to get latest security updates, poor password security, and usage of apps with weak security are the major trails for being attacked.

Insider Threats: The negligent or malicious activities implemented by employees in an organization, in turn leading the hacker to the unauthorized access of an organization’s resources, data, information, network, systems overall are termed as Insider threats. A special kind of issue in cybersecurity, they pose a significant risk in the disrupting the security premise of an organization due to their complexity in detection. Misconfigured systems, phishing or ransomware scams, security fatigue and negligence, and insiders with malicious intent are the most playable forms of insider threats, breaching the security posture of an organization.

In 2020, 68% of organizations were reported to be the victim of insider threats. Twitter, a victim of insider attack beared a loss of $250 million in 2020, Capital One Bank lost data of 106 million customers due to web application firewall misconfiguration in 2019, Apple lost its iOS source code in 2018, Cisco had it’s 16000 client accounts unusable for weeks with a loss of $1.4 million, Desjardins faced the data exposure of 2.9 million customers due to an insider employee who exposed the data publicly. The severity of insider threats has increased even more, leading the cybersecurity more vulnerable in terms of security for the year 2022 and beyond.

Crypto-wallet Hijacking:  Another booming sector for the data breaches, the crypto-wallet hacking can be referred as the theft of crypto-keys or unauthorized withdrawals of digital currencies such as Bitcoin, Ethereum, and many more. In the last 5 years, the mining of the cryptocurrencies has led to the infiltration of digital wallets and theft of digital currency with the usage of a user’s private key to breach the security systems.

In January 2022, had some news about the hack of 483 user accounts and unauthorized withdrawals of over $15 million worth of Ethereum, $19 million worth of Bitcoin and $66,200 worth of other digital currencies bearing a total loss of $35 million, due to the transaction approval without 2FA authentication control. Also, in Feb 7, 2022, $2 million was withdrawn from Trezor Crypto Wallet as a cryptocurrency theft.


Author - Sahitya Nepal, Vairav Tech.