Congratulations – you’ve made it through another year! Give yourself a quick pat on the back, because last year was a challenging one for the information security in any sector, and we can assume that this new year will bring its own new and unique challenges. As we prepare for them, it’s worth looking at some of the trends we’ve seen over the past year, in order to better understand how to prepare for 2022.
To help you get in shape, we’ll be putting out a short series of blogs detailing the trends and changes in the threats we contend with, as well as shifts that are occurring in parallel to work and organizational paradigms.
In this blog post, we’ll highlight some continuing trends which are worth keeping an eye on.
- Remote Working Models – Hybrid as the New Normal
As Covid-19 continues to rage, the remote work model has become predominant and permanently changed how we address cyber security. Out-of-boundaries access to organizational networks has become common and legitimate, cloud-based infrastructures have transitioned from recommended to almost mandatory, and more and more work is becoming integrated with collaboration tools such as Slack and Zoom.
With all of these changes, the simple reality is that VPNs, firewalls, IDSs and other perimeter-based solutions are no longer enough to secure networks and companies.
- The Growing Ransomware Economy
Following the dramatic upswing in ransomware success in 2020, 2021 has seen a continued meteoric rise in ransomware prevalence.
In addition to the rising prevalence, ransomware attack methods have also progressed by leaps and bounds – both in technological complexity and in terms of leveraging affected companies, with double and triple extortions becoming ever more popular.
Another angle to consider is the rise of the Ransomware-as-a-service model:
As payouts increased, the market has adjusted itself accordingly, allowing cyber criminals to rent infrastructures, tools and abilities rather than having to create them from scratch. Entire ecosystems have been built, enabling technological advancement and scaling opportunities for attackers. This has led to a greater variety of victims, as well as enabling unskilled malicious actors to deploy advanced tools.
- Supply Chain Attacks On the Rise
Most companies do not work in isolation, and communication with other companies is vital. This opens a very convenient window for potential attackers: why attack the highly secured mothership when you can target small vendors and third-party service suppliers – and breach through there?
At the end of the day, a chain is only as strong as its weakest link, and with chains becoming longer, the threat increases. With the increase of remote communication, 2021 saw a commensurate rise in malicious actors taking advantage of this concept, with ENISA (European cybersecurity agency) experts estimating a 400% increase in supply chain attacks in 2021.
- Artificial Intelligence and Machine Learning Coming Into Play
AI in the cybersecurity field has long seemed a futuristic concept, and even five years ago was completely unheard of. However, in the last few years this field has become one of the fastest evolving fields, and with it came real-world use cases for machine learning.
In the current paradigm, AI is now being used on both sides. In the hands of malicious actors, it’s being used to automate attacks, to identify vulnerabilities in systems and to create more accurate phishing, just to name a few examples. At the same time, we’re seeing security benefits as well, through behavioral firewalls and more advanced anti-virus software.
- The Hacker Community and Response Time
Once upon a time, a zero-day released to the public would have taken a few weeks to kick into use – allowing time for companies to respond in a timely manner.
However, as time goes on, we see more and more immediate exploitation of such vulnerabilities. One example of this is the recent log4j vulnerability – which was exploited very fast, successfully being leveraged to damage several companies.
In general we’ve seen more activity and cooperation on dark web security forums, enabling hacking groups and individuals to respond faster and faster to new vulnerabilities and changes.
- BEC (Business email compromise, also sometimes CEO fraud)
The process from initial attack to profit end to end is a long and tiring process – for both victims and attackers. BECs are small, targeted attacks, where a mailbox (usually of an executive / high ranking employee) is compromised and taken advantage of – usually through impersonation and for quick monetary gain. There are many methods, but some popular ones are for the attacker to reach out to investors from the executive email account and request for funds to be directed to a different account, or telling financial staff in the company to put through an emergency bank transfer to the attacker’s account.