Expect a cybercrime feeding frenzy in 2022

Issue 1 2022 Cyber Security

South African CISOs are making cyber resilience a top priority again this year and with good reason: 2022 looks set to be a feeding frenzy for cyber criminals. All indications are that this year could set new records in terms of the volume and ferocity of cyber-attacks.

Doros Hadjizenonos.

FortiGuard Labs’ predictions for 2022 indicate that cyber attackers will be aggressively targeting fresh victims and attack avenues, with organisations scrambling to defend themselves from attacks on every front. Attacks will be launched on everything from crypto wallets to satellite services, from the core to the edge.

Research by FortiGuard Labs last year showed an almost 11x increase in the number of ransomware attacks between 2020 and 2021, with continued growth expected this year.

But the volume of attacks is not the only thing to be concerned about. Until fairly recently, most cyber-attacks have targeted known vulnerabilities, but there are now indications that cyber criminals are redoubling their efforts to find and exploit new vulnerabilities.

As the potential attack surface continues to expand, cyber criminals will be looking to target every possible attack vector, such as new hybrid networks and work environments, remote workers and evolving connectivity options and new business-critical applications being deployed in the cloud.

Fortiguard Labs predicts new exploits targeting satellite networks over the next year and has begun to see new threats targeting satellite-based networks, such as ICARUS, which is a proof-of-concept DDoS attack that leverages direct global accessibility to satellites to launch attacks from numerous locations.

FortiGuard Labs also sees new edge-based challenges emerging. As edge devices become more powerful, with more native capabilities and more privileges, Fortinet experts expect to see new attacks designed to 'live off the edge'. Malware living in these edge environments will use local resources to monitor edge activities and data and then steal, hijack, or even ransom critical systems, applications and information while avoiding detection.

Given the recent attacks on critical infrastructure, FortiGuard Labs also expects to see more cybercriminals targeting operational technology (OT) systems, with the emergence of highly specialised tools that are now being packaged as attack kits on the dark web for this purpose.

FortiGuard Labs also expects to see a spike in new attacks including Linux platforms, expanding the attack surface further, out to the network edge.

Because cybercrime is proving wildly lucrative, with the US Treasury's Financial Crimes Enforcement Network (FinCEN) reporting nearly $600 million in ransomware pay-outs in the first half of 2021 alone, the challenge will be compounded by the expanding crime-as-a-service market, with new criminal solutions likely to emerge, including phishing and botnets-as-a-service and an increase in the sale of access to pre-compromised targets.

Protecting your network

If your network and security tools are not ready to work as an integrated, proactive cybersecurity mesh architecture to protect your organisation from the next generation of threats now, tomorrow may be too late to make the critical changes you need.

A cybersecurity mesh architecture integrates security controls into and across, widely distributed networks and assets. Together with a Security Fabric approach, organisations can benefit from an integrated security platform that secures all assets on-premises, in the data centre and in the cloud or at the edge.

Defenders will need to plan ahead now by leveraging the power of AI and machine learning (ML) to speed threat prevention, detection and response. Advanced endpoint technologies like endpoint detection and response (EDR) can help to identify malicious threats based on behaviour. Also, zero-trust network access (ZTNA) will be critical for secure application access to extend protections to mobile workers and learners, while Secure SD-WAN is important to protect evolving WAN edges.

Organisations are also strongly urged to harden their Linux systems and OT environments, including adding tools designed to protect, detect and respond to threats in real-time. They also need to take a security-first approach when adopting new technologies, whether upgrading Windows systems or adding satellite-based connectivity, to ensure protections are in place before adding them to the network.

In addition, segmentation will remain a foundational strategy to restrict lateral movement of cybercriminals inside a network and to keep breaches restricted to a smaller portion of the network. Actionable and integrated threat intelligence can improve an organisation’s ability to defend in real time as the speed of attacks continues to increase.

Meanwhile across all sectors and types of organisations, shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts. Aligning forces through collaboration should remain prioritised to disrupt cybercriminal supply chain efforts before they attempt to do the same.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber is a core component of access control
Access Control & Identity Management Cyber Security
When it comes to access control and identity management, cybersecurity plays a critical role in helping to ensure that only authorised users can gain access to a system and that they are who they claim to be.

Governing cybersecurity from the top as a strategic business enabler
Cyber Security
C-Suite executives still do not take cybersecurity seriously enough, while boards are not nearly as engaged in cybersecurity as they are in other areas of oversight.

It is time to take a quantum leap in IoT cybersecurity
Drive Control Corporation Cyber Security
IoT has become integrated everywhere, including enterprises. While it offers many benefits, such as increased productivity and the rollout of mission critical applications, it can also lead to (enterprise) cyber-attack vulnerabilities.

What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Can we reduce cyberattacks in 2023?
Cyber Security
Zero-trust cybersecurity strategy with simplicity and risk reduction at the heart is mandatory to reduce exponential cyberattacks in 2023, says GlobalData.

Key success factors that boost security resilience
Cyber Security
Adoption of zero trust, secure access service edge and extended detection and response technologies, all resulted in significant increases in resilient outcomes, as are executive support and cultivating a security culture.

Enterprise threats in 2023
News Cyber Security
Large businesses and government structures should prepare for cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.

CA Southern Africa unmasks container security
Technews Publishing IT infrastructure Cyber Security
Adoption of software containers has risen dramatically as more organisations realise the benefits of this virtualised technology.

Shifts in threat landscape to industrial control systems
Cyber Security
Kaspersky’s ICS CERT researchers’ predictions include increased attack surface due to digitisation, activities of volunteer and cybercriminal insiders, ransomware attacks on critical infrastructure as well as the technical, economic and geopolitical effects, and the rise of potential vulnerabilities being exploited by attackers.

Advanced persistent cybercrime
Cyber Security
FortiGuard Labs predicts the convergence of advanced persistent threat methods with cybercrime. Advanced persistent cybercrime enables new wave of destructive attacks at scale, fuelled by Cybercrime-as-a-Service.