As we noted in part 1 of our cybersecurity trends post, the recently discovered log4j will likely play a role in a variety of cybersecurity threats in the coming months. However, malicious actors never restrict themselves to a single flaw or exploit. Following is a look at some of the threats we expect to be front and center in 2022, along with our recommendations for minimizing your risk.
Ransomware
Ransomware attacks reached record levels in 2021 and analysts expect the upward trend to continue in 2022. The rise of Ransomware-as-a-Service (RaaS) as a criminal industry is helping drive more frequent attacks. Automated ransomware delivery kits designed for attacking thousands of random IP addresses and targets are available on the Dark Web for about $200. Subscription-based RaaS exploits cost about $50 a month.
Attacks against critical infrastructure are also likely to increase. In 2021, there was a steep increase in attacks targeting oil and gas pipelines, water treatment plants and the food and agriculture sector. These are enticing targets because there is greater urgency to pay a ransom in order to quickly restore operations and minimize the impact on large swaths of the civilian population.
- Our recommendations: Create redundant backups to ensure you can always access a good copy of your data. Train employees to recognize and prevent phishing or ransomware attacks. Consider purchasing cybersecurity insurance.
Supply chain attacks
Attacks designed to exploit the connections between customers, partners, suppliers and service providers will remain a significant threat in 2022. The Kaseya and SolarWinds hacks are high-profile examples of attacks in which a single weak link in a supply chain enabled criminals to spread malware to hundreds or thousands of victims.
This attack scenario has become a favorite for nation-state cybercrime groups often affiliated with adversarial governments from Russia, China, North Korea and Iran. These threat actors are sophisticated, innovative and well-funded, with access to cutting-edge technology. According to a recent academic study, nation-state attacks against U.S. interests have increased 100 percent since 2017.
- Our recommendations: Vet your suppliers and partners to ensure they are complying with industry security standards. Don’t buy hardware or software with custom or non-standardized configurations. Develop a contingency plan in the event of a supply chain issue
Cloud misconfigurations
Organizations have rushed to deploy new applications and workloads to the cloud over the past two years, often without realizing how much work it takes to manage cloud resources. Every cloud service requires configurations related to users, roles, permissions, storage buckets, service connections and more — and configuration flaws are among the leading causes of cloud security threats.
According to one recent study, three-quarters of organizations have one or more critical configuration errors that could expose sensitive data. Another study finds that two-thirds of cloud security incidents involve improperly configured application programming interfaces (APIs).
- Our recommendations: Automate configuration management with tools that continuously monitor cloud environments and automatically detect and correct misconfigurations. Conduct regular assessments of your cloud instances to identify configuration flaws and protocol vulnerabilities.
Encrypted threats
Malicious actors are regularly leveraging encryption to slip past network defenses in order to distribute malware, launch ransomware attacks and exfiltrate data. Security analysis indicates that more than 90 percent of network threats are now delivered over encrypted channels.
The best way to detect these threats is to decrypt and inspect encrypted data packets, but that’s a compute-intensive process that many firewalls weren’t built to handle. As a result, it has become common practice to configure firewalls to let encrypted traffic pass through without inspection.
- Our recommendations: Implement a next-generation firewall with system-on-a-chip (SoC) processors that can handle many encryption/decryption tasks. Or consider using a managed firewall service.
Comments