With the digital world becoming an intricate part of our lives and with organisations moving their business models to the online mode, cybersecurity is the need of the hour. As we enter the new year, it is, hence, important to know what the five more important cybersecurity trends of 2022 will be.
A zero-click attack is where the cybercriminal exploits a flaw in the device to get into the system. The striking feature of a zero-click attack is that it does not require the user to click anywhere to download the malware, as is the case with phishing or social engineering scams. The vulnerability could be in iOS, Android, or Windows or macOS.
We have already seen zero-click attacks come into the limelight over the past few years. The 2019 Whatsapp breach is a well-known zero-click attack triggered by a simple missed call. This call exploited a source code flaw in the framework of WhatsApp and did not even need the victim to pick up the call. Once installed, the malware could remove any trace of the said call too. The Pegasus spyware scandal also created ripples worldwide due to its misuse. It has also evolved from using phishing techniques to carrying out zero-click attacks, thus making it a potent spyware software.
Zero-click attacks are one of the key cybersecurity trends for 2022 and beyond. However, unlike other cyberattacks, these do not leave behind any trace, thus making it tough to track by security agencies. Although there is no fool-proof prevention plan against such an attack, one must ensure that all operating systems and software are up to date. This will ensure that all vulnerable patches in the older versions get plugged.
A phishing attack is one where a fraudulent communication, usually an email, appears to have come from a reputable source. Such attacks aim to steal sensitive data such as login details and passwords, credit card information, and the likes. It also, at times, seeks to install malware on the victim’s machine.
The pandemic has seen a massive rise in phishing attacks. David Warburton, the author of the F5 Labs 2020 Phishing and Fraud Report, noted that phishing incidents rose 220 per cent during the pandemic. Further, The Economic Times reported that 83 per cent of Indian IT companies feel that phishing has seen a rise during the same time.
Cybercriminals have exploited the fear among individuals and companies and coerced them into revealing crucial data. People posing as health officers or those impersonating officials from authorities like WHO or the Government have been sending malicious emails, creating an unsafe cyber environment. Also, individuals working from home, and often using unsecured networks, has aided the spurt in phishing attacks.
Preventing a phishing attack, however, is not impossible. Generally, there are some clear red flags, such as unfamiliar attachments and incorrect spellings. Therefore, training and presence of mind are essential in this regard. Additionally, if an organisation follows advanced PAM (Privileged Access Management) to protect employee data and track emails, and if individuals use only secured networks, then it is possible to avoid such malicious attacks.
A cryptocurrency is a digital or virtual currency backed by cryptography. A crypto-trading platform is one where exchanges take place between a digital currency and another digital currency or a fiat currency. A cryptocurrency exchange is thus an intermediary between a buyer and a seller.
In 2021, Binance, Huobi Global, Coinbase and Kraken were some platforms that handled the maximum crypto-transaction volumes. With cryptocurrency platforms becoming more popular, they are slowly becoming the area that cybercriminals are targeting. They are using phishing, social engineering tricks, and malware for crypto-jacking. Crypto-jacking is a process wherein cybercriminals get into computers of organisations and individuals and instal software that mines and steals cryptocurrencies from unsuspecting victims. Since legislation in this domain is also nascent in many countries, it is susceptible to many vulnerabilities.
As far as the statistics go, a report by CNBC showed that $7.7 billion was stolen in crypto scams in 2021. One of the biggest crypto thefts of 2021 was stealing $610 million by criminals when they attacked Poly Network, a platform that connects various blockchains. These cybersecurity trends will continue to rise in 2022, with the growing hype around this technology.
Supply Chain Attacks
A supply chain attack is one where the attacker attempts to enter and disrupt the computer systems of an organisation’s supply chain to harm that company. In such attacks, the key suppliers of the organisation are left vulnerable, thus, often becoming the primary victims. Through such attacks, criminals usually manage to adversely affect many systems in one go and often demand enormous sums of money to restore access.
2021 saw some major supply chain attacks. For example, Kaseya VSA, a remote monitoring and management software platform, became a victim in July 2021. The REvil ransomware group exploited a vulnerability that impacted thousands of companies worldwide deploying Kaseya’s compromised software. REvil demanded a $70 million payment in bitcoin to decrypt all the systems. Later this amount was reduced to $50 million but it still went down as one of the biggest ransomware attacks in history.
The second major attack was on SolarWinds, compromising the US Treasury Department. Even if not related to money, it was possibly a more damaging one. The reason being that it was made to get access to government agencies to gather sensitive information about state secrets.
In 2022, supply chain cyberattacks and their avoidance will possibly become one of the key cybersecurity trends to keep an eye on. To block such attacks, data protection within the hardware and software will be of vital importance. In addition, one is likely to witness more learning in the domain of artificial intelligence to curb supply chain attacks more effectively.
Ransomware holds a victim’s information at ransom by using encryption. When an individual or a company is under attack, specific or all files, databases, and applications become inaccessible. The attacker demands a ransom, typically in fiat or cryptocurrency.
True to the progress over the past decade, 2021 saw some huge ransomware attacks worldwide. The breach of the Colonial Pipeline in April 2021 got the maximum media attention. This attack caused a lot of panics as it disrupted the gas supplies all along the US East Coast. Colonial Pipeline had to pay the attacking group a whopping $4.4 million in bitcoin to restore the services. Another organisation that saw a considerable ransomware attack was Acer which the REvil hacker group exploited. They demanded a $50 million ransom, the largest known to date.
With people often not following good cyber hygiene and not having proper data backups to fall back on, 2022 is likely to witness a jump in ransomware incidents. The ransom demands are also likely to shoot up in the new year. According to the Acronis Cyberthreats Report 2022, among Asian countries, India ranked fourth in terms of doubling ransomware detection rate. It saw a rise to 7.34 per cent in Q3 2021 from 3.65 per cent in Q2 2021.
The Indian Computer Emergency Response Team (CERT-In) tracks cyber security incidents in India. This team found over 6.07 lakh cyber security incidents in India in the first six months of 2021. Unfortunately, this number has grown after that. As cyber attackers continue to find newer ways to intrude, 2022 will be no different. The possibility of data breaches continues to rise the world over, both at a personal and business level. Therefore, it is critically important to ensure that sensitive data remains protected.