Cyber Security Trends 2022: The ten biggest IT security threats to your business!
by Svenja Koch
The threat situation remains extremely tense. This one sentence sums up what the security experts from McAfee Enterprise and FireEye, among others, reveal in their 2022 Threat Predictions. The IT security threats in 2022 are characterized by optimized attack strategies and methods that are targeting companies and employees more perfidiously than ever before. If 2021 was already a "successful" year for cybercriminals: the cyber security risks in the new year take this to the next level.
1. Social media as an attack vector for nation-state attacks
Because there is almost unlimited money and capacity available for their development, hacking tools developed by nation-states are exceedingly efficient. Accordingly, the so-called nation-state tools and techniques are also popular among cybercriminals. On the darknet, such tools as the Eternal Blue exploit are traded on the black market. The return on investment in using such tools is high. No wonder cybercriminals rely on attack methods that mimic nation-state technology. Security specialists see one of the major IT security threats in 2022 in the area of social media. Here, it must be assumed that nation-state attackers will use social media as attack vectors to target enterprise professionals specifically. The aim is to infiltrate companies through the back door for various criminal purposes.
2. When the call from the boss is not the call from the boss at all - deep fakes are on the rise
Deep fake attacks are one of the relatively new IT security threats facing companies in 2022. Deep fakes are the digital imitation of voices or faces used by cybercriminals, especially social engineering attacks. If the chief accountant receives a call from his superior requesting a large transfer to a foreign bank account - then, unfortunately, it must also be assumed that deep fake technology is in use here. Deep fakes are one of the most significant cyber security risks in the coming year. The number of such attacks will increase, and the quality of deep fakes has risen extremely sharply in the meantime.
3. Ransomware for all: the RaaS sector will grow again in 2022
Data encryption extortion attempts using ransomware have been significant trends in cybercrime. In 2022, ransomware attacks will again be among the most threatening cyber security risks. This is because a shadow economy has formed around ransomware on the darknet, making ransomware extortion easier than ever before. Ransomware-as-a-Service (RaaS) is the name of the business model in which cybercriminals can easily and conveniently rent ransomware. The attackers themselves need only rudimentary knowledge of the technology - the RaaS providers provide the expertise. RaaS is lucrative for providers and users alike. Users receive a readily configured ransomware tool to carry out their attacks immediately. In return, the malware providers receive a pre-agreed percentage of the captured ransom, payable mostly in cryptocurrencies.
4. Cybercriminals are expanding their networks
Security experts see the increasing networking among cybercriminals as one of the biggest IT security threats for 2022. On the one hand, established hackers are aggressively promoting their cybercriminal networks, and on the other, the balance of power in the RaaS ecosystem is shifting simultaneously. The new key players here are no longer those who develop and distribute the ransomware - but the hackers who keep the victim networks under control. Better-connected cybercriminals mean more quality of - in addition to increasing quantity, which is also expected. More cyberattacks, in turn, lead to more defensive measures on the part of companies. It is not unlikely that 2022 could be the year of cyberwar.
5. Increase in mobile malware attacks
Cyber security risks that will again increase significantly in 2022 undoubtedly include cyberattacks on mobile payment platforms and mobile wallets. Mobile access to the Internet is becoming increasingly popular. Accordingly, cybercriminals see optimal opportunities here for attacks of all kinds. Cyberattacks on mobile devices will undoubtedly be among the most prominent IT security threats in 2022.
6. IoT and the Cloud: Beware of attacks on your APIs
API, or application programming interface, is a fine invention. The interface allows services and products to communicate with each other regardless of implementation, resulting in faster application development. APIs also simplify the integration of components into existing IT architectures, which takes a lot of work off the shoulders of software developers. Whether cloud-native application development or microservice applications: APIs have become an indispensable technology for remote data integration. More than 80% of all Internet traffic now runs via API communication. The problem is that many companies operate API-based applications without a suitable security strategy behind them. Cybercriminals are well aware of this - and are explicitly targeting unprotected APIs. The cyber security risks expected around APIs in 2022 include injection attacks, cross-site scripting, credential stuffing, and man-in-the-middle attacks.
7. Zero-day exploits: the jackpot for cybercriminals
Arguably the best thing that can happen to a hacker is the possession of a zero-day exploit. The option to execute a cyberattack via an unknown vulnerability is coveted. Accordingly, such vulnerabilities fetch top prices on the market - more than a million dollars are easily paid for zero-days. In 2021, global IT security caught more zero-days than ever before. The 0-Day Tracking Project database lists 66 tracked zero-days for 2021 - twice as many as a year earlier. This IT security threat will continue to be a mainstay in 2022.
On the one hand, it has never been easier to buy fresh zero-days from the exploit industry. On the other hand, more and more cybercriminals recognize the high financial potential behind vulnerabilities in software. Two points will continue to make zero-day exploits the most dangerous cyber security risks in the coming year.
8. Supply chains remain in focus
What secion feared in a May 2021 blog post has arrived: Cyberattacks on corporate supply chains have increased worldwide. It is to be expected that this form of IT security threat will not only continue in 2022 but will once again rise in frequency. As a recent PricewaterhouseCoopers (PwC) study found, German companies in particular still underestimate the threat posed by supply chain attacks. The cyber security risks are triggered by inadequate management and a reactively controlled guarantee of natural disasters, especially in our globally networked world. Even if many companies have already confirmed increasing their cyber defense budgets significantly, we still rank supply chain attacks among the most significant threats in 2022!
9. Cryptocurrencies in the crosshairs
Cryptocurrency trading continues to penetrate the middle of society. Accordingly, crypto wallets are well-stocked worldwide. Cryptocurrencies are popular with cybercriminals for two reasons. On the one hand, Bitcoin and Co. are ideally suited as an anonymous means of payment for ransomware extortions. Secondly, cybercriminals know very well that many wallets are hardly or insufficiently secured. The billion-dollar market tempts investors and cybercriminals alike with high returns. Poorly secured wallets and the expected attacks on them must be counted among the most critical cyber security risks in 2022.
10. Proxy wars on the Internet
It is not only materially driven cybercriminals that are upgrading. Political activists and nation-states must also be counted among the most dangerous IT security threats in 2022. While cybercriminals are "only" concerned with economic damage, terrorist groups, hacktivists, and state-funded attackers threaten critical infrastructure. Hospitals, energy providers, or municipalities: there is hardly any area of public life that could not become the target of politically motivated cyberattacks. Cyberattacks as a proxy war to destabilize entire countries - what still sounds like a dystopia can quickly become a bitter reality.
Predictions are always like the famous look into a crystal ball: entertaining yes, serious no. Unfortunately, the situation is different regarding IT security threats in 2022. What security experts worldwide predict for next year reads like an eerie science fiction novel - only without the "fiction." An unprecedented amount of cybercrime incidents has been marked this year. Criminals are networking with each other, resorting to powerful "business models" like RaaS, and targeting vulnerabilities. From supply chains to the Internet of Things to critical infrastructure, just about every aspect of our lives is at risk. Now, we would love to conclude by writing that cyber security risks in 2022 are not exceptionally as threatening as they are this year. However, our experience - and the studies of security experts worldwide - show a very different picture. 2022 will be a year in which cyber security must be ramped up in all companies. The looming threat can be countered only with appropriate strategies, proactive cyber defense, zero trust, and 24-hour monitoring of corporate networks.