Last year was an unprecedented one for cybercrime. We saw the volume and severity of cyberattacks rise sharply, with a variety of high-profile events taking place amid one of the more challenging periods in American history. As the COVID-19 pandemic caused organizations around the world to rapidly shift from in-office to remote workplace models, serious vulnerabilities in corporate IT were revealed — or introduced through a patchwork of hastily-acquired tools.
According to independent research from Acronis’ Cyber Protection Operation Centers, risk levels remain high — and the cyberthreat landscape continues to evolve rapidly. We’ve looked at patterns from last year, as well as current events and known vulnerabilities, to develop a security forecast for the coming months. These insights have been compiled into the Acronis Cyberthreats Report 2022, a free and important resource for IT channel professionals.
Here are some of the trends we can expect in 2022:
1. Ransomware attacks will keep growing and evolving
Already one of the most profitable cybercrime trends, ransomware is poised to continue its dominance. We expect threat actors to turn special attention towards macOS and Linux operating systems, as well as virtual systems and even the Internet of Things (IoT) — anything that connects to a reachable network is a potential target.
The need to extend cyber protection to Linux systems is particularly important. About 90% of cloud infrastructure, 72% of IoT devices, and all of the top 500 supercomputers are powered by this family of operating systems. Malware threats against Linux rose by 35% in 2021 alone.
The continued growth of ransomware will inexorably lead to devastating impacts in the real world, and to greater demand for official regulations and sanctions. However, law enforcement efforts — which have struggled to keep up with such technology — will face new and even more perplexing tactics from cybercriminals. Constantly evolving methods and tactics (such as smaller-tier groups) will permit threat actors to nimbly circumvent criminal investigations as they extort an ever-growing array of businesses and organizations.
2. Attacks on blockchain assets — like cryptocurrency — will escalate
As many cryptocurrencies soared over in value the last year, attacks on cryptowallets and exchanges have increased significantly. This trend is poised to continue throughout 2022.
End users have struggled with both credential-stealing phishing attacks and malware that swaps cryptowallet addresses in memory, causing victims to inadvertently redirect funds to attackers’ accounts. The cryptocurrency exchange Coinbase reported that 6,000 of its customers fell victim to fund-draining phishing scams last year.
The experts at our Cyber Protection Operation Centers (CPOCs) predict more attacks being waged directly against smart contracts in 2022 — attacking the programs at the heart of cryptocurrencies. Attacks against Web 3.0 apps, built on public blockchains, are likely to rise as well. This opens up new opportunities for sophisticated tactics like flash loan attacks, which may enable attackers to drain millions of dollars from cryptocurrency liquidity pools.
3. Phishing will continue to dominate with new tricks
Phishing is already the primary attack vector for cybercrime, with 94% of all malware delivered via email. Its dominance has only increased with the prevalence of remote workplace models. Training users to recognize and avoid phishing is helpful, but users continue to fall victim — and it only takes one successful attack to compromise an entire organization.
Automation is now being used to personalize messages with information mined from corporate websites and social media, making phishing tougher to identify as malicious. This trend is expected to continue throughout 2022. The hijacking of legitimate email services for spam campaigns is similarly worrisome, as victims will struggle to recognize cyberthreats. In order to bypass common anti-phishing tools entirely, business email compromise (BEC) attacks will also make use of alternative messaging services, such as text messages, Slack, or Teams chat.
4. Complex environments will lead to countless breaches
Expect many large-scale data breaches in 2022. Despite an increase in data privacy regulations, the number of reported incidents will rise considerably —a primary reason being that companies have lost sight of where all their data is stored, and how it can be accessed.
Complexities in IT environments, especially cloud services and storage, make data management and privacy compliance a challenge for many organizations. Attackers are turning particular attention towards cloud services and APIs to disrupt processes. Automated data exchange from IoT devices and M2M communications is also increasing the spread of data dramatically.
Unfortunately, data breaches often have cascading consequences. In addition to the financial and reputational harm they cause to victims, the information mined from leaks can be used to tailor future attacks more effectively. With cyberthreat automation in full swing, doing so has become trivial.
Protect your data from today’s cyberthreats
To better prepare for the modern threat landscape, service providers should look to consolidate IT tools and move towards integrated solutions — an approach that can help to minimize supply chain attacks and enable more rapid reaction and recovery times. MSPs use an average of four vendors, and this can seriously complicate management efforts while potentially opening up devastating security gaps.
Discover the award-winning power of integrated anti-malware protection, multi-platform data backup, automated vulnerability assessments and patch management, and more — all through a single pane of glass — when you start your free trial of Acronis Cyber Protect Cloud.