2021 was a year of navigating highly treacherous terrains for cybersecurity professionals across the globe; ransomware attacks had hit a record-shattering 105% boom and cyber-attackers were becoming more devious as demonstrated by the industry-shaking SolarWinds incident, where hackers could sustain unrestricted and undetected access to the SolarWinds systems for over a year due to the sophistication of their malicious Sunburst code and how it was implemented. However, most of these developments were to be expected. With the ongoing digitalisation and technological evolution of society, there are opportunities abound for nefarious hackers to exploit an expanding pool of prey. And as we near the end of the first quarter of 2022, this worrying phenomenon seems to show no sign of letting up.
Therefore, it is crucial for businesses and individuals to stay up-to-date on the latest cybersecurity trends, such that they can be aware of the ever-growing avenues and types of cyber-attacks and what safeguards they can employ to mitigate the risks. So, before your search in Singapore for cybersecurity solutions begins, let us share our predictions on the most significant cybersecurity trends in 2022 and beyond.
For many experts, the unprecedented hike in cyber-attacks in recent times – with a staggering 81% of global organisations experiencing said increase for themselves – can be largely blamed on the coronavirus pandemic; as a natural result of social distancing and remote working regulations, cyberspace activities like video conferences and webinars have grown and allowed cyber threat actors to extend their range of operations. In Singapore alone, it was reported that 7 in 10 private and public sector organisations fell victim to cyber-attacks due to the Work-From-Home (WFH) arrangements amid the COVID-19 pandemic.
Among the rising cyber threats, ransomware attacks have surged astronomically last year, targeting businesses of all sizes and industries. In fact, more than one-third of organisations internationally reported being the victim of some type of ransomware attack in 2021. Not to mention, the FBI’s Internet Crime Complaint Center reported a 62% year-over-year increase in ransomware complaints for the first half of 2021 alone. The way things are unfolding, cybersecurity experts predict that ransomware attacks will continue to be the plight of organisations and individuals alike in 2022.
Apart from rising in number, what is more alarming about ransomware attacks is that they are continually transforming and threat actors are executing them with greater finesse. Over the last two years, attacks have become more sophisticated, focused, and financially draining to organisations. Before, cybercriminals would normally and only infect devices with a virus that locks files away behind near infrangible cryptography, threatening to withhold or destroy the data unless a ransom is given for a decryption key. However, this is no longer the only business model they follow.
These days, organised crime groups have moved on to more deadly ransomware tactics, namely Ransomware-as-a-Service (RaaS) and double-extortion schemes. The former involves multiple threat actors combining their different expertise to deploy ransomware and share the ransom payment for their joint effort. RaaS scales up attack operations easily and lowers the bar for less technically skilled threat actors to engage in this type of crime, which increases its risk to organisations. The next problem is double-extortion ransomware attacks, or ‘name-and-shame’ schemes, where hackers extract and exfiltrate data for the purpose of extortion. This means that if an individual or organisation does not pay the ransom, their files will not only be lost but will also be released to the web.
Phishing, the most common kind of social engineering, will also be a tall and long-standing hurdle for many organisations in 2022. It involves cybercriminals impersonating reputable figures or institutions in the panic-inducing emails and text messages they send out in bulk, with the aim of scamming victims into disclosing private information or downloading viruses. Since phishing is the popular pick amongst cybercriminals to deploy ransomware or other varieties of malware into systems and networks, it makes sense that CISCO reported in 2021 that phishing played a key role in around 90% of data breaches.
In the upcoming years, ransomware and phishing tactics are expected to continuously evolve and remain prevalent, as hackers remain determined to infiltrate organisations’ systems and access their confidential data.
There is a pressing need for the various businesses and authorities to broaden their perspective of what malware’s dangers are comprised of; besides the advancement of malware technology itself, the strategic entry points chosen by threat actors to infect and cripple systems with viruses are also a mounting problem. And cybersecurity specialists anticipate that targets along the supply chain are gaining traction amongst the cybercriminal community as ideal entry points.
As its name suggests, a supply chain attack refers to when threat actors hack your system by first targeting any of your organisation’s third-party providers, suppliers, or partners with access to it. The 2021 SolarWinds breach is a perfect example of a supply-chain attack and how far-reaching its consequences can be: a few hundred organisations, even government agencies and cybersecurity firms, were compromised after downloading malware embedded in an update for the SolarWinds network management software.
Supply chains are particularly appealing targets not just to cybercriminal syndicates who aim to launch wide-ranging extortion attacks, but also to nation-state actors who seek expansive access to espionage-connected targets. There are also access-as-a-service (AaaS) brokers who are predicted to target businesses in the supply-chain sector, since they can earn huge pay-outs for illegally acquiring and selling access to the networks of such businesses for the usage of other ill-intentioned hackers. Finally, since global economic shortages and disruptions are continuing as a consequence of the COVID-19 pandemic, this gives threat actors more impetus to continue supply-chain attacks and wreak more havoc in 2022.
Cybersecurity attacks are increasing in scale and trickiness, leading many experts to believe that examining and enhancing cybersecurity posture is no longer a human-scale problem. Rather, cybersecurity teams now require the assistance of AI-based tools to minimise breach risk in the most effective and efficient manner.
When it comes to performing penetration testing services in Singapore, particularly, AI and machine learning are considered excellent aids for pen testers who are constantly faced with the wide variety of technologies and IP addresses utilised by organisations. AI can help by automating the different phases of a pen test, from gathering and analysing information about the targeted system to determining the different courses of remedial action against exploitable system weaknesses.
AI is also especially helpful for organisation systems that need to process and support thousands of events happening simultaneously and are thus vulnerable targets for many malicious hackers. To elaborate, AI’s predictive powers can enhance the precision and speed at which cybersecurity teams identify irregular online behaviour or traffic that point to a potential attack. What’s more, AI’s applications extend to producing proactive system reports, automating runtime monitoring, and verifying the state of a system’s security.
This is why more and more companies are expected to invest in such valuable AI-powered solutions this 2022. And as this trend picks up, regulatory bodies like government agencies will play a key role in formulating comprehensive policies and legislation to ensure AI is implemented ethically and responsibly.
However, while AI has significant advantages in terms of improving organisations’ security, the flip side is that it can also be used to help cybercriminals evade the protective measures of various cybersecurity systems. This ultimately makes innovations in AI-driven cybersecurity technologies even more critical for combatting AI-powered cyber-attacks.
According to Ericsson, the number of gadgets that can connect and share data with other devices or systems over the Internet, collectively referred to as the Internet of Things (IoT), is expected to reach 18 billion by 2022. This signifies that the number of potential entry points for cybercriminals to breach and disrupt digital systems is also rocketing. Especially with smart home appliances, such as smart fridges and smart speakers, becoming commonplace in many households, cybercriminals are afforded a broader attack surface to steal the data stored on people’s smartphones.
Aside from widening its network, the IoT is also becoming more sophisticated in 2022. This is because a substantial number of organisations now participate in the development of ‘digital twins’ – elaborate digital simulations of objects and processes, including whole systems and businesses. These models are usually connected to operating systems and consequently offer an even greater array of data and access points to cybercriminals.
Overall, many experts believe that cyber-attacks on IoT devices will undoubtedly increase in 2022. Centralised cloud infrastructures and edge computing devices that process and store data close to where it is sourced from are all vulnerable. For this reason, cybersecurity awareness is very much necessary nowadays for organisations to secure their operations and assets. Combining education efforts with employing appropriate cybersecurity solutions, such as Singapore’s Vulnerability Assessment and Penetration Testing (VAPT) services, would be the best protective action for businesses to take and should be a top priority in 2022.
Cybercrime is a lucrative business for many malicious entities. Additionally, hackers will be emboldened by the major security breaches in 2021, such as the SolarWinds’ supply-chain havoc, to persist in launching cyber-attacks to injure organisations’ systems and reap high profits. Therefore, as you keep in mind the latest cybersecurity trends highlighted in this article, your organisation can be better prepared for and mitigate the risk of a security breach.
At GROUP8, we understand the importance of implementing robust and effective cyber defence measures for organisations to evade the ever-evolving cyber-attacks on the horizon. This is why our expert team is committed to helping your business close any security gap with our suite of industry-leading cybersecurity solutions, which includes penetration testing, web application security, phishing detection, and blockchain security services. As we forge our path into 2022 with our unwavering philosophy of “Offence-Led Cyber Defence” and spirit of innovation, GROUP8 strives to continue empowering organisations to be in control and well-prepared for the cyber-threats of today and tomorrow.