On pace with the spread of the pandemic, cyberattacks exploded across industries in 2021. Hackers took advantage of vulnerabilities in remote work and the continued digitization of business processes to siphon millions of dollars.
As we move into the new year, we’re seeing new threats on the horizon, as cybercriminals develop more accessible pathways to launch attacks, race to exploit automated technology, and even prey on the humans who use it.
Let’s explore the top four ways cyberattacks will evolve this year: Hackers will expand their exploitation of the systems that enable the new normal of working from home, specifically targeting new ubiquitous cloud data storage systems. The cloud’s decentralized nature leads many to believe it’s inherently secure, and companies migrated to reputable cloud platforms believing using these systems alone would serve as enough protection.
But even companies that use Microsoft Azure or AWS require proper safety precautions and can get easily exploited in their absence. A simple configuration error in cloud buckets is often all it takes to breach a cloud server. In fact, we have identified that a misconfigured AWS server led to the Twitch source code dump.
However, people, not systems, will continue on as the biggest targets, and hackers will prey on workers who fail to implement even basic cyber hygiene. One report indicated that 48 percent of individuals fall for a fraudulent phishing scam while working from home. Intensifying the impact of phishing attacks is the fact that one in six employees did nothing to protect themselves from cyber-attacks on home networks. Hackers will only continue to exploit uninformed employees, so companies will need to deploy proper cyber hygiene training to combat cybercrime. The pandemic only exacerbated the ransomware plague, with the number of attacks increasing 150 percent in recent months. The increase has been so dramatic that ransomware has become a lucrative industry unto itself. More companies will pay up to bad actors, inadvertently funding a vast Ransomware- as-a-Service (RaaS) economy.
RaaS lets malicious actors purchase ready-to-use malware and launch cyber-attacks in a few simple clicks, creating an unregulated free market for cybercrime. The model enjoys all the perks of a free-market economy: high efficiency, fierce competition, rapid innovation, and now easy targets in remote workers.
RaaS will drastically lower the technical and monetary expertise required to launch a cyberattack. Unsophisticated bad actors will purchase prefabricated malware with cryptotokens, along with tutorials videos and customer service, and launch attacks that take can down a company. Cybercriminals will love RaaS, so companies should arm systems with proper threat detection tools to combat this growing criminal craze. The most attacked industry will not be healthcare or finance, but manufacturing. While manufacturers won’t have as many vulnerabilities caused by remote workers as in other industries, the sector has increasingly adopted automation and interconnected machinery, each of which come with its own weaknesses.
The prospect of creating real physical damage that could completely shut down production of a factory for weeks, beyond just disabling computers, will make manufacturing a prime target for cyberattacks. We see a rise in cyber-physical attacks in which malware disables equipment and instructs machines to inflict damage on company machinery to create lasting breakdowns.
Yet, most manufacturers treat cybersecurity as an afterthought, believing only large companies get attacked. In fact, smaller companies are just as likely targets, with more devastating effects. Most manufacturers are small businesses (SMBs), and while large companies often have the resources to recover, nearly 60 percent of SMBs shut down within six months of a cyberattack. With small manufacturers already distracted by the pandemic, hackers will exploit this industry’s multiple vulnerabilities, stopping production cold at many plants. As a bonus, but no less important trend, we’ll see a surge in hardware-based phishing attacks this year. Clever tricks such as the US Harpoon attack, a disguised charging cable that uploads malware to a connected device, will find its way into the mainstream, especially with the return of more in-person work.
There’s a long road ahead for the adoption of cybersecurity. In 2022, we’ll likely see larger cyberattacks that may surpass the scale of Colonial Pipeline and Kaseya, derailing processes across multiple sectors. But there’s reason for optimism as organizations, governments, and individuals take cybersecurity more seriously. With the right tools and knowledge in hand, businesses can thwart cyberattacks and continue to thrive in 2022.