Four cyber security trends for 2022. The expanded threat situation requires a broader perspective: ransomware payments or resource theft for cryptomining, sabotage, espionage or vandalism. A comment by Thomas Krause, Regional Director DACH at ForeNova.
At the end of 4, Log2021j once again made it clear how easy an attack can be for hackers. You only need to exploit existing and emerging vulnerabilities to gain widespread malicious control. The attackers may be pursuing well-known motives: quick money by paying ransoms or stealing resources for cryptomining, sabotage, espionage or vandalism. Nevertheless, new challenges arise for all those responsible for IT security. Four trends will therefore determine the IT security situation in 2022 and require comprehensive IT security that not only keeps an eye on the end points, but also on the entire data traffic.
New victims of ransomware attacks: authorities
Cyber threats will no longer just affect businesses and their operations. The hackers are increasingly attacking the digitized and networked everyday life of everyone and directing their attacks against logistics companies, production, smart buildings or the education sector. Also in focus: public administration. As part of the Online Access Act (OZG), authorities must digitize administrative services by 2022. However, attackers can encrypt personal and therefore sensitive data, steal it, threaten to disclose it or even completely block administrative work, as happened in autumn 2021 in Schwerin and in the Ludwigslust-Parchim district.
Ransomware will affect all areas. So far, such extortion attacks have occurred every eleven seconds. According to Trend Micro, the number of ransomware attacks increased by more than 2021 percent in the first half of 1.300 compared to the same period last year. Cybersecurity Ventures estimates that these attacks will cost the global economy close to $20 billion this year, more than 57 times what it was in 2015.
Hackers look for vulnerabilities
Hackers will always look for the weakest link in the chain. These are often Internet of Things devices, OT technology or the home office employee's private hardware, such as Internet routers. According to Armis security researchers, IP surveillance cameras are among the top three devices targeted by the Log4J attack. They can all serve as a gateway to the corporate network, but are not managed or only partially managed by EDR, antivirus or firewall and are therefore protected. The only way to cover these risks and prevent ransomware attacks is to have automated IT defense with an extended perspective of all data traffic in the network, which recognizes and blocks the signs of an attack both in internal and outgoing network traffic.
Lack of staff: No or insufficient cyber defence
Cyber defense will continue to suffer from staff shortages. The quarterly published Hays Skilled Workers Index Germany for IT positions also rose in the third quarter of 2021 to 229, a high since 2015. Above all, the need for IT security specialists grew (+58 points to 486). This is also a high compared to the values since 2015 on the one hand and compared to all other IT professions on the other. Many companies are also aware of this defensive weakness. Only 58% of companies surveyed by Mimecast in October 2020 in the "State of the Ransomware Readiness Report" stated that they have sufficient IT and security staff to prevent ransomware attacks, while 71% of the study participants have already been victims of these ransomware attacks.
Mimecast study: 71% of the participants were already victims of ransomware
There are many reasons for the lack of staff: Many IT specialists are busy driving the digital transformation forward. However, due to increasing digitization and the use of IoT devices, such as in production plants, IT security experts are becoming increasingly important. For their part, they often have a very strenuous and responsible job with a lot of pressure to justify themselves. Due to the lack of staff and the increasing importance of the profession, they are in a position to demand a lot of money, which small and medium-sized companies in particular cannot or do not want to pay. Large companies are usually well protected against ransomware attacks by specialized professionals and the corresponding, usually expensive and very complex technology, while medium-sized and small companies are increasingly vulnerable to the dangers. You do not have the necessary specialist staff to operate classic NDR, EDR or SIEM solutions.
Ransomware-as-a-Service killchains
A fatal trend, because at the same time the other side is professionalizing, organizing and automating itself more and more: A ransomware-as-a-service kill chain feeds a wide variety of people - from the evaluation of the search for vulnerabilities to the development and implementation of an attack to the call center, which collects the ransom. Companies that want to protect and defend themselves against organized cybercrime at eye level despite a lack of staff need affordable solutions that all IT employees can use and for which no specialized cyber security specialists are needed to evaluate and assess information. This is where NDR security solutions come in, which automatically use technologies such as artificial intelligence and machine learning to quickly and effectively identify attacks in network traffic and block them preventively.
Compound Attacks and Time Detonators stealth
Thomas Krause, Regional Director DACH at ForeNova (Image: ForeNova).
Complex attacks are not one-off actions by malware that immediately and openly attack. According to Bitdefender experts, many attackers have now nested in the target IT using Log4j, camouflaged themselves and waited for the perfect moment to strike. The first indications of such “sleepers” can be found in network traffic. Attacks are indicated here in abnormal data traffic before they become active. Security analysts or IT administrators can use a root cause analysis to find out whether they are affected.
To do this, those responsible for security need an overall view: security technologies such as endpoint detection and response and network detection and response together with other cyber defense technologies form a strong team and networked defense.
The health sector will have to position itself better
Attacks on hospitals and other healthcare providers have become endemic in recent years. According to Kaspersky's Healthcare Report from July 2021, the healthcare sector is one of many industries that attackers are focusing on: Almost three quarters (72%) of German-speaking companies in this area experienced at least one cyber attack on their organization during the pandemic. Almost two thirds (61,4%) of the respondents from Germany, Austria and Switzerland in the healthcare sector rated the current digital threat situation as high for themselves. This is also due to the fact that medical devices are increasingly connected to the Internet and are often operated with operating systems that are no longer supported. In addition, the endpoint security deployed cannot protect these devices. It is not only because of such glaring gaps that IT managers are under pressure to act.
More networking increases the attack surface
New digitization initiatives or the demand for data release in times of pandemic control also generate more data traffic. More networking increases the attack surface. At the same time, specifications such as the Patient Data Protection Act require more security. All of this means that in 2022 the sector will have to complete long-delayed tasks. This will then be possible with the necessary funding options, such as the Hospital Future Act. Network Detection and Response can also help to integrate the growing IoT and OT vehicle fleet in hospitals into the cyber defense.
More at Forumova.com
About ForeNova ForeNova is a US cybersecurity specialist who offers medium-sized companies inexpensive and comprehensive Network Detection and Response (NDR) to efficiently mitigate damage from cyber threats and minimize business risks. ForeNova operates the data center for European customers in Frankfurt a. M. and designs all solutions GDPR-compliant. The European headquarters are in Amsterdam.