ESET experts fear that the focus on ransomware will encourage further attacks on less protected areas. ESET also gives an outlook on the security trends of 2022: such as ransomware, vulnerabilities, DDoS attacks and newcomers such as Siegeware, "Air Gap" networks and DeepFakes.
If the cash registers in electrical superstores no longer ring, vehicles cannot be registered in the road traffic office or clinics have to turn away new patients - then a virus is usually to blame. However, this is not called Corona, but ransomware, for example, and spreads digitally as quickly as the Omicron variant.
Explosive scenario for 2022
But that could "only" be the start of an explosive 2022 in terms of IT security, fear the experts at security manufacturer ESET. For their trend preview, they have identified three possible digital security crisis areas and provided examples. Of course, ransomware and security vulnerabilities will continue to cause a lot of trouble in the new year. So-called "AirGap attacks" on critical infrastructures are just as dangerous, but so is the well-known shadow IT as a victim of rapid digitization.
“Attacks on small and medium-sized companies will increase in the coming year, as will those on cities and communities. At the municipal level in particular, we already saw a significant intensification of attack scenarios in 2021 - this will continue in 2022," says Thorsten Urbanski, security expert at ESET Germany. “More and more sophisticated attacks, fewer and fewer specialists, more and more dangers from working from home: this dangerous mixture cannot be successfully combated with conventional, perimeter-based means. In our opinion, holistic thinking in the sense of Zero Trust Security is the only promising approach. IT managers should definitely avoid focusing on individual attack vectors in 2022, as this inevitably leads to a one-dimensional defense strategy. Areas that receive less attention, such as existing shadow IT or a lack of IoT separation, often lead to security risks that are at least as great. This is where we finally have to lend a hand”.
Ransomware remains the #1 threat
The increasing number of successful ransomware attacks and the amount of ransoms paid could lead to a change in cyber security insurance in the new year. "The payment of ransoms could therefore represent a risk that can no longer be insured in the future," Urbanski continued. “On the one hand, this has to do with the amount of the demands, but also with the current US sanctions regulations. Ransomware ransom payments in countries that are on the official US sanctions lists are therefore punishable. This could mean that international insurance groups or banks with business relationships in the USA are no longer allowed to make payments. Otherwise, they face sanctions from the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC).”
The classic among the attacks
Ransomware
Ransomware is and will remain omnipresent. Hackers have further refined what is probably their most successful weapon. Distribution is no longer limited to email, but leverages Remote Desktop Protocol, the supply chain, and unpatched vulnerabilities. Ransomware-as-a-service and so-called doxing serve as further sources of income. Company data is published if the ransom is not paid quickly enough. Criminals no longer shy away from blackmailing customers of the company concerned.
Vulnerabilities
The security gaps in Microsoft Exchange and currently Log4Shell clearly show how dangerous programming errors can be - and how important professional patch management is. However, many companies do not have this: In this respect, the number of victims of the two security leaks mentioned will continue to increase. Other, previously unknown zero-day exploits must be assumed.
DDoS attacks
With the help of "Distributed Denial-of-Service" (DDoS) attacks, hackers have brought masses of web servers to their knees in 2021. It is to be feared that this attack vector will become even more present in the new year. Research indications indicate that states and governments are also increasingly relying on this "weapon".
The climbers: Attacks in 2022
Victory Goods
Cyber criminals have found a new use for ransomware. Instead of computers and smartphones, they are now kidnapping entire “smart buildings”. Only by paying a ransom can homeowners regain control. Experts refer to this new form of blackmail as "Siegeware" (Siege). It uses the digital possibilities of a networked building for system abuse: for example, to cut off the electricity there, paralyze elevators or switch off air conditioning systems - or all at the same time.
Air Gap Networks
Critical and sensitive infrastructures must be particularly well protected against hackers. One possibility for this are so-called "air gap" networks, which are intended to ensure maximum security by completely isolating a device or system from the Internet and other networks. These are used, for example, in industrial control systems that manage pipelines and power grids. ESET researchers show 17 malicious programshow APT groups (Advanced Persistent Threats) could still be successful. ESET experts therefore expect comparable attacks in 2022.
DeepFakes
So-called deepfakes are considered to be the next big cyber threat. These are fake audio or video files created by artificial intelligence. One of the first successful deepfake cases of identity fraud was observed in August 2019. Criminals had manipulated the voice of a CEO of a German parent company so convincingly that the managing director of the British subsidiary arranged for a transfer of 220.000 euros. The victim later stated that the caller had credibly imitated the German accent and voice of his employer.
The underdogs in the attacks
offboarding
The world of work is currently undergoing rapid change with very high fluctuation rates among employees. This proves to be a problem for many companies when prospective ex-colleagues no longer take it seriously when it comes to IT security or unwanted data leaks are recorded. So far, the extended consideration of IT security policies has rarely been part of offboarding. The cases with internal perpetrators are constantly increasing and will not only keep HR departments in suspense in 2022.
attack surfaces
If you want to protect your network against cybercriminals, you have to ask yourself whether your risk assessment and assessment is actually comprehensive and reflects all areas of the company. Specifically: What attack surfaces does the company actually offer? And this is exactly where many companies are lacking, the Federal Office for Information Security (BSI) also complains. The more devices, servers, software or cloud services are used by the company, the more likely it is that criminals will find a starting point.
Shadow IT
The classic comes at the end. Organizations are currently investing more money in digitization than ever before. This could prove extremely dangerous if administrators don't keep accurate inventories and thus don't know which "home phone users", such as coffee machines or Internet-connected surveillance cameras, are on the production network. IT managers should pay more attention to this in the future and stop the growing proliferation of IoT devices.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.