As another year wraps up, it’s time to take a look back at the cybersecurity trends that dominated the landscape. From the ongoing impact of the past years’ pandemic to major geopolitical events and nation-state cyber attacks, 2022 saw a surge in cyberattacks that shows no signs of slowing down. But what exactly is driving the increase in cyber attacks, and what to expect in the year ahead? Let’s dive into the top cybersecurity trends witnessed in 2022, and explore how they may continue to evolve in the year ahead.
Identity-based attacks
As the world moved into post-pandemic life in 2022, the shift to remote work further contributed to the increase in identity-based attacks as businesses increased their adoption of IoT and digital identities. Creating a larger attack surface for cybercriminals to exploit that trended the risk of identity-based attacks this past year.
In March 2022, the Lapsus$ digital extortion gang breached the security of Microsoft’s Bing and Cortana products and published their source code. The hack also led to a leak of their control over an Okta admin account – a popular identity management platform – giving threat actors system privileges such as re-setting passwords, changing emails, and accessing sensitive data.
In May 2022, Cisco, one of the world’s largest networking companies, experienced a significant identity-based attack when hackers accessed an employee’s credentials through vishing (voice phishing) attacks and MFA fatigue techniques. The hackers used these tactics to gain VPN access to Cisco’s systems and attempted to exfiltrate the contents, though the attack was unsuccessful. These incidents highlight the importance of strong security measures to protect against identity-based attacks.
Business Email Compromise (BEC)
Business email compromise (BEC) attacks, also known as “CEO fraud” or “whaling,” have long been a concern for organizations, but in 2022 the risk was larger than ever. These types of attacks involve hackers impersonating trusted individuals to trick employees into transferring funds or divulging sensitive information.
Earlier this year, Microsoft security researchers discovered a phishing campaign that bypassed multi-factor authentication and took over Office 365 accounts. Adversary-in-the-Middle phishing was used to access victims’ personal email login information and inboxes, where the attackers searched for email threads related to financial transactions or invoices. This type of attack has targeted over 10,000 organizations and resulted in billions of dollars in losses globally in 2022 alone.
Nation-State Players
Russian-based ransomware
In 2022, Russian-based ransomware attacks reached new heights, largely fueled by the ongoing conflict between Russia and Ukraine. The year saw a spate of cyber attacks launched against Ukraine and its allies, marking a significant increase from previous years.
Early this year, Ukraine was met with a jump in cyber attacks against government websites at the onset of the ongoing Russian-Ukrainian War. Around 70 Ukrainian government websites were compromised and directed users instead to alarming messages to prepare for war.
As early as March 2022, the Russian state-sponsored Sandworm group has been attributed to waves of ransomware attacks on Ukraine and NATO member Poland’s transportation and logistic infrastructures. The attacks, believed to be aimed at businesses supporting Ukraine in the ongoing conflict, were carried out using “Prestige” ransomware.
China-based supply chain attacks
China has long been known for its sophisticated supply chain cyber-attacks, which involve infiltrating the networks of suppliers and other third-party partners to gain access to a target organization. These types of attacks have become increasingly prevalent in recent years, with China-based threat actors exploiting the complex and often poorly secured networks of global supply chains to gain access to sensitive data and disrupt operations.
In February 2022, China-based APT10 group targeted Taiwan financial institutions and securities traders in a prolonged cyber attack. The attackers exploited a vulnerability in financial software to gain high-level access to multiple firms. This was not the first time APT10 used a “smokescreen” attack, as they have previously employed ransomware as cover for a targeted attack on the CPC Corporation.
North Korean and Iranian regime phishing to steal funds
North Korea and Iran have emerged as major nation-state-based cyber threats due to ongoing conflict and political unrest within their borders. The North Korean regime’s testing of missiles has raised the alarm among the international community, while in Iran, widespread protests are causing international concern.
North Korea has been connected to numerous cyber attacks, including phishing attacks used to steal funds from organizations and individuals. North Korea’s successful crypto heists over the first 9 months of 2022, estimated at $1 billion stolen from decentralized crypto exchanges. A UN Panel report has accused the country’s criminal cyber operations of funding its illicit ballistic missile and nuclear programs.
Human Rights Watch (HRW) has reported that APT42, an Iran-linked cyberespionage group, targeted human rights activists, journalists, academics, and government officials amid widespread protest in Iran sparked by the death of Mahsa Amini. In a coordinated phishing campaign via WhatsApp, APT42 used sophisticated social engineering techniques to impersonate members of conferences and summits to gain victims’ trust and access sensitive information and contacts.
Adapting a dynamic and adaptable cybersecurity strategy for 2023
2022 trends of ransomware and sophisticated cyber attacks will continue in the year ahead. These threats are becoming more accessible and advanced, making it increasingly important for businesses to have a dynamic and adaptable cybersecurity strategy in place. At HolistiCyber, our experts understand the complexity of today’s threat landscape and are ready to help your business navigate it. By deploying a defense program and formulating a comprehensive cybersecurity roadmap, we provide the stability and resilience you need to protect against emerging cyber threats and reconcile your cyber risks to a manageable level. Don’t let the fear of the unknown hold you back – let HolistiCyber be your guide in creating a strong and effective cybersecurity framework.