What cybercrime trends will dominate in 2022? Boosty Labs specialists will help us find the answer to this question. Boosty Labs is a world-class fintech and cloud engineering team with a solid background of practice that combines crypto and blockchain consulting, strategy, design and engineering at scale.
Last year, the most well-known technique used by cybercriminals was phishing. It accounted for at least 60% of all attacks.
Exploitation of vulnerabilities in the Microsoft Exchange server was added to other well-known infrastructure hacking techniques in 2021. In order for the attacks to succeed, the criminals used remote services, which have become extremely popular in recent years for remote work.
In 2021, 50% of attacks used phishing, 22% exploited vulnerabilities in web applications, and 14% exploited external perimeter vulnerabilities.
Many companies still do not pay due attention to the protection of their systems. Only 1 company out of 20 is ready to completely update account passwords on a regular basis, introducing new security protocols.
The least protected are state bodies, industrial enterprises and financial structures. Cybercriminals successfully use social engineering methods, hacking companies’ contractors.
New approaches to cyber security
As of this year, experts predict an increase in attacks from already professional groups, in particular cyber mercenaries and groups equipped like those of the special services. To counter them, it is necessary to completely change the existing methods of protection.
In addition to the primary protection of information, companies and authorities are already obliged to make the entry threshold for cyber mercenaries so high that the attack would be impractical in principle.To do this, regular specialized cyber exercises should be conducted among the personnel, where the external team will play the role of cyber mercenaries, and the protection teams operating inside will counteract them, checking all the security systems of the company or authorities. With such cyber exercises, companies can quickly train specialists responsible for ensuring infrastructure security.
Companies, as well as governments, need to create roadmaps for digital transformation. Such maps should include several sections, including raising the threshold for entering the basic infrastructure, creating points of vulnerability, monitoring the infrastructure of contractors, and algorithms that provide for emergency system recovery in the event of an attack.
Moreover, roadmaps should be created not only by specialists of the companies themselves, but also by teams of specialized specialists from the outside. Thanks to this approach, the efficiency of work on the roadmap increases.
Another component to consider is the cyber literacy of staff. This is an extremely weak point in many institutions and companies. They should be constantly trained in information security methods, oblige them to use complex passwords, prohibit the use of third-party applications to log into systems, and so on.
Now companies and authorities can take advantage of a new generation of products – the so-called meta-products. They allow you to automatically detect attacks, identify hackers before they can cause critical damage to the infrastructure. This year, we should expect the use of the so-called proactive approach, which implies not just monitoring, but also active prevention of attacks, verification of the inadmissibility of risks. New security ecosystems should reduce the risk of attacks by hackers.
One of the most effective concepts that will be used in 2022 will be Zero Trust (“zero trust”), which was created by Forrester analyst John Kinderwag in 2010.
It means a complete lack of trust in anyone – even users within the company itself. Each user or device must validate their credentials whenever they want to access a resource inside or outside the network.
Thanks to it, it is possible to significantly reduce the risk of hackers penetrating into the infrastructure, although it is hardly possible to completely eliminate it.
Thus, 2022 will be marked by more sophisticated and skilled attacks from cyber mercenaries, and organized groups consisting of very experienced hackers with significant resources to attack governments and corporations.
In turn, companies and government agencies will be forced to radically change their security policies and protocols, invest in infrastructure upgrades, and staff training if they want to reduce the risk of an attack to a minimum.