CM – Cyber ​​security trends 2022: ransomware, extortion and state espionage

0

2021 will be remembered as a significant year for the cybersecurity industry. As the pandemic accelerated digital transformation, the threat landscape was in constant flux. Large-scale ransomware attacks have shown their impact not only on businesses but also on society as a whole. Looking ahead to 2022, the only constant in our industry is cyber uncertainty, but here are some of our predictions for the next year based on trends that are already emerging.

The ransomware threat has lessened in recent times has increased significantly over the past decade and intelligence information suggests that it will continue on its upward trend. With the ever-growing threat of ransomware and the limited ability of current legislation to hold attackers accountable, the ransomware business will remain extremely lucrative for the foreseeable future.

Many ransomware actors operate out of locations outside of the jurisdiction international cybersecurity or extradition treaties of the countries they attack, and therefore have little or no impact on their actions. Therefore, we expect further attacks by these groups targeting critical industries such as law enforcement and healthcare where the urgency to pay is counter to the welfare of the civilian population.

Over the next twelve months, ransomware victims are expected to continue paying millions, to prevent their stolen data from being published or rendered unusable. However, because these operations are often performed by multiple actors, each of whom carries out a specific element of the attack for a fee or part of the proceeds, it is becoming more and more common for some or all of this data to be disclosed during the due operation conflicts between these actors . The more frequently this happens, the more companies need to rethink how they deal with ransomware attacks.

Blackmailing is just another tactic used by cybercriminals to extort payments from victims we expect more of in 2022. Traditional ransomware attacks are regularly combined with data theft operations (in which ransomware operators threaten to divulge sensitive data unless a ransom is paid). However, a wide variety of additional blackmail tactics are now increasingly being used. These include denial of service attacks, ransomware groups that media organizations contact to promote press coverage of the victims, or even direct calls and harassment from employees. Our research suggests that attacks like this are likely to increase, especially as threat actors find new ways to blackmail victims, such as by trying to recruit insiders into their victims or targets.

With a variety of these extortionate tactics, which are often used concurrently, companies need to adopt more holistic strategies for responding to ransomware. In addition to the technical challenges of fixing a network, companies also need a communication strategy that covers both external and internal audiences, as well as a legal plan for dealing with data leaks. Crucially, ransomware will increasingly test a company’s ability to face multiple challenges at once.

Victims who use professional negotiators during a cyberattack to reduce the ultimate blackmail level are also expected to have greater consequences. Tactics like these were already in use in 2021 and are expected to evolve as threat actors become more business conscious as they improve their strategies and learn which situations their victims want to avoid most.

Russia is expected to do so by the beginning of the maintains its aggressive stance in the new year and continues to focus on NATO, Eastern Europe, Ukraine, Afghanistan and the energy sector. The US government traced the incident to SolarWinds’ supply chain to Russia, reaffirming the country’s ability to have a far-reaching impact and that the sophistication and scope of Russian operations will continue to grow. Supply chain and software supply chain environments are also expected to be targets for Russia in 2022 as well.

Iran will use its extensive cyber tools to aggressively advance its regional interests. Information operations attributed to Iran by the US in 2020 and 2021 showed more energetic and more destructive tactics than in previous years. Targets will likely continue to be Israel and others in the Middle East. Although Iran has seen victims of attacks abroad, we expect it to increase its involvement in internal operations in the course of 2022 to quell political disagreements and strengthen its own interests.

China is likely to remain extreme act aggressively and support the Belt and Road Initiative through cyber espionage. As the Ministry of State Security (MSS) and People’s Liberation Army (PLA) have completed much of their restructuring, we will see Chinese operations narrow their focus. As geopolitical tensions continue to mount and attacks escalate, China is likely to use some of its known but untapped destructive capabilities.

North Korea will remain a major player in state cyber operations as it does, despite its geographic, international and financial Challenges has significant cyber tools. In the coming year, we expect North Korea to flaunt its cyber capabilities to make up for the lack of other national instruments of power. In 2021, the North Korean cyber structure will further promote the Kim regime by funding nuclear ambitions and gathering strategic intelligence.

Information operations of a multitude of threat actors within Europe will increasingly overlap with cybersecurity. Specific concerns related to these campaigns include website compromise, social media compromise, and data theft.

For example, the ghostwriters’ information campaign, which focused on sowing discord in Eastern Europe, has expanded its modus operandi to spread narratives via compromised social media accounts. The security of social media accounts is more important than ever, especially for prominent government officials and journalists. We have also observed at least some components of the ghostwriting influence activity carried out by UNC1151.

At Mandiant, we are very confident that UNC1151 has links with Belarus. It is a group that targets a wide variety of government and private entities with a focus on Ukraine, Lithuania, Latvia, Poland and Germany. UNC1151 therefore underscores the growing threat posed by emerging economies. It is becoming more and more important to think beyond the usual suspects of Russia, China, North Korea and Iran. We will also likely see the role of contractors increasing as emerging economies turn to third parties to expand their cyber capabilities as quickly as possible.

This underscores that the threat landscape is becoming increasingly complex and more states are increasing their appetites in 2022 could perform both cyber espionage and intelligence operations. Hence, it is vital that sectors at increased threat from information operations, such as governments and the media, implement a security strategy that provides a common approach between disinformation threats and cybersecurity.

Attackers are constantly evolving: They will more refined and change their approach. Ransomware and espionage activity will continue to be a major threat, and we will continue to see regional and international operations by the Big Four states.

Despite these emerging trends, it is also important to consider that much of the security landscape will remain constant. A good execution of the basics, updating the systems and looking for misconfigurations in the cloud and third-party infrastructure go a long way towards keeping companies safe.

Companies have a lot to consider for the next year, but if you stay vigilant you can defend yourself against future threats – and react to those that inevitably happen.

Global Banking & Finance Review® is a leading finance portal and print magazine with news, analysis, opinions, reviews, interviews and & videos from the world of banking, finance, business, commerce, technology, investing, brokerage, currency trading, taxes & Legal, Islamic Finance, Asset & Wealth Management.

Copyright © 2010-2021 GBAF Publications Ltd – All rights reserved.

Keywords:

Computer security,Ransomware,Computer security, Ransomware,,headlines,technology,world,autoplay_video,australia,cyber attack,ransomware attack,The Australian Cyber Security Centre,Rob Lucas,,,

Donnez votre avis et abonnez-vous pour plus d’infos

[gs-fb-comments]

[comment]

[supsystic-newsletter-form id=4]

Vidéo du jour: