This past year we have seen a continuation of the sharp rise in cyberattacks that started when the COVID pandemic increased online activity in all parts of life around the globe. The first nine months of 2021 saw 40% more cyberattacks than the same period of 2020. But equally important is that more of these attacks are coming from bad actors using publicly-available tools, making hackers much more difficult to be identified and stopped.
2022 cybersecurity predictions
Our Chief Critical Cyber Operations Officer, Shmulik Yehezkel explains the emerging trends evolving from 2021, and what we can expect to see more of in 2022:
The year of supply-chain attacks
Supply chain attacks were up more than six fold in the first nine months of the year alone. These attacks, including the high-profile SolarWinds incident of late 2020 whose fallout continues to expand, are extremely dangerous because once a hacker gains access to a significant software supplier, they can also sometimes reach the data and code of their subscribers and customers. This provides multiple routes to new targets, including those that were once considered well-protected.
Another advantage for attackers is deniability, as they can use the supply-chain company as a proxy for another target.
Attackers’ deniability has grown
As cyberattacks grew increasingly severe in 2021, they also became harder to trace back to the parties carrying them out. This is because we have seen that more hackers–including state-backed bad actors– use open-source tools that are publicly available—from what we at CYE have seen, mainly on GitHub. This helps cover their tracks, providing them a wide range of deniability, and making it more difficult to target them with counterattacks or other forms of retaliation.
The anonymous nature of the attacks also allows those who carry them out to avoid dealing with fallout, like being seen as responsible for causing financial damage or human death or injury.
On the horizon: The increased use of the “hub” attack
Hackers will increase focus on what we are calling attacks on “hub-companies.” Hub companies are those with extensive digital connections to suppliers as well as customers. These companies can be average-seeming organizations, as well as insurance companies, credit clearing companies, and SaaS providers. These companies provide links to potentially more valuable suppliers and large customers.
In addition to directly getting into the networks of these higher-value targets, like banks or weapons companies, hackers can find in the hub company valuable intelligence and information, like how a supplier interacts with a vendor, for creating effective phishing campaigns.
This emerging hub attack is on track to become a preferred method of attack, simply because it is an efficient way to carry out attacks with far-reaching consequences and provides easier avenues to bigger more well-protected targets.
The emergence of “CN-All”
We also see change on the horizon for nation state-backed attacks. These attacks have been on the rise in their number and in their success rates over the last year. But going forward, they will become more ambitious.
Today, the industry classifies attacks into categories: CNE, for computer network exploitation or espionage, CNI, for computer network influence, and CNA for computer network attack; this upcoming year, we are going to see more and more state-level actors carrying out what we call CN-ALL attacks. In this type of attack, state-level actors will combine all of the cyber warfare elements–espionage, influence and disabling systems. These attacks will be particularly challenging because they require response simultaneously on several fronts.
CISOs need to be prepared to deal with the technical aspects of recovering data and accessing backup systems, while also dealing with law-enforcement and legal teams, addressing the media and, when needed, informing regulatory officials.
How do you minimize damage and eliminate threats?
Today, every company, regardless of size, domain, or region of activity, should be aware that it might be a potential target for cybercrime, as well as state-level cyberattacks with a variety of purposes and goals. No one is immune.
The stakes of attacks are getting bigger, and it remains more important than ever to make sure all employees understand the value of strong passwords, learn how to recognize phishing attempts, and use multi-factor authentication. While sloppiness in these areas has long allowed malicious actors to reach sensitive and valuable data, now, with the growth of hub and CN-All attacks, this human factor can also result not only in severe damage to their organization, but potentially to thousands of others.
To protect themselves from the growing attacks, companies should consider consulting cybersecurity teams that consist of professionals with hands-on experience in cyber warfare at the state level, in places like the government, military and intelligence services, who experienced interactions with state-backed hacking groups. We call them ACTs – Advanced Cyber Talents.