Nevis reveals trends for 2022
The Allianz “Cyber Report” for the first half of 2021 shows an increase of 125 percentage points compared to the same period of the previous year. Where many people work from home and shop online instead of in brick-and-mortar retail stores more than ever, new security gaps are opening up that cybercriminals are trying to exploit. Fraud schemes such as phishing and credential stuffing are also very popular with criminals. Some trends are already emerging that are likely to be significant for 2022.
Phishing and Smishing
With phishing emails containing links to fake company websites, cybercriminals have been trying to get access to login data and other company internals for years. The trick: in their e-mails, the perpetrators often pretend that they are instructions from a supervisor and that special haste is required. The written ones should be made to act hastily and to click on the contained link unchecked. This leads them, for example, to fake websites where they are supposed to enter their user data – and thus unknowingly play them into the hands of criminals. The danger of phishing will remain relevant in 2022, especially since the authors are always coming up with new variants – such as the recently increased use of “smishing”.
In smishing – i.e. phishing via SMS – the perpetrators have been showing special creativity for months: smartphone users receive fake messages that announce the imminent arrival of a package or pretend that a security update must be installed. The links contained have one thing in common: they lead to the download of malicious software, with which the cybercriminals tap data from the smartphone or launch further SMS attacks. All mobile network providers use spam filters to prevent the spread of fake news. But the perpetrators vary in the choice of texts and deliberately incorporate spelling mistakes in order to trick the algorithms of the security software.
Credential Stuffing remains dangerous
As an attack tactic, credential stuffing is still popular because the entry barriers are low: for this, hackers get lists with stolen username and password combinations, such as those that can be purchased on the Darknet. Through automated testing on thousands of websites, they then try to log into other user accounts with the existing data. They rely on the convenience of the users, who often assign the same password for different user accounts. Even a single compromised account pays off in cash for the cybercriminals – whether they transfer money to themselves, go on a shopping spree at the expense of their victims, or resell lists of verified user credentials.
In the first half of 2021 alone, Arkose Labs’ network, which detects fraud attempts using AI, uncovered 285 million credential stuffing attacks. Overall, credential stuffing accounts for 29 percent of all attacks. Even for 2022, no improvement is to be expected here – but there is reason to hope: more and more online shops and service providers are switching to secure login procedures such as multi-factor or password-free authentication. Credential stuffing as well as phishing are slowed down by this, since an insecure password is supplemented or even completely replaced, for example, by comparing the user with his biometric data.
Malicious code is created faster
The relationship between malware programmers and cybersecurity experts has always been like a race in which one or the other is ahead. Of necessity, all parties involved are committed to always being up to date. Either by reacting immediately to zero-day exploits, i.e. security vulnerabilities that have just become known, or by resorting to newly developed technologies for which the other side does not yet have a suitable antidote.
In addition, criminals are increasingly relying on new programming languages such as Nim, Rust or Go. They speculate that the malicious code is initially not automatically detected by relevant analysis tools in the security industry and slips during an inspection. Here, too, there is a head-to-head race between criminals and the IT security industry, which is trying to eliminate any “blind spots” of its software as quickly as possible.
Targeting supply chains
Another result of the Allianz study: Cybercriminals are increasingly targeting large companies in ransomware attacks. In particular, those that produce particularly sought-after and rare goods in the global supply chain crisis. The cynical calculation of the perpetrators – here you may encounter a particularly high willingness to pay, since the manufacturers want to prevent an interruption of their production at all costs and are ready to dig deeper into their pockets if necessary.
The case of the American IT service provider Kaseya also shows how hackers are trying to expand the power of their attacks. The criminals had gained access to a program offered by Kaseya, with which customer companies manage and play out their software updates. Thus, they managed to encrypt the systems of over a thousand companies in order to extort ransom money. Comparable attacks, which are complex but potentially particularly effective, are not likely to be absent in 2022 either.
Attacks in the health sector
The healthcare industry also remains a popular target. During the course of the corona pandemic, many providers had relaxed their safety guidelines in order to make it easier for their employees to work remotely from home. However, this also tore gaps in the usual security protocols, which had to be painstakingly closed in the following months. Even if the situation has eased somewhat again due to the adaptation of IT security measures: the probability is high that there will be further targeted cyber attacks in the coming months, in which the perpetrators are targeting sensitive business and patient data.
Education remains important
In 2022, user awareness will remain an important component of any IT security concept that complements software- and hardware-based security measures. Users must always be aware of which attack attempts they can fend off by their own attention. In particular, phishing attacks are becoming more and more sophisticated – convincingly fake company websites and stolen user data from superiors are intended to trick people into revealing company internals and passwords. Security training and regular updates of the workforce on the threat situation can make a decisive contribution to letting such cyber attacks run into the void.