Cyber security is now a critical function in organizations in the current era of online/digital business and communication. Hackers will remain on the winning side if the assets in organization are left with vulnerabilities that might eventually be exploited. In the ongoing time of COVID-19 waves, hackers are taking advantage of this confusion while attacking with ransomware and phishing at faster pace and this is very much anticipated to continue in 2022. It is not just the speed but variety of attacks that give hackers an edge over the opponents (defending teams at target organizations).
Following are the top cyber security trends to observe in 2022:
Phishing Attacks and Ransomware
Phishing refers to seeking unauthorized information disclosure via emails (spams, attachments, links) and other communication channels. Users are therefore advised not to click on suspicious links or download attachments in emails, websites and social media messages and posts. In the ongoing time of COVID-19 waves, hackers are outmaneuvering the defenders by launching ransomware and phishing attacks at very fast rate. In 2022, this trend will continue by cyber attackers because it is the most successful attack method being a major tool of social engineering. Threat actors behind ransomware campaigns will continue switching tactics to gain access to organizations’ sensitive data. Targeted ransomware attacks require a more accurate intelligence-gathering activity on the victims including social engineering, but they can allow criminals to earn much more money and inﬂict maximum disruption to the victims.
Use of Artiﬁcial Intelligence in Cyber Security
The role and use of Artiﬁcial Intelligence (AI) is expected to expand on both sides i.e. attack and defense in 2022. The attackers can plan adversarial moves to avoid detection by state of the art security appliances and solutions. Such stealthy techniques can be much harder for organizations to respond in quick and efﬁcient manner. Cybercriminals have proved to bypass multiple layers of cyber security controls using AI. Their success illustrates how the use of new technologies including AI can change the landscape of cybercrime for both attackers and defenders. Cybercriminals are quick to adopt new techniques and tools that give them an edge over cyber security defenses. The defenders are facing the impact of this technology as cybercriminals use systems that operate, think and act as humans. Such systems are modelled on human behavior to execute speciﬁc tasks. AI is therefore expected to drive systemic changes in the cyber security landscape. On the other hand, the techniques of cyberattack detection have many approaches to incorporate AI driven methods. AI is a promising approach of predicting and simulating human behavior with computational intelligence and it has been successfully applied to widespread real-world problems. For AI-driven detection of cyberattacks, the attack patterns must be analyzed and evaluated for creating effective AI models of attack detection.
There is a class of information-stealing malicious software that target the ﬁnancial industry. The Banking Trojans focus on compromising systems to create persistent backdoors (unauthorized routes to access the target systems). The backdoors are used to connect to attacker’s machine for data theft including online account credentials and credit card information, potentially leading to bank accounts being compromised. Newly programmed variants of famous banking malware have been evolved and used to attack various banks across the world. In 2022, more targeted attacks on the banks worldwide with inclusion of AI driven approaches can make signiﬁcant damage.
Attacks on Mobile Devices
The number of mobile users continues to rise and so does the amount of business data stored in mobile devices. Hence, mobile devices will continue to be one of the primary cyberattack targets in 2022. The mobile devices can be relatively easy to compromise as compared to the hardened data center equipment, hence an attacker can override traditional secure gateways. Even if they gain access through any vulnerable app of mobile device, they can steal your business data easily. The applications available for download at Google Play Store may contain malware (such as a virus). There can be different adversarial motives of cybercriminals to create and launch malicious applications so that people may be tricked to download the virus and get infected. For the protection against malicious apps, a minimum collection of apps that are necessary to avail the required services should only be downloaded and installed.
Attacks on Cloud Environment
Organizations in the world already run most of their workloads in the cloud but the level of awareness and understanding about information security in the cloud remains low. It is often taken as an afterthought in cloud deployments. For a long time, it has been assumed that data stored in the cloud is essentially secure. That assumption is dying slowly. Prevention is more important in cloud environments than detection. More security solutions are required to secure the cloud workloads and its infrastructure with more focus on the virtualization setups. In 2022, this gap is expected to be exploited by hackers.
Compromised Credentials & Data Breaches
In the last few years, hundreds of millions of records have been stolen by the cybercriminals. The availability of such data across various applications, storages and domains will be the root cause of most of the data breaches in 2022 as well. This year, more compromises and data breaches may arise due to modern and sophisticated attack methods along with the extended vectors of cyberattacks.