Light Dark
December 20, 2022 By Mark Stone 4 min read
Intelligence & Analytics
Risk Management

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape.

It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful.

In this article, we’ll round up some of the most common cyberattack patterns we saw in 2022, what they meant for organizations (and society in general) and present some concrete strategies to deal with these threats in the future.

1. Ransomware

It’s been a somewhat strange year for ransomware. The first half of the year saw a surge of ransomware attacks, but then subsided in Q3 and continued to slow down. Still, the percentage of breaches caused by ransomware grew 41% in the last year; identification and remediation for a breach took 49 days longer than the average breach.

Ransomware attacks typically follow roughly the same pattern. An attacker gains control of one or many of an organization’s assets, such as critical data, encodes them and demands a ransom for their release.

2022 saw some significant ransomware events. One example was the Toyota hack in February and March, where multiple Toyota suppliers were hacked, leading to an estimated 5% dip in Toyota’s monthly production capability.

Another series of noteworthy attacks targeted the government of Costa Rica in April and May, disrupting the country’s financial and healthcare systems and causing the government to declare a national emergency — the first time this has happened as a result of a cyberattack.

Defending against ransomware

Defense against ransomware is all about prevention — once the attackers have gained access to your assets, it becomes much more difficult to mount a successful response. Many strategies exist to strengthen your defenses here, from simple things like educating employees on using stronger passwords and avoiding phishing scams all the way to more sophisticated methods.

But typically, good security hygiene always wins. Network segmentation, for one, is a powerful tool against ransomware. When firewalls or other methods separate different segments, if an attacker were to infiltrate one segment (like HR), they would be unable to traverse to another (like Finance). So if one device or area is compromised, it doesn’t spell doom for the entire company.

Other best practices include having reliable backups of all critical data and a solid incident response strategy to get things up and running as soon as possible with minimal downtime.

2. Email compromise

Compromised emails can seem like a frustratingly basic and simple way for attackers to infiltrate your company network, but (perhaps because of that simplicity) this remains a very common and effective attack pattern in 2022.

After a downturn in this type of attack in 2020 and 2021, email cyberattacks increased by 48% in the first half of 2022, with reports of 11,395 incidents costing businesses a total of $12.3 million.

A common attack pattern here involves phishing, which is still the most common attack method in 2022. Phishing emails are usually short, often refer to things like unpaid invoices and are increasingly smart and consistently effective.

Defending against email compromise attacks

The best defense against email attacks is education. If your employees are aware of the threat, understand the common warning signs and follow best practices like choosing strong passwords and regularly updating them, the risks decline significantly. Phishing attacks, in particular, are still typically unsophisticated (although this is changing) and easy to recognize with some basic training.

Multi-factor authentication is another powerful prevention tool, and when deployed correctly, it can seriously reduce the number and effectiveness of business email compromise attacks.

3. Supply chain attacks

With the emergence of the first major war in Europe for decades, 2022 saw a rise in attacks targeting national and international infrastructure, such as supply chains.

As supply chains continue to become more interconnected, complex and reliant on technology, the risk of attacks grows, along with their potential to inflict disaster. Research suggests that up to 40% of cyber threats are now occurring directly through the supply chain.

A report by Accenture in May found that supply chain disruptions in the Eurozone have led to a loss of €112 billion so far and could amount to €242 billion across 2022 and 2023 — a staggering 2% of GDP.

4. Attacks on Internet of Things (IoT) devices

As the Internet of Things continues to grow in scope, sophistication and accessibility, it’s becoming an increasingly tempting target for cyber criminals. IoT devices are now used in our homes, offices, assembly lines, factories and much more. They allow businesses to tap into data insights in entirely new ways, reduce the workload of human employees and essentially add to the bottom line. With benefits like these, IoT is not going away anytime soon.

The very fact that IoT devices use large amounts of data makes them attractive targets for hackers, especially since many IoT devices are not well-secured. One example is the MiCODUS MV720 GPS tracker — a device for tracking vehicles and preventing theft and other forms of loss through actions like cutting fuel supply.

In 2022, several vulnerabilities were identified in the MiCODUS MV720, allowing attackers to potentially access valuable data and disrupt or even disable entire fleets of vehicles. Given that the MV720 trackers are used by parties like law enforcement and the military around the world, this represents a monumental threat.

Defending IoT devices

Keeping IoT devices and networks protected involves:

  • Keeping software updated at all times
  • Acting fast to identify and mitigate any vulnerabilities
  • Using strong encryption of WiFi and private 5G networks
  • Making sure your passwords are regularly updated for home devices and strongly considering using 2-factor authentication.

Looking to the future

2022 showed us that cybersecurity is constantly evolving and always of the utmost importance. As we enter a new year, it’s likely that security teams will have to contend with an entirely new range of threats and attack patterns.

But if 2022 is any indication, most of the major threats will be preventable with robust security hygiene and best practices.

 

 |  |  |  |  |  |  |  |  | 
Mark Stone

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

August 9, 2023

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature