As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape.

It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful.

In this article, we’ll round up some of the most common cyberattack patterns we saw in 2022, what they meant for organizations (and society in general) and present some concrete strategies to deal with these threats in the future.

1. Ransomware

It’s been a somewhat strange year for ransomware. The first half of the year saw a surge of ransomware attacks, but then subsided in Q3 and continued to slow down. Still, the percentage of breaches caused by ransomware grew 41% in the last year; identification and remediation for a breach took 49 days longer than the average breach.

Ransomware attacks typically follow roughly the same pattern. An attacker gains control of one or many of an organization’s assets, such as critical data, encodes them and demands a ransom for their release.

2022 saw some significant ransomware events. One example was the Toyota hack in February and March, where multiple Toyota suppliers were hacked, leading to an estimated 5% dip in Toyota’s monthly production capability.

Another series of noteworthy attacks targeted the government of Costa Rica in April and May, disrupting the country’s financial and healthcare systems and causing the government to declare a national emergency — the first time this has happened as a result of a cyberattack.

Defending against ransomware

Defense against ransomware is all about prevention — once the attackers have gained access to your assets, it becomes much more difficult to mount a successful response. Many strategies exist to strengthen your defenses here, from simple things like educating employees on using stronger passwords and avoiding phishing scams all the way to more sophisticated methods.

But typically, good security hygiene always wins. Network segmentation, for one, is a powerful tool against ransomware. When firewalls or other methods separate different segments, if an attacker were to infiltrate one segment (like HR), they would be unable to traverse to another (like Finance). So if one device or area is compromised, it doesn’t spell doom for the entire company.

Other best practices include having reliable backups of all critical data and a solid incident response strategy to get things up and running as soon as possible with minimal downtime.

2. Email compromise

Compromised emails can seem like a frustratingly basic and simple way for attackers to infiltrate your company network, but (perhaps because of that simplicity) this remains a very common and effective attack pattern in 2022.

After a downturn in this type of attack in 2020 and 2021, email cyberattacks increased by 48% in the first half of 2022, with reports of 11,395 incidents costing businesses a total of $12.3 million.

A common attack pattern here involves phishing, which is still the most common attack method in 2022. Phishing emails are usually short, often refer to things like unpaid invoices and are increasingly smart and consistently effective.

Defending against email compromise attacks

The best defense against email attacks is education. If your employees are aware of the threat, understand the common warning signs and follow best practices like choosing strong passwords and regularly updating them, the risks decline significantly. Phishing attacks, in particular, are still typically unsophisticated (although this is changing) and easy to recognize with some basic training.

Multi-factor authentication is another powerful prevention tool, and when deployed correctly, it can seriously reduce the number and effectiveness of business email compromise attacks.

3. Supply chain attacks

With the emergence of the first major war in Europe for decades, 2022 saw a rise in attacks targeting national and international infrastructure, such as supply chains.

As supply chains continue to become more interconnected, complex and reliant on technology, the risk of attacks grows, along with their potential to inflict disaster. Research suggests that up to 40% of cyber threats are now occurring directly through the supply chain.

A report by Accenture in May found that supply chain disruptions in the Eurozone have led to a loss of €112 billion so far and could amount to €242 billion across 2022 and 2023 — a staggering 2% of GDP.

4. Attacks on Internet of Things (IoT) devices

As the Internet of Things continues to grow in scope, sophistication and accessibility, it’s becoming an increasingly tempting target for cyber criminals. IoT devices are now used in our homes, offices, assembly lines, factories and much more. They allow businesses to tap into data insights in entirely new ways, reduce the workload of human employees and essentially add to the bottom line. With benefits like these, IoT is not going away anytime soon.

The very fact that IoT devices use large amounts of data makes them attractive targets for hackers, especially since many IoT devices are not well-secured. One example is the MiCODUS MV720 GPS tracker — a device for tracking vehicles and preventing theft and other forms of loss through actions like cutting fuel supply.

In 2022, several vulnerabilities were identified in the MiCODUS MV720, allowing attackers to potentially access valuable data and disrupt or even disable entire fleets of vehicles. Given that the MV720 trackers are used by parties like law enforcement and the military around the world, this represents a monumental threat.

Defending IoT devices

Keeping IoT devices and networks protected involves:

  • Keeping software updated at all times
  • Acting fast to identify and mitigate any vulnerabilities
  • Using strong encryption of WiFi and private 5G networks
  • Making sure your passwords are regularly updated for home devices and strongly considering using 2-factor authentication.

Looking to the future

2022 showed us that cybersecurity is constantly evolving and always of the utmost importance. As we enter a new year, it’s likely that security teams will have to contend with an entirely new range of threats and attack patterns.

But if 2022 is any indication, most of the major threats will be preventable with robust security hygiene and best practices.


More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today