As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape.

It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful.

In this article, we’ll round up some of the most common cyberattack patterns we saw in 2022, what they meant for organizations (and society in general) and present some concrete strategies to deal with these threats in the future.

1. Ransomware

It’s been a somewhat strange year for ransomware. The first half of the year saw a surge of ransomware attacks, but then subsided in Q3 and continued to slow down. Still, the percentage of breaches caused by ransomware grew 41% in the last year; identification and remediation for a breach took 49 days longer than the average breach.

Ransomware attacks typically follow roughly the same pattern. An attacker gains control of one or many of an organization’s assets, such as critical data, encodes them and demands a ransom for their release.

2022 saw some significant ransomware events. One example was the Toyota hack in February and March, where multiple Toyota suppliers were hacked, leading to an estimated 5% dip in Toyota’s monthly production capability.

Another series of noteworthy attacks targeted the government of Costa Rica in April and May, disrupting the country’s financial and healthcare systems and causing the government to declare a national emergency — the first time this has happened as a result of a cyberattack.

Defending Against Ransomware

Defense against ransomware is all about prevention — once the attackers have gained access to your assets, it becomes much more difficult to mount a successful response. Many strategies exist to strengthen your defenses here, from simple things like educating employees on using stronger passwords and avoiding phishing scams all the way to more sophisticated methods.

But typically, good security hygiene always wins. Network segmentation, for one, is a powerful tool against ransomware. When firewalls or other methods separate different segments, if an attacker were to infiltrate one segment (like HR), they would be unable to traverse to another (like Finance). So if one device or area is compromised, it doesn’t spell doom for the entire company.

Other best practices include having reliable backups of all critical data and a solid incident response strategy to get things up and running as soon as possible with minimal downtime.

2. Email Compromise

Compromised emails can seem like a frustratingly basic and simple way for attackers to infiltrate your company network, but (perhaps because of that simplicity) this remains a very common and effective attack pattern in 2022.

After a downturn in this type of attack in 2020 and 2021, email cyberattacks increased by 48% in the first half of 2022, with reports of 11,395 incidents costing businesses a total of $12.3 million.

A common attack pattern here involves phishing, which is still the most common attack method in 2022. Phishing emails are usually short, often refer to things like unpaid invoices and are increasingly smart and consistently effective.

Defending Against Email Compromise Attacks

The best defense against email attacks is education. If your employees are aware of the threat, understand the common warning signs and follow best practices like choosing strong passwords and regularly updating them, the risks decline significantly. Phishing attacks, in particular, are still typically unsophisticated (although this is changing) and easy to recognize with some basic training.

Multi-factor authentication is another powerful prevention tool, and when deployed correctly, it can seriously reduce the number and effectiveness of business email compromise attacks.

3. Supply Chain Attacks

With the emergence of the first major war in Europe for decades, 2022 saw a rise in attacks targeting national and international infrastructure, such as supply chains.

As supply chains continue to become more interconnected, complex and reliant on technology, the risk of attacks grows, along with their potential to inflict disaster. Research suggests that up to 40% of cyber threats are now occurring directly through the supply chain.

A report by Accenture in May found that supply chain disruptions in the Eurozone have led to a loss of €112 billion so far and could amount to €242 billion across 2022 and 2023 — a staggering 2% of GDP.

4. Attacks on Internet of Things (IoT) Devices

As the Internet of Things continues to grow in scope, sophistication and accessibility, it’s becoming an increasingly tempting target for cyber criminals. IoT devices are now used in our homes, offices, assembly lines, factories and much more. They allow businesses to tap into data insights in entirely new ways, reduce the workload of human employees and essentially add to the bottom line. With benefits like these, IoT is not going away anytime soon.

The very fact that IoT devices use large amounts of data makes them attractive targets for hackers, especially since many IoT devices are not well-secured. One example is the MiCODUS MV720 GPS tracker — a device for tracking vehicles and preventing theft and other forms of loss through actions like cutting fuel supply.

In 2022, several vulnerabilities were identified in the MiCODUS MV720, allowing attackers to potentially access valuable data and disrupt or even disable entire fleets of vehicles. Given that the MV720 trackers are used by parties like law enforcement and the military around the world, this represents a monumental threat.

Defending IoT Devices

Keeping IoT devices and networks protected involves:

  • Keeping software updated at all times
  • Acting fast to identify and mitigate any vulnerabilities
  • Using strong encryption of WiFi and private 5G networks
  • Making sure your passwords are regularly updated for home devices and strongly considering using 2-factor authentication.

Looking to the Future

2022 showed us that cybersecurity is constantly evolving and always of the utmost importance. As we enter a new year, it’s likely that security teams will have to contend with an entirely new range of threats and attack patterns.

But if 2022 is any indication, most of the major threats will be preventable with robust security hygiene and best practices.


More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read