9 hot (and not) cybersecurity trends:
Hot – Ransomware
Hot – Cryptomining/Cryptojacking
Hot – Deepfakes
Hot – Videoconferencing attacks
Cold – VPNs
Hot – IoT and OT attacks
Hot – Supply chain attacks
Hot – XDR
Cold – Passwords
Hot: Ransomware isn’t going away
Ransomware attacks are on the rise and show no signs of slowing down, says Shira Rubinoff, cybersecurity executive, author and consultant. “These attacks have grown exponentially and will continue to rise – largely due to the pandemic, as we’ve seen the massive amount of online growth and increased digital environments. The shift to work-at-home left organizations scrambling to strengthen their cybersecurity posture. Now, organizations have to deal with their employees multitasking both professionally and personally from multiple devices in an environment that may or may not be secure.”
Rubinoff recommends that organization focus on implementing cyber-hygiene, including training and education for the entire organization to help mitigate phishing attacks. She adds that organizations should be proactive in securing data and should consider implementing a zero-trust security model.
Key numbers: The threat of “new ransomware models” is the top concern facing executives, according to Gartner’s latest Emerging Risks Monitor Report. Ransomware doubled in frequency in 2021, according to the Verizon Data Breach Investigations Report. Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's 2021 Ransomware Study.
Hot: Cryptomining/cryptojacking ramps up
Cryptojacking, ransomware’s less flashy cousin, occurs when attackers use ransomware-style phishing attacks to breach an organization to mine cryptocurrency using the organization’s compute resources. One advantage for the attacker is that they can remain undetected for a long time. Since no ransom was sought and no personally indentifiable information was stolen, companies don’t have to disclose that were hacked. That makes it difficult to quantify the cost of the intrusion, since the damages are things like lost compute capabilities, slower performance and higher electric bills. However, as cryptocurrencies appreciate in value, there’s more incentive for attackers to commit cryptojacking. The ultimate payout consists of a reward (in cryptocurrency) for being the first to validate a new block of transactions.
“I don’t know if organizations are as focused on it because it’s less obtrusive than ransomware,” says IDC analyst Frank Dickson. He points out that cryptojacking is a growing and serious security threat because, “It’s essentially a backdoor into your organization” that could be sold to others looking to launch ransomware or other types of attacks.
Hot: Deepfakes become weaponized
Deepfakes (think Photoshop on steroids) will become a hot security issue this year and beyond, says cybersecurity consultant Dr. Magda Chelly. Thus far, deepfakes have been seen primarily in the entertainment sphere, with doctored videos showing one actor’s face morphing into another. Or, with politicians being spoofed on video saying things that they clearly never said.
Chelly predicts that attackers will weaponize deepfake technology to compromise biometric access controls by spoofing someone’s face. The use of AI-based deepfakes has many other sinister possibilities in the enterprise realm. There has already been a case in which fraudsters spoofed the voice of a CEO and tricked a subordinate to transfer a large amount of money to a fake account. Beyond fraud, an attacker could create a video in which a CEO or other business executive is shown doing something embarrassing or illegal and use the deepfake for blackmail purposes.
Key numbers: "Based on the hacker chatter that we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019,” says Alon Arvatz, senior director of product management at IntSights, a Rapid7 Company.
Hot: Attacks against conferencing software
With the pandemic showing no signs of slowing down, many employees are remaining at home, communicating with colleagues over teleconferencing and videoconferencing software. James Globe, vice president of operations at the Center for Internet Security (CIS), says attacks against those services will continue to be a concern.
He says organizations need to adopt formal corporate policies and procedures for staffers to follow to combat threat actors trying to piggyback on a session to eavesdrop on conversations and to view presentations that might contain sensitive information.
Globe recommends that organizations take steps like scrubbing invitation lists, password-protecting video conferences, sending out passwords in a separate communication from the meeting invitation, having the moderator manually admit participants, and locking the meeting once it starts.
Key numbers: More than 30% of companies reported an attack of their videoconferencing systems during 2021, according to the Acronis Cyber Readiness Report.
Cold: VPNs are fading away
The pandemic put the spotlight on secure remote access for work-at-home employees, exposing the flaws of the traditional VPN. It’s not all that secure, it’s complex to manage, doesn’t provide a good user experience, and it’s part of the old-school perimeter model of security.
“It’s not that we’re throwing away VPNs,” says Dickson, “but when we look at ways to secure remote workers, VPNs are not something we want. We’d rather do a zero-trust remote access solution.”
VPNs provide a secure tunnel between the remote user and enterprise resources, but VPN technology can’t tell if the connecting device is already infected or if someone is using stolen credentials; it doesn’t provide application layer security, and it can’t provide role-based access control once a user connects to the network. Zero trust addresses all those issues.
Key numbers: Gartner predicts that by 2023, 60% of enterprises will phase out their remote access VPN in favor of zero trust network access.
Hot: Attacks against IoT and OT
Chelly says attacks against internet of things (IoT) and operational technology (OT) infrastructure will heat up in 2022 across a variety of targets including critical infrastructure, traditional manufacturing facilities, even smart home networks.
Attackers will target industrial sensors to cause physical damage that could result in assembly lines shutting down or services being interrupted, Chelly says. The pandemic has increased the prevalence of employees managing these systems via remote access, which provides “a very good entry point for cybercriminals.”
Chelly predicts attackers will also conduct ransomware-type attacks that lock up a homeowner’s smart door lock or smart thermostat. In this scenario, the attacker is probably targeting the vendor that supplies the smart home technology.
Key numbers: According to one experiment in which testers set up a home network and monitored it for attacks, there were more than 12,000 hacking attempts in a single week.
Hot: Supply chain attacks
The supply chain is only as strong as its weakest link and that’s how hackers are going after high-value targets. The most infamous hack in recent times was the SolarWinds attack, a supply chain attack in which hackers leveraged a flaw in network monitoring software from SolarWinds to breach hundreds of companies.
Globe says supply chain attacks will remain a hot topic. He recommends that organizations pay special attention to third parties, partners, contractors, managed service providers and cloud service providers. Insist that these entities demonstrate that their security practices are sound and make sure to constantly verify that these organizations are adhering to their security policies.
Key numbers: Forrester data reveals that 55% of security professionals reported their organization experienced an incident or breach involving supply chain or third-party providers in the past 12 months.
Hot: Extended detection and response (XDR)
Extended detection and response (XDR) is a relatively new approach to threat detection and response that attempts to break down security siloes and provide a cloud-based service that encompasses multiple security-related data streams. XDR takes advantage of the power of cloud-based big data analytics to make sense of data from endpoint protection agents, email security, identity and access management, network management, cloud security, threat intelligence, threat hunting, etc.
Dickson says XDR is less about a specific product than it is about building a platform that can integrate the capabilities of multiple security tools to analyze a potential security threat in context.
Key numbers: According to Gartner, up to 40% of end-user organizations will use CDR by year-end 2027.
It’s been a longstanding truism that passwords are a weak form of security, but the industry has been slow to adopt alternatives – until now. Between the FIDO Alliance, Microsoft Hello and strong pushes by industry heavyweights like Apple and Google, momentum is growing for passwordless authentication based on biometrics (fingerprints or facial recognition).
Dickson recommends that organizations “eliminate passwords whenever possible.” He adds that fully passwordless solutions are preferable to two-factor authentication schemes that rely on passwords for one of the factors.
Key numbers: According to the latest Verizon Data Breach Report, 80% of data breaches are the result of poor or reused passwords.