Cybersecurity has been headlining news publications for the better part of 2021. In Sophos’ 2022 Threat Report, threat researchers looked back on this past year to help inform what we can expect from the threat landscape as we approach the new year.
Let’s look at a few key areas that MSPs should keep in mind as cyberattacks continue to evolve in 2022.
Service-Based Approach To Ransomware
Ransomware-as-a-service (RaaS) offerings leasing attack code and infrastructure, often accompanied by attack “playbooks” to affiliates took a larger share of the ransomware landscape in 2021. Where attacks would previously be carried out by one ransomware group, RaaS has changed this process so those who develop original ransomware code can lease it to affiliate customers and Initial Access Brokers (IABs), who locate potential victims and implement the attack to hold data hostage.
Some of the most noteworthy ransomware attacks of the year, like the Colonial Pipeline breach, were executed by RaaS-enabled groups. The more that this RaaS trend continues, the more the size and scope of ransomware delivery methods will grow, so MSPs need to be on the lookout.
Ransomware Attacks Involving Extortion And Other “Pressure To Pay” Tactics Are Becoming More Popular
Sophos researchers expect that ransomware attacks will increasingly be accompanied by additional measures designed to increase pressure on the victim to pay the ransom. Attackers will use pressure tactics such as data theft, threatening phone calls or emails and distributed denial of service (DDoS) attacks and more to make life difficult for victims.
Attackers will also continue to use commodity malware such as loaders, droppers, and increasingly advanced human operated IABs to target and deliver the ransomware to victims. They will also continue to abuse commercial penetration-testing tools to implement their attacks.
It is likely that, in 2022, attacks will continue to increase in intensity and range, and MSPs must be devoted to constantly monitoring legitimate tool abuse and malicious breaches in their networks. Both sophisticated and lesser-skilled cyber criminals are jumping on reported vulnerabilities faster than ever before, meaning a robust approach to patching and layered defense strategy is crucial for the upcoming year.
Cryptocurrency Will Supply Momentum For Malicious Cryptomining And Ransomware
Without improved regulation, cryptocurrency will continue to drive cryptomining and ransomware in the coming years as attackers continue to extract ransoms from their victims in cryptocurrencies like bitcoin. The U.S. took its first step in passing an infrastructure bill aimed at regulating crypto exchanges, but until it takes effect in 2023, the use of crypto exchanges will increase for at least another year. Governments worldwide need to introduce new regulations to eliminate ransom payments flowing through crypto exchanges.
AI Will Be Increasingly Leveraged To Drive Cyberattacks
AI-driven cyberattacks are likely still a few years out, but it’s not far enough out of sight for MSPs to ignore. AI is set to take on a bigger role in cyberattacks, enabling attacks from fake social media accounts and watering-hole attacks, to spoof phishing emails, and, eventually, utilizing deepfake voice synthesis tech.
To stay a step ahead of next year’s cyberthreat landscape, here are some tips for MSPs to focus on:
- Help customers increase employee IT security hygiene and education, to ensure everyone is equally adept at spotting and flagging a phishing attempt and is using multi-factor authentication protocols for secure logins.
- Constant monitoring of legitimate tool abuse – including suspicious combinations of legitimate tools – with the same frequency you would scan for malicious breaches into a network.
- Ensuring customers deploy, in tandem, anti-ransomware software, layered protection technologies and human-led expert threat hunting teams, to cover all potential vulnerabilities and points of entry into your network.