(January 5, 2022) The 2022 cybercrime economy is now worth at least $1.2 trillion, according to economists. That makes it the 15th largest economy in the world, by IMF estimates. It generates more profits than the combined global trade in all illegal drugs.
Here are five threats that will drive the cybercrime economy in 2022.
Ransomware will remain a top threat.
Ransomware continues to be the engine driving cybercrime growth. Security firms say 2021 was a record year for ransomware with more than 700 million attacks, a 130 percent increase over 2020. Industry analysts are in near-universal agreement that ransomware attacks will become even more frequent, sophisticated and costly in 2022. Although critical infrastructure, state and local governments and healthcare organizations are key targets, no business is safe. Ransomware-as-a-Service makes it easy for unsophisticated criminals to attack small to midsize businesses (SMBs).
Cryptojacking will become more prevalent.
Cryptojacking skyrocketed in 2021 in conjunction with the growth of the cryptocurrency market, with one reporting saying the threat increased 400 percent compared to 2020. In a cryptojacking attack, cybercriminals install malware that secretly uses the victim’s computer to mine cryptocurrency. The malware often goes undetected because it impersonates other types of files. Although cryptojacking malware doesn’t usually steal data or cause noticeable disruption, it consumes system resources and network bandwidth, affecting performance. And security analysts are warning that the malware increasingly comes with malicious payloads that do compromise systems.
The log4j flaw will take the entire year (or more) to fix.
In December, security researchers discovered that attackers are able to exploit a flaw in the open-source log4j logging library for Java applications. Although it sounds obscure, log4j is used in billions of devices, so the problem is one of potentially catastrophic proportions. The flaw enables an attacker to store malicious code in log files, then use the compromised device to launch other attacks. Fixing the problem in Java apps that use log4j directly can be as simple as updating to the latest version. However, many apps call log4j indirectly through other libraries, making them more difficult to identify and update.
Supply chain attacks will keep security experts up at night.
Microsoft says the Russia-linked hacker group Nobelium — which launched the SolarWinds attack in 2020 — has been targeting the global technology supply chain since May 2021. This time, the group is targeting resellers and technology service providers. Supply chain attacks, such as the SolarWinds and Kaseya hacks, are especially serious because they can impact hundreds or thousands of companies downstream from the initial victim. Increasingly, these attackers are targeting cloud resources, which could have a devastating impact. In many cases, the groups behind these sophisticated attacks are funded by adversarial nation-states.
Cloud resources will come under fire.
Nation-state actors aren’t the only cybercriminals looking to take advantage of cloud vulnerabilities. Cloud misconfigurations, inadequate identity management and authentication practices, unpatched systems and applications, and other security weaknesses have left many cloud resources open to attack. As more companies migrate applications and data to the cloud to support remote work models, cloud attacks are expected to rise. In a recent survey by IDC, 98 percent of respondents said they had experienced at least one cloud security breach within the previous 18 months.
A qualified managed security services provider (MSSP) can perform a thorough assessment of your cybersecurity environment, identify gaps and vulnerabilities, and help you develop a plan for protecting against these attacks. With the cybercrime economy expected to grow in 2022, now’s the time to take steps to improve your security posture.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
