Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.
According to Gartner, continued increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes. As a result, security and risk management leaders must ensure that their existing security solutions remain appropriate for the changing landscape.
The two prior years saw massive changes in the way businesses function, as we were forced to lean on cloud security in a complicated work environment. Not much is certain in this work-from-home world, so it’s important to analyze the previous trends among attackers and have a plan as their tactics evolve. From supply chain attacks to an increase in phishing scam campaigns against financial services organizations, here are some predictions of what we are likely to face in 2022.
Ransomware Reigns Supreme as the Preferred Cybercrime
Ransomware is a type of malware that encrypts a company’s files, rendering the content unusable unless and until a sum of money is paid to the criminals. Ransomware attacks are often perpetrated by gaining access to account credentials through a malicious link, attachment, or some other form of social engineering tactic. We should expect to see these attacks continue, especially as small businesses experience a shortage of cybersecurity resources and expertise that leaves them unprepared to repel a ransomware attack.
In a press release from the Identity Theft Resource Center (ITRC), it was stated that ransomware attacks were one of the top two attack vectors, accounting for a majority of the data breaches from the start of the year through September 2021. The total number of events in 2020 has exceeded 17%, with 1,291 breaches in the first three Quarters of 2021. That's compared to 1,108 breaches in all of 2020.
Transitioning to remote work also presented a problem for on-premise networks. These custom-built environments require teams of professionals to secure them from vulnerabilities and to protect them from attack. In 2022, we can expect to see ransomware gangs develop better methods for not only evading detection from the authorities but also the possible extreme of forming ransomware syndicates.
Ransomware-as-a-Service Is on the Rise
In 2021, we saw a surge in ransomware attacks targeting companies ranging from international meat producers and oil pipelines to regional victims such as ferries between Martha’s Vineyard and Nantucket. Back in May, the cyber gang known as “DarkSide” forced the closure of one of the largest oil pipelines in the United States after stealing 100GB of corporate data in just two hours. As successful attacks increased, so too did the number of organizations turning their Ransomware-as-a-Service (RaaS) into a franchise.
RaaS allows attackers to infiltrate the organization. The franchisers provide all the tools for encryption and ransom collection in exchange for a percentage of the payout. These attackers are targeting supply chains and critical infrastructures such as energy, healthcare, food, and transportation. The window of acceptable downtime is short, so these victims are more likely to pay the ransom.
Remote Workers Will Continue to Face Risk
Working from home comes with no shortage of challenges, and understanding the risk that cloud email users face is chief among them. For example, employees tend to rely on email as the primary method of communication when sending each other sensitive documents and links. This elevates the risk of impersonation and phishing attacks. We should anticipate that the challenges created by remote working will continue to accelerate. Businesses that move to cloud email platforms must insist on more than a single-layered defense in order to evade today’s most significant threats.
Advanced Phishing and CEO Fraud Attacks Are Increasing
Most organizations already have some level of existing email security protection, but phishing and ransomware attacks are at an all-time high and are expected to increase through the new year. Outgoing email security is also a concern.
CEO fraud is an email scam that malicious actors will use to fool employees into transferring money to the attacker or giving away sensitive business information. Criminals will pose as the company’s CEO or other executives and send emails asking employees, usually in Human Resources or Finance, to help them out by making a bank transfer.
Phishing attempts and malware may seem simple to spot, but cybercriminals take advantage of email-dependent employees as well as employee distraction while targeting these users with more sophisticated email attacks containing malware intended to infect and destroy devices as well as manipulating the user.
Watch for increased attacks during holidays and other significant events. Both CISA and the FBI warned that cybercriminals are eager to disrupt businesses and critical infrastructure to demand payments in cryptocurrency.
Malicious Attachments Are an Ongoing Threat
Microsoft Excel and Word macros have long been used in phishing attacks by cyber thieves to launch remote access tools to gain access to their victim’s computer. More recently, cybercriminals have repackaged these types of attacks using COVID-19 themed attachments, taking advantage of the fear and uncertainty surrounding the pandemic. Despite an increase in knowledge surrounding malicious attachments, the tactic remains one of the top threats used by cybercriminals.
Attacks were usually attempted using infected attachments such as PDF files and Office files. However, criminals are finding new ways to avoid detection and bypass email protections using file types that are not traditionally blocked. One recent attack delivered its payload via an infected IMG file, a file customarily used to deliver a disc image.
Zero-Day Malware Attacks Are Increasing
A zero-day attack is when attackers exploit a flaw in software or hardware before it can be identified and remediated by the manufacturer. These vulnerabilities are often then sold to other criminals.
Zero-day exploits require more work to pull off, but because so many companies are operating in the cloud, one vulnerability can result in millions of customers being targeted for an attack. Success in attackers spotting the exploit chain is part of the reason for the rise in the number of attacks.
Stay Ahead of the Threats
When it comes to prevention, there are a few standard tips and risks to be mindful of. Most commercial default security settings are severely lacking, leaving remote workers susceptible to credential phishing. According to one news report, the FBI estimates that thirty percent of phishing attacks make it through existing systems and are opened by target users. Using email authentication protocols will help by confirming the received messages are legitimate, while sender authentication protocols work by preventing spoofing and business email compromise (BEC). Cybersecurity teams will be able act more proactively with prevention in real-time with the help of machine learning. Machine learning also can aid in time management of daily tasks, enabling companies to more effectively delegate their resources.
Conclusion
As businesses move forward, preparing against the threat of cyberattacks is equally crucial. Resilience can only take shape through careful examination of an organization’s current security posture and a strategic plan towards the organization’s future cybersecurity disposition. Email still remains a major attack vector for criminals, but those criminals are altering their attack methods, making email security even more important. Part of an effective plan must include predictions using a threat hunting mindset. This way, a company can keep pace with emerging threats before they become an emergent event.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.
