Cybersecurity threats are aimed at accessing an organization’s sensitive data. In 2021, cyberattacks were at an all-time high, and they will not be slowing down any time soon. If you haven’t already, it’s important to prepare your IT systems for cybersecurity threats. To do so effectively, you need to know what these threats are, and how do they infect your networks.
4 Sources of Cybersecurity threats 2022
The sources of emerging cyber threats and attacks seem endless. There are various reasons why someone would want to hack. Let’s take a look at some of the most common sources of cyberattacks and see if we can dig deeper.
Hackers, Cybercriminals and Ransomware Groups
Cybercriminals and ransomware groups are responsible for about 80% of cybersecurity incidents. These individuals or group of individuals exploit vulnerabilities in your critical infrastructure to encrypt and steal confidential information – demanding ransom in return for the decryption key, and threatening to publish sensitive information if the ransom is not paid.
Examples of said cybercriminals include Conti, Lapsus, Babuk, REvil, Darkside, and more.
Internal Threat: Corporate Espionage
The bigger your company, the more likely it is that competitors or researchers will want to steal sensitive data. Cybercriminals may try to hack data for profit or personal gain. Remember to take extra precautions when it comes to protecting trade secrets.
Ransomware groups have been attempting to hire corporate employees specifically system administrators, programmers, and reverse engineers, to support their criminal activities and exploit employee access to critical business networks.
If you’re an entity aligned with a certain cause, then you are susceptible to attacks by hacktivists groups. Distributed Denial of Service (DDoS) and hacktivists may attack your site to prove their case. These cybercriminals may want to do something as simple as take down your website, or they may want to put you out of business.
A recent example of such cybersecurity threats, is in Russia and Ukraine conflict. Multiple ransomware groups and members of “Anonymous”, a hacktivist collective, have announced that they are getting involved in the conflict.
Sources estimate that more than 60% of organizations do not have a proper employee offboarding process. This allows disgruntled and unhappy employees to maliciously steal/sell and sometimes wipe clean the company’s intellectual property and business-related sensitive information. The motive to do so varies from “scoring big” before leaving the company to simply “getting back at them”.
What’s important to note is that unless proper data protection measures and set in place to mitigate it, ex-employees can do irreparable damage to your business.
The case of Nicholas Burks and a Tennessee-based tech support firm Asurian is an example of the abovementioned cybersecurity threat. After the company fired Burks for performance-related issues, Burks proceeded to use a company laptop, stealing internal corporate information, and threatening company executives that if they didn’t pay ransom, the employee social security numbers, banking information, and customer names and addresses would be published publicly.
6 Most Common Cyberthreats 2022
Now that we’ve looked at threat actor profiles, here are some of the most common cyber threats you’ll encounter in your environment, and some things to consider when trying to protect your corporate data.
Malware/Spyware – Encrypt, Steal, Give Remote Access, or Completely Wipe Out Data
Cybercriminals will try to install malware in order to gain access to a system or network. Let’s take a look at three types of malware.
You see ransomware stories in the news all the time. A sophisticated form of ransomware will infiltrate your computer networks and may do nothing for a while, making it difficult to detect. When ransomware is activated, it starts blocking access to your systems and encrypting backups.
By the time it’s done, your only hope is to repair your systems or pay the ransom (not recommended).
A more classical malware, a trojan looks like a standard application at first but when it’s installed, it executes a payload infecting your data leading to loss of data and software/hardware malfunction.
A wiper attack “wipes” / deletes stored on your computer/laptop/servers. Sometimes disguised as a ransomware, as it was in the case of Petya, the cybercriminals lie that they’ll restore your data after receiving the ransom but the data has already been deleted as part of the infection.
Drive-by downloads look no different than standard and “legitimate” application/software downloads. The difference is that when a user interacts with them by clicking on a link in an email or downloading an attachment or by downloading something from an unauthentic website, they end up downloading the executable which installs a trojan and gives remote access to cybercriminals.
Social Engineering Attacks – Manipulate Targets to Gain Access
Attacks that attempt to manipulate the target into enabling a cyberattack. These attacks can be simple such as someone pretending to be your peer asking for confidential information, or they can be far more complicated.
Let’s briefly discuss the different types and components of social engineering attacks:
A phishing attack deceives the end user by stealing credentials via email. Often times these emails come with an attachment or a link, which when clicked download an executable in the background releasing ransomware and giving backdoor remote access to cybercriminals.
Homographic attacks make users think they are connecting to more innocent systems. Homographic attacks use the same letters and numbers to make everything look believable – they make subtle changes that are difficult to notice at first glance such as replacing an uppercase ‘I’ with a lowercase letter in many characters.
Distributed Denial of Service (DDoS) Attacks
A distributed denial of service attack, also known as DDoS, is designed to completely overload the target system, rendering it unusable and denying service to employees and customers.
Botnets are devices used for DDoS attacks. These bot devices are connected to the Internet and controlled by attackers.
TCP SYN flood attack
The SYN Flood attack uses part of the TCP handshake protocol. When establishing a TCP connection, the client first sends a sync or SYN message to the server, acknowledging the connection, also known as an ACK. The client must then respond with its own ACK to complete the connection. In this case, the client never responds with its ACK, but instead keeps sending SYN messages, eventually closing the connection and making it unusable.
The attack focuses on sending incomplete packets to the target machine. The target cannot collect packets and is overwhelmed with requests that it can never fulfill.
These attacks are designed to gain access to critical IT infrastructure by targeting admin passwords of a system. These attacks are done in the following ways:
Brute-Force Attacks: Password Guessing
The brute force attack keeps generating passwords and trying to login. It systematically keeps changing the password until the correct combination is found.
Dictionary attack is slightly different. Instead of a random password lookup, a dictionary attack uses a dictionary of frequently used passwords. This makes it especially important to use unconventional passwords and multi-factor authentication (MFA).
Zero-day exploits are exploits that are available before a vendor is ready to patch its software. In most cases, attackers keep their exploits private and available on day 0 when no immediate fix is available. In some cases, hackers or researchers may notify software vendors that they have discovered a vulnerability before releasing it.
Man-in-the-middle Attack (MITM)
When a cybercriminal intercepts communication between two entities, it’s called a MITM attack. The cybercriminal uses this access to plant botnet, trojans, and gain access to critical infrastructure and sensitive information.
This method focuses on intercepting and hijacking communication sessions.
The attacker acts as sender or receiver and starts collecting and transmitting data as their intended identity. If they capture the session after granting access to the system, they can quickly access it.
A replay attack refers to storing data during a session and then replaying it later. This is another “easy” way to log in if authenticating during a dedicated session.
How to Protect Your Data from Cyberthreats 2022
Now that we’ve briefly identified the sources and types of cyberthreats in 2022, let’s look at how you can protect your critical data and infrastructure from them.
While preventive measures such as firewalls, anti-ransomware, multi-factor authentication etc. are important – alone, they are insufficient. Cyberthreats are continuously evolving and getting sophisticated with each attack. This implies that you need to have a solution for when (not if) your system is attacked.
In order to make sure you have a means to recover from a successful cyberattack, backup and disaster recovery (DR) is critical.
However, it’s important to keep in mind that backups alone are not enough. That’s because cyberthreats today not only target your production but also your backup systems. Which brings us to air-gapping and immutability – without it, any backup and DR solution is incomplete and vulnerable.
For more about air-gapping and immutability, read:
- What are air-gapped backups
- Backups aren’t enough – Here’s why you need air-gapping and immutability
- How to add air-gapping and immutability to your Veeam backup appliance
- Meet cyber-insurance requirements with immutable backups
The four common sources of cyberthreats in 2022 are:
- Cybercriminals and ransomware groups such as Conti, Ryuk, REvil, Lapsus, etc.
- Corporate Espionage
- Hacktivist groups
- Ex-Employee / Disgruntled Employees
The six common cyberthreats in 2022 are:
- Malware/spyware – includes ransomware, trojan, and wiper.
- Drive-by downloads
- Social engineering attacks – includes phishing attacks, and homograph attacks.
- Distributed Denial of Service (DDoS) attacks – includes botnets, TCP SYN flood attack, and teardrop attack.
- Password attacks – includes brute-force attacks, and dictionary attacks.
- Zero-day exploits – includes man-in-the-middle attacks, session hijacking, and replay attacks
While preventive measures such as multi-factor authentication, anti-ransomware, and firewalls are essential, it’s critical to have a backup and DR solution to ensure continuity and prevent data loss. However, it’s important to bear in mind that, considering the growing sophistication of cyberthreats, if a backup and DR solution does not have air-gapping and immutability it is not reliable and vulnerable.
Need help making sure your critical data and infrastructure is safe from cyberthreats in 2022? Talk to our experts today to help you with your projects.