Cybercrime, is the year of the evolution of consolidated techniques

Supply chain attacks, ransomware with quadruple extortion, exploitation of the Internet of Things: these are some of the cybercriminal trends forecast by Trend Micro for this year. Posted on 01 February 2022 by Elena Vaciago

2021 marked a turning point for companies of all sizes, including in terms of cybersecurity. Repeated lockdowns have prompted many of them to speed up their digital transformation and adopt hybrid working models. Today, after nearly two years of a pandemic, these same companies must prepare for a new gear shift as the world is repositioning itself into yet another new normal. Cybercriminals are preparing to take advantage of the opportunities that arise from a still fluid business landscape. New challenges are set to emerge as the push towards digital continues to redefine the attack surfaces of companies. As Trend Micro describes in its forecast for 2022, emerging threats will continue to test the resilience of supply chains around the world this year. In ransomware attacks, the model of quadruple extortion (in which calls and messages to its business partners are added to the blackmail towards the victim) has gained popularity among criminals and this year will cause disruptions of operations whose consequences will not be felt only by the victims direct but also from their customers and partners. "If we look at the events of recent months, from the zero-day Log4J vulnerability emergency to attacks on government sites in Ukraine, we see actions that could easily have been predicted," commented Robert McArdle, director of FTR Cybercrime Research at Trend Micro. meeting with journalists on the occasion of the presentation of the research. “In recent years, a general trend has been increasingly confirmed by those observing the trends in cyber threats: the willingness of attackers to maximize the profits linked to their activities. Today we know that this involves a strong specialization in the online crime industry: compared to ten years ago, activities today are much more focused on individual aspects of the cybercrime value chain. We see it, for example, in the ransomware-as-a-service offer: the attacker takes advantage of the work done by others in creating and making malware available for a fee. The business models of cybercrime have also evolved: the various parties collaborate and share the proceeds ". And what is happening in Italy? "Basically the same things, it is a general evolution and we are part of it," explained the country manager, Gastone Nencini. "Indeed, Italy is among the most affected countries, due to the widespread presence of small and medium-sized enterprises, with inadequate investments for cybersecurity. Over the past two years, the pandemic has speeded up adaptation to a new normal, but has opened up wider attack surfaces. In essence, the perfect storm was created within which cybercrime was able to navigate safely, a step ahead of corporate defenses ". “Many companies”, continued Nencini, “continue to push for digitization, for a more thorough use of IT tools or various platforms. Here, then, that new windows open for those who create the attacks: the control of vulnerabilities is now necessary for all the new technologies put on the market, the new apps, the IoT devices. We as consumers are attacked but at the same time we are also the product that is sold, because our personal data is sold in dark markets. We cannot stop, we must look beyond and always keep up with cybersecurity ".

Trend Micro's predictions for 2022

To successfully address this year's threats, organizations will need to be more vigilant and take a comprehensive, proactive and cloud-first approach to mitigating cyber risks. Research, forecasting, and automation will be key to managing attacks and protecting corporate users, as will compliance with best practices, applying the Zero Trust model, choosing the right security solutions and owning an adequate level of skills. Let's see in detail what the main trends of this year will be, according to Trend Micro.

• Cloud Threats: Cybercriminals will be innovators and traditionalists alike, taking a shift-left approach to follow the latest technology trends and continue to leverage proven techniques to target cloud users. DevOps environments are particularly targeted and APIs are used to carry out large-scale attacks. • Ransomware threats. In 2022, servers will be the main target of ransomware. Cybercriminals wishing to access corporate targets will focus on exposed services and server compromises rather than endpoints, and attacks will be even more targeted. • Exploitation of vulnerabilities. In 2022, even more zero-day vulnerabilities will be discovered in the wild. The window available to turn a vulnerability into a weapon will be reduced to a few days, if not hours, and exploits will be written for bugs fixed in beta before the related patches can be released to consumers. In 2022, a segment of cybercriminals will be dedicated to keeping an eye on companies, in view of any announced vulnerabilities and patches. • Commodity malware attacks. Small and medium-sized businesses will be exposed to attacks by Ransomware-as-a-Service (RaaS) affiliates and petty cybercriminals who exploit commodity malware while maintaining a low profile. In particular, the Internet of Things devices used by SMEs will be the main targets of these attacks. • IoT threats. Information associated with the Internet of Things will become an increasingly popular commodity in the cybercriminal underground. In 2022, however, the bad guys will be motivated by aspirations far higher than that of taking control of IoT gadgets: they will want to have a convenient base of attack for further criminal activities or to be able to move sideways within a network. Furthermore, cybercriminals will soon embark on a new gold rush, sparked by data from smart cars. • Threats to supply chains. Supply chains around the world will be targeted by quadruple extortion techniques. To make the most of cyberattacks, the perpetrators will in fact force their victims to pay large sums of money through an extortion technique that runs along four lines: holding a victim's critical data hostage until a ransom is paid; threaten the dissemination of information and the publicity of the violation; threaten attacks on the victim's clients; finally, attacking the victim's supplier supply chain.