Ransomware gangs will step up their game in an attempt to keep up momentum
FinCEN, the US’s Financial Enforcement Network, reported the total value of suspicious activity related to ransomware in the first half of 2021 was 30% higher than the amount filed for all of 2020. This year, vital businesses such as the Colonial Pipeline, JBS, one of America’s largest beef producers, and Swedish supermarket chain, Coop, were affected by ransomware. Avast researchers predict the global ransomware crisis to deepen in 2022, with further attacks on critical infrastructure, such as aviation. In order to better target businesses, the researchers believe cybercriminals offering ransomware as a service (RaaS) will improve affiliate models, including adding ransomware designed for Linux, better payouts, and building upon extortion layers. The Conti ransom gang recently threatened to sell access to the hacked organization in addition to selling or publishing files if a company refuses to pay. Furthermore, attacks are expected to be carried out by company insiders.
In terms of ransomware attacks against consumers, Jakub Kroustek, Avast Malware Research Director, says “Two years ago, the most successful ransomware gangs began shifting their focus from spray and pray-like attacks on consumers to focusing on targeted attacks on businesses. We expect this trend to continue, but also anticipate a resurgence of ransomware targeting consumers, with cybercriminals adopting some of the techniques used to attack businesses, like using multiple layers of extortion, such as data exfiltration followed by doxing. In order to do so effectively, a significant amount of automation will be required to identify valuable data, due to the larger number of individual targets, and their systems being more fragmented data sources. We also wouldn’t be surprised if more and more Mac and Linux users were to fall victim to ransomware, as malware authors have begun to consider these platforms when writing their code, in order to target a wider audience and thus maximize their profits.”
Cybercriminals will continue to collect digital coins
With Bitcoin reaching a new all-time high in 2021, Avast experts forecast a continuation of the use of crypto mining malware, cryptocurrency-related scams, and malware targeting cryptocurrency wallets, as well as heists on exchanges in 2022.
“Cryptocurrencies, like Bitcoin have risen in popularity over the past years, and experts believe their value will continue to rise in the next few years. Cybercriminals go where the money is and so they will continue to spread mining malware, malware with wallet content-stealing capabilities, scams related to the trend, and will continue to carry out heists on exchanges,” says Jakub Kroustek.
Work from home will keep company doors open for cybercriminals
While some aspects of public life have returned to normal, or a hybrid version of what society once was pre-pandemic, work from home will likely continue. According to a McKinsey survey from May 2021, office space managers expect a 36 per cent increase in work time outside of their offices, after the pandemic. Working from home provides employees and companies benefits, but poor implementation in terms of network security set-ups will continue to put companies at risk.
“Misconfigured VPNs, especially without two-factor authentication, leave businesses particularly vulnerable as they are basically a locked door protecting extremely valuable information that would be better protected with a second lock or in a safe. This scenario gives cybercriminals easy access into a company’s network if they can either get their hands on login credentials or can crack these,” explains Jakub Kroustek. “Another work from home related risk is employees downloading company data onto their personal device, which may not have the same level of protection as their company-issued device.”
Additionally, Avast experts predict audio deepfakes will be used in spear-phishing attacks. Criminals will use deepfake audio to imitate an executive or other employee to convince someone to grant them access to sensitive data or to a company’s network.
“Cybercriminals may have more success with deepfake audio because many people are still working from home. This means they cannot either see that the person on the phone is really at their desk typing and not on the phone with them, or they cannot confirm the person’s request by physically going over to them,” continued Jakub Kroustek.
How to protect oneself from attacks going into 2022
“No one should assume they are immune to cyber attacks, regardless of the operating system they use and the amount of technical expertise they have, software producers included,” explains Jakub Kroustek. “Supply chain attacks, like the attack on Kaseya that spread ransomware to its clients, happen time and time again and will continue to occur. It is, therefore, vital devices be protected with security software”.
Patching will continue to be essential when it comes to combating ransomware and other attacks that propagate via unpatched software. Attackers will use vulnerabilities/exploits more frequently, even for commodity malware, like crypto miners, according to Jakub Kroustek.
Computer and mobile users alike should stick to official sites and app marketplaces when downloading software and updates to avoid malware and scams, as well as read reviews carefully to catch any red flags. Moreover, users should avoid clicking on suspicious links, such as links sent from unknown senders, regarding purchases, for example, that they did not make, or related to accounts they do not have, and links that do not match the service being referred to in messages.
Two-factor authentication should be applied wherever possible, this applies to consumers and businesses alike but is especially important for VPN configurations.
Finally, in terms of actions police can take to combat and eliminate the source of attacks, Avast experts foresee Infrastructure as a Service (IaaS) to be used more frequently, with malware authors primarily focusing on their malware, rather than the infrastructure it lives on. This could allow police to take down IaaS, to take down entire operations.