Cyberattacks are constantly changing. That you know. But how are they changing? And which types of threats are the most prominent today? Those are the real questions you need to answer to stay ahead of modern security risks.
Keep reading for a primer on the most prevalent types of cyber security threats in 2022, along with insights on how to build a defense strategy against them.
(Check out our expert-recommended security reading, including books about real-world cyberattacks.)
Cryptojacking attacks have been happening since 2017. In a cryptojacking attack, intruders take control of someone else’s infrastructure in order to mine cryptocurrency on that infrastructure. These attacks grew in frequency by a factor of 85 during the Bitcoin price boom of late 2017 and early 2018.
There is evidence that crypojacking receded a bit as cryptocurrency prices dropped came back down to earth. However, with this year’s wild surge in crypto prices, which not long ago were at record-setting highs, means that the bad guys are likely to continue to be on the lookout for opportunities to launch cryptojacking attacks.
In addition to locking down access controls to keep out intruders, monitoring IT environments for unexplained changes in resource consumption or network bandwidth is one way to stop cryptojackers. Cryptocurrency mining consumes vast amounts of CPU — hence why attackers want to mine on other people’s infrastructure — so sudden changes in usage could be a sign that someone is mining Bitcoin on your business’s dime.
(Prefer the friendlier side of crypto? Check out these blockchain/Web 3 conferences.)
#2: Software supply chain
Most types of cyberattacks allow intruders to break into just one business’s network at a time. But software supply chain attacks offer them the ability to compromise a number of targets through just one attack. That’s what happened in the SolarWinds breach of 2020, in which attackers inserted malicious code into a monitoring platform that is reportedly used by 425 of the companies on the Fortune 500 list.
This type of attack focuses on the software supply chain of businesses rather than targeting individual companies’ IT estates.
The bad news is that this is likely to continue until businesses become more adept at vetting the security of the “upstream” software platforms that they rely on. Beyond the SolarWinds attack, the fact that a professor was recently able to insert buggy code into the Linux kernel — a massively important platform that is also closely monitored by open-source programmers around the world — doesn’t instill a lot of confidence in developers’ ability to secure upstream code in either the open- or closed-source sides of the universe.
(To be clear: The mentioned Linux kernel hack was a deliberate experiment to test the susceptibility of the platform to malicious contributions. It did not result in any known security breaches, but it still proves the point about weaknesses in the software supply chain.)
The next major headline-grabbing cyberattack following the SolarWinds breach was the ransomware attack on the Colonial Pipeline, which highlighted just how vulnerable businesses (and their customers) remain to ransomware.
Indeed, although ransomware attacks have been occurring since the mid-2000s, businesses continue to be disturbingly susceptible to them. The attacks keep coming, and their costs keep rising. Ransomware is likely to remain a leading form of cyber threat until businesses prove to be more prepared with backups and other mitigation measures that make this type of attack less effective.
Distributed-Denial-of-Service (DDoS) is another category of attack that has existed for many years. In fact, the first known DDoS attack happened back when Windows 95 was new. Today, it remains stubbornly popular among threat actors. DDoS attacks increased in frequency by 31 percent in 2021, and there is no sign that they are slowing down.
A variety of services are available to help mitigate DDoS attacks. But most cost money, and implementing them can be complicated, especially for organizations that have complex IT architectures and can’t rely on a single provider’s anti-DDoS service across all of them.
But even without an anti-DDoS service, monitoring the network for sudden changes in activity that can’t be explained via other means is a very effective way to catch DDoS attacks early on, at which point they can often be shut down by blocking the source.
Phishing attacks also remain a prominent threat. In a phishing attack, intruders attempt to trick employees, customers or other stakeholders into handing over sensitive information.
Many businesses have become skilled at defending against conventional phishing attacks, which tended to involve emails filled with grammatical errors that were easy to filter. The bad news, however, is that the bad guys have gotten better and better at phishing. They now use tricks like
- Inserting QR codes that lead to malicious sites
- Setting up fake virtual meetings
The increasing sophistication of phishing attacks means that businesses need to become equally creative and dynamic in their defense efforts, which hinge both on educating end-users about phishing risks and deploying automated tools to detect phishing efforts.
Cyberattacks can be stopped
From cryptojacking and ransomware to complicated phishing attacks and beyond, IT and security teams face a variety of widespread cyberthreats today. The good news is that effective methods are available, like cyber kill chains and security frameworks, for identifying and containing all these attacks.
Importantly, these approaches require planning and foresight to ensure that businesses are prepared to react before they are fully breached.
What is Splunk?
This post was written by Chris Tozzi. Chris has worked as a journalist and Linux systems administrator. He has particular interests in open source, agile infrastructure and networking. He is Senior Editor of content and a DevOps Analyst at Fixate IO. His book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published in 2017.
This posting does not necessarily represent Splunk's position, strategies or opinion.