While most of the world dealt with the impact and disruption of year two of the Covid-19 pandemic, cybercriminals expanded their activities with ambitious attacks on critical infrastructure.
Armed with sophisticated and brute-force attack methods, threat actors continue to capitalise on the ongoing disruption of the pandemic and are leveraging the world’s shift to digital services to launch cyberattacks at an unprecedented scale.
Can we expect a more cyber-secure world in 2022, or will cybercrime continue to disrupt our increasingly digital workplaces and lifestyles? Mimecast global experts weigh in on their predictions for the year ahead, which include:
Social media & past breaches will come back to haunt us
Peter Bauer, Mimecast CEO, predicts: “After years of high-volume breaches combined with employees sharing excessively via social media, the trove of personal information and intelligence available to attackers is extraordinary and beyond disturbing. This will enable adversaries to craft even more convincing attacks. They will exploit the human layer aggressively, resulting in significant business disruptions and a corrosion of trust.”
In addition, the growing importance of business productivity suites, email and cloud communication services will continue to provide attackers with optimal channels to target their victims, demanding new strategies and tools from organisations and their security teams.
The pandemic will continue to change the cybersecurity game
The last two years have seen an acceleration in companies’ digital transformation efforts as they enabled hybrid work and explored new channels for reaching and serving customers.
However, the mass move to remote work has exposed security vulnerabilities many companies didn’t even know existed. Cybercriminals have also capitalised on employees’ psychological vulnerabilities through increasingly sophisticated and opportunistic social engineering campaigns.
“The widespread recognition that digital work can be done from anywhere combined with the shift in the global job market – most notably ‘The Great Resignation’ in the UK and US – will see global firms tapping into already-scarce South African cybersecurity skills in 2022,” says Brian Pinnock, senior director of sales engineering for EMEA at Mimecast.
The efficacy of cybersecurity policies will also come into sharp focus in the year ahead. “Most security vulnerabilities since the start of the pandemic have occurred because IT and cybersecurity teams failed to question the underlying assumptions behind their security policies.
“Mass digitisation has also resulted in a digital equivalent for most business components, but the risk mitigation that is so established in physical business processes are not yet evident in their digital twins. Cybersecurity teams will need to close that gap in 2022 to keep their businesses and users safe.”
Cybersecurity awareness training will also need to shift from an event to a culture embedded deep within the business. In Mimecast’s State of Email Security 2021 report, 52% of South African organisations said employee naiveté about cybersecurity is one of their greatest vulnerabilities, but nearly half (46%) admitted to only conducting cybersecurity awareness once per quarter (or even less frequently).
Ransomware will become a (lethal) service
Mimecast’s State of Ransomware Readiness research found that eight out of ten global organisations suffered a ransomware attack in the past two years, with more than a third opting to pay the ransom.
It’s a lucrative business for cybercriminals: the research found that South African victims of ransomware pay on average more than R3,2-million in ransom, although only a third of local companies get their data back after the payment.
A number of highly-publicised ransomware attacks on public sector systems in South Africa during 2021 have also highlighted the harmful impact of such attacks on the ability of the state to provide essential services.
The rise of ransomware-as-a-service is potentially arming more threat actors than ever before with dangerous cyberattack tools that could cause untold disruption and economic damage.
Jeremy Ventura, senior security strategist at Mimecast, predicts: “Ransomware-as-a-service will continue to expand and evolve causing detrimental effects for all organisations.
“As groups such as REvil come back online after their recent hiatus, we will see more hacker gangs joining this model to fly under the radar. The speed and scalability of the RaaS model will continue to advance which will lead to more severe attacks – resulting in the highest demands the world has ever seen.”
Lives could also be at risk. The emergence of “killware”, which involves attacks using ransomware or other malware to target critical systems, is worrying.
As Jonathan Miles, head of strategic intelligence at Mimecast, notes, it may be a matter of time before killware claims its first victims. “Interference with the signals to a braking system or changing medication dosages, for example, would potentially have devastating consequences in the calibration, structural integrity, and ultimately to the end user.”
Since attackers deploying killware are solely intent on causing harm and even death, the potential damage they can cause is immeasurable.
Impersonation attacks will put authenticity at the forefront
Mimecast’s State of Brand Protection 2021 report found that 94% of South African companies are concerned about counterfeit websites imitating their brands, while 73% of South African organisations had been made aware of a web or email spoofing attack using their domains.
An emerging threat is deepfake technology, which uses artificial intelligence and image processing to create fake images, and is advancing at an astonishing rate. While some of the uses of deepfake technology can be seen as innocent fun or parody – for example the Tom Cruise deepfakes that are popular on TikTok – it has the potential to be truly dangerous.
Elaine Lee, staff data scientist at Mimecast, predicts: “Malicious actors using deepfake technology could impersonate celebrities or even CEOs: what was once a clever phishing email supposedly from a senior management team member could now become a well-crafted video soliciting sensitive company or personal information.”
Organisations may need to implement new processes and even deploy new technologies to verify content and designate it with a certificate of authenticity. The use of DMARC and online brand protection services can also limit threat actors’ scope for impersonating brands online.