Ransomware – intensifying cybercrime trend in 2022

Sophos analysts predict that ransomware will keep cybersecurity experts even more busy. All indications are that this will be blamed on the increasing popularity of cryptocurrencies and the growing information war.

Krakow, 10 January 2022 – According to a report by Sophos analysts, among all types of cyber attacks in 2022 ransomware and cryptojacking remain the most popular. Both of these techniques involve cryptocurrencies – in the first case they are obtained by hackers as ransom and in the second illegally dug into the victim’s device. Cybercriminals will exploit vulnerabilities more and more quickly in devices and systems to install malware. They will also gain in importance Techniques that can generate fake images and audio, which will be used m.in. in phishing attacks or disinformation campaigns.

Ransomware becoming more widely available

Last year, ransomware was responsible for as much as 79% of all incidents security. It is reasonable to assume that cybercriminals’ methods will be increasingly adapted in the coming years to deliver ransomware and cryptojacking code to victims’ devices. At the same time, attacks are becoming more diffuse and accessible to less experienced hackers. Malware creators are increasingly making malware available to third parties for a fee, for example. hacking into networks. The actions of individual groups in the coming months will give way more attacks conducted in a model Ransomware as a Service (RaaS).

More pressure to pay the ransom

In 2022, cybercriminals will developed methods of ransomware phishing from ransomware victims. Attackers stay in the infiltrated network for up to several days or weeks, and often have access to all company systems. So they are starting to take advantage of this time to search for and steal sensitive data. Once resources have been encrypted, they will demand a ransom under the threat of not only losing information, but also making documents, customer data or source code public. In fear of financial penalties, share price drops or legal consequences, many companies choose to pay the criminals. Methods of exerting pressure will be intensified, threatening phone calls to victims or additional harassment by means of DDoS (Distributed Denial of Service) attacks have already been observed.

Targeted but massive attacks

This year Hybrid attacks will also increase in popularity. So far criminals have used two methods. The first were shotgun attacks, in which they spammed as many people as possible or optimized the content of malicious websites for their search engine optimization (SEO) to target unsuspecting users. The second way was targeted attacks, aimed at a precisely chosen group of people, such as. The number of people affected by ransomware in a particular company or in a particular position. In 2022, there will be more and more attacks combining both methods – cybercriminals will try to “lure” as many victims as possible, but attack only those who meet specific criteria (e.g. working in customer service).

Fabricated videos and voice will aid in disinformation

In the coming years, criminals will also develop watering-hole attacks, exploiting advanced techniques to create fake images and audio. Fabricated videos or voices will be a powerful weapon used in phishing emails, disinformation campaigns and other social engineering activities. Systems based on artificial intelligence, such as OpenAI or Google AI, can already write working source code themselves. So it is only a matter of time when cybercriminals adapt neural networks to create malware. However, this technique also opens up new opportunities for. cyber-security – supercomputers can solve problems to protect IT environments currently considered insoluble.

Attack detection as important as prevention

The speed at which criminals are developing operations makes it crucial to blocking or slowing down attacks. Last December during the week Since the discovery of the Log4j vulnerability, Sophos analysts have noted several hundred thousand attempted attacks The vulnerability will be exploited in phishing attacks and campaigns. Even one infected device can give criminals access to the entire network and cripple a company’s operations. Those responsible for security will have to investigate all incidents, even seemingly insignificant ones, in order to quickly detect intruders on the web. Until now, security solutions focused primarily on stopping malicious code from being installed and executed on devices. In the coming years, they will be increasingly developed also in the direction of detecting the attack attempts themselves.