Five threats that will drive the 2022 cybercrime economy

by Jeff Pracht ([email protected]) 1,185 views 

The 2022 cybercrime economy is now worth at least $1.2 trillion, according to economists. That makes it the 15th largest economy in the world, by International Monetary Fund estimates. It generates more profits than the combined global trade in all illegal drugs.

Here are five threats that will drive the cybercrime economy in 2022:

Ransomware will remain a top threat
Ransomware continues to be the engine driving cybercrime growth. Security firms say 2021 was a record year for ransomware with more than 700 million attacks, a 130% increase over 2020. Industry analysts are in near-universal agreement that ransomware attacks will become even more frequent, sophisticated and costly in 2022. Although critical infrastructure, state and local governments and healthcare organizations are key targets, no business is safe. Ransomware-as-a-Service makes it easy for unsophisticated criminals to attack small to midsize businesses (SMBs).

Cryptojacking will become more prevalent
Cryptojacking skyrocketed in 2021 in conjunction with the growth of the cryptocurrency market, with one report saying the threat increased 400% compared to 2020. In a cryptojacking attack, cybercriminals install malware that secretly uses the victim’s computer to mine cryptocurrency. The malware often goes undetected because it impersonates other types of files. Although cryptojacking malware doesn’t usually steal data or cause noticeable disruption, it consumes system resources and network bandwidth, affecting performance. And security analysts are warning that the malware increasingly comes with malicious payloads that do compromise systems.

The log4j flaw will take the entire year (or more) to fix
In December, security researchers discovered that attackers are able to exploit a flaw in the open-source log4j logging library for Java applications. Although it sounds obscure, log4j is used in billions of devices, so the problem is one of potentially catastrophic proportions. The flaw enables an attacker to store malicious code in log files, then use the compromised device to launch other attacks. Fixing the problem in Java apps that use log4j directly can be as simple as updating to the latest version. However, many apps call log4j indirectly through other libraries, making them more difficult to identify and update.

Supply chain attacks will keep security experts up at night
Microsoft says the Russia-linked hacker group Nobelium — which launched the SolarWinds attack in 2020 — has been targeting the global technology supply chain since May 2021. This time, the group is targeting resellers and technology service providers. Supply chain attacks, such as the SolarWinds and Kaseya hacks, are especially serious because they can impact hundreds or thousands of companies downstream from the initial victim. Increasingly, these attackers are targeting cloud resources, which could have a devastating impact. In many cases, the groups behind these sophisticated attacks are funded by adversarial nation-states.

Cloud resources will come under fire
Nation-state actors aren’t the only cybercriminals looking to take advantage of cloud vulnerabilities. Cloud misconfigurations, inadequate identity management and authentication practices, unpatched systems and applications, and other security weaknesses have left many cloud resources open to attack. As more companies migrate applications and data to the cloud to support remote work models, cloud attacks are expected to rise. In a recent survey by IDC, 98% of respondents said they had experienced at least one cloud security breach within the previous 18 months.

A qualified managed security services provider (MSSP) can perform a thorough assessment of your cybersecurity environment, identify gaps and vulnerabilities, and help you develop a plan for protecting against these attacks. With the cybercrime economy expected to grow in 2022, now’s the time to take steps to improve your security posture.

Editor’s note: Jeff Pracht is an IT Business Development Manager at Mainstream Technologies. The opinions expressed are those of the author.