New Year ! New Threat Landscape ! Beware
There’s no way to put it nicely: cybercrime just continues to get worse as we become increasingly connected. 2020 was a banner year for ransomware and by all accounts, it’s almost certain that 2021 will top it. And as we move into 2022, not only do defenders need to put more scrutiny on the attack vectors they’re already focused on, but now they will need to expand that view to new targets.
While the sky just may be the limit , when it comes to cybercriminals, three key areas where we expect to see more activity in the coming year are space, digital wallets and esports.
The sky absolutely the limit !
As satellite-based internet access continues to grow, researchers expect to see new POC of threats targeting satellite networks. New low earth orbit (LEO) satellite systems have become a viable option not just for remote users but for more mainstream business customers as they become faster and increasingly less expensive.
These systems represent a viable option for attackers,they will target organizations that rely on satellite-based connectivity. These activities include online gaming or delivering critical services to remote locations, pipelines, field offices or cruises and airlines. This will also expand the potential attack surface as organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their portfolio of interconnected environments.
New attack types are already surfacing. ICARUS is a POC DDoS attack that uses direct global accessibility to satellites to launch attacks from numerous locations. Every satellite, and its base stations, is a potential network entry point. And there will be millions of terminals from which to launch an attack. Living-off-the-edge tactics will soon expand to include LEO satellite networks.
Game on for cybercriminals
The gaming industry is booming; it’s predicted to bring in more than $1 billion in revenue this year. Esports are organized, multiplayer video gaming competitions, often involving professional players and teams. Since they require constant connectivity and are often played out of inconsistently secured home networks or in situations with large amounts of open Wi-Fi access, they make an inviting target for cybercriminals. The real threat risk will be the platforms and infrastructure itself. Attack types include ransomware, financial and transactional theft, DDoS or social engineering attacks. Given their rate of growth and increasing interest, esports and online gaming are likely to be significant attack targets in 2022.
Financial institutions now encrypt transactions and require MFA. But digital wallets are still a fairly nascent technology and one that’s often less secure and less regulated. Individual wallets don’t have as big a payoff usually, but as more businesses start to use digital wallets as currency for online transactions, that won’t always be the case. More malware will get designed specifically to target stored credentials and to drain digital wallets.
A new phishing threat documented that uses a phony Amazon gift card generator to steal cryptocurrency. This malware monitors the victim’s clipboard for wallet addresses and replaces them with the attacker’s wallet. It also uses false documents to lure victims into potentially giving out confidential information like home addresses, credentials for online shopping sites and credit card numbers.
A new phishing campaign that included malware designed to steal crypto wallet information and credentials from a victim’s infected device. ElectroRAT is another new tool targeting digital wallets. It combines social engineering with custom crypto applications and a new Remote Access Trojan targeting multiple operating systems, including Windows, macOS and Linux.
Cyber criminals continue to expand their targets to everything and anything even satellite connections. Protecting assets from these new attacks requires an integrated and comprehensive security strategy. Point products must be exchanged for security devices designed to interoperate as a unified solution regardless of where they are deployed.
They need to defend application, device and user with a unified policy that can follow data and transactions from end to end. Centralized management will also help ensure consistent enforcement of policies, prompt delivery of configurations and updates, and central collection and configuration of suspicious events that may occur anywhere across the network including to, between and within cloud environments.