February 22, 2022
Ransomware is escalating at a record pace. We have witnessed a tremendous surge just this past year. By mid-2021, the total amount of ransomware attacks had far surpassed 2020’s record-breaking numbers. Overall, an unprecedented total of 714 million ransomware attacks took place by the close of 2021, and it’s highly unlikely that this will slow down in 2022.
Ransomware attack vectors will increase in 2022.
Increased exploitation of vulnerabilities will be expected in 2022, meaning more endpoint resource hijacking through malware and data theft, from higher levels of attacker persistence. Most breaches succeed by exploiting vulnerabilities for which a patch was available, but not applied. Effective ransomware attacks commonly target weak passwords, phishing emails, and lack of employee education.
With phishing making up the largest attack vector last year, the rise of ransomware numbers is unlikely to slow down. New, sophisticated phishing methods are regularly reported, and with the continued reliance on hybrid work, vastly distributed workforces will need to be even more vigilant of email attacks. Despite policy makers attempting to address ransomware with new cybersecurity legislation, without focusing on the basics, ransomware is likely to rise.
Malware variants will increase in 2022.
As leaders seek to implement measures to resist the rampant rise of ransomware, the diversification of malware variants is likely to surge next year as cyber criminals adapt to overcome increased legislation against them. Despite movements to secure cyber infrastructures, the US has witnessed a 127% year-to-date increase. On top of this, we’ve discovered 307,516 never-before-seen malware variants (+73%) during the first three quarters of 2021. One of the main reasons ransomware operators are launching more attacks is due to the increased likelihood that their sophisticated techniques will pay off. This is a trend that will continue into 2022.
Cyberattacks on governments will increase in 2022.
By an overwhelming margin, the most commonly targeted sector in 2021 was the government, with attack numbers tripling from 2020’s high point. Each month in 2021, there were more ransomware hits on the government and public sector than any other industry. By June, government bodies were getting hit with roughly 10x more ransomware attempts than average, with constant APT activity causing chaos in incidents like the Colonial Pipeline attack. With much discussion of new cybersecurity legislation around the world recently, governments will continue to be a target for hackers to aggressively pursue.
Cyber insurance premiums will increase in 2022.
More and more organizations are choosing to obtain cyber insurance to shield themselves from the impact of potential attacks. As these policies generally cover the payment of ransoms, policyholders faced with a ransomware attack can pay the ransom and obtain decryption while still avoiding the risk and hardship that comes with making a huge payment to criminals. While this can seem beneficial for insurers, victims, and ransomware operators in the short term, this strategy isn’t sustainable. As victims continue to pay what’s demanded of them, cyber criminals have continued making bigger and bigger demands. Alongside the rise of attacks, it seems likely this trend will persist, eventually making losses unsustainable for insurance companies. Consequently, 2022 is likely to see the re-evaluation of current cyber insurance schemes to overcome this.
As threat actors become smarter at implementing new methods and exploiting widening security gaps left by hybrid working, it is crucial going into 2022 that organizations and governments look at revolutionizing modern dynamic cyber security approaches to protect against both known and unknown threats – particularly when everyone is more remote, more mobile, and less secure than ever before. Rimstorm can play an important role in this regard. Contact us today to learn how.