Partners need to be on the lookout for these key cyberthreat trends to ensure their customers are protected.

Sophos Guest Blogger

December 3, 2021

3 Min Read
cyberthreats
Getty Images

Cyberthreats targeting businesses, such as ransomware, ruled the roost in 2021. And, according to a new Sophos report on the developments and trends that will impact next year’s cyberthreat landscape, things are only going to heat up in 2022.

Partners will need to be on the lookout for these key trends in the coming year to ensure their customers are protected.

Service-based approach changes the ransomware landscape.

Ransomware-as-a-service (RaaS) offerings leasing attack code and infrastructure, often accompanied by attack “playbooks” to affiliates, took a larger share of the ransomware landscape in 2021. Attacks previously were carried out by one ransomware group, but RaaS has changed the process. RaaS enables those who develop original ransomware code to lease it to affiliate customers and initial access brokers (IABs), who locate potential victims and implement attacks to hold data hostage.

Some of the most noteworthy ransomware attacks of the year, like the Colonial Pipeline breach, were executed by RaaS-enabled groups. The more this RaaS trend continues, the more the size and scope of ransomware delivery methods will grow, so partners need to be on the lookout.

Ransomware attacks involving extortion and other “pressure to pay” tactics are becoming more popular.

Sophos researchers expect that ransomware attacks will increasingly be accompanied by additional measures designed to increase pressure on the victim to pay the ransom. Attackers will use pressure tactics such as data theft, threatening phone calls or emails, and distributed denial of service (DDoS) attacks to make life difficult for victims.

Attackers will also continue to use commodity malware such as loaders, droppers and increasingly advanced human-operated IABs to target and deliver ransomware to victims. They will also continue to abuse commercial penetration-testing tools to implement their attacks.

It is likely that, in 2022, attacks will continue to increase in intensity and range, and partners must be devoted to constantly monitoring legitimate tool abuse and malicious breaches in their networks. Both sophisticated and lesser-skilled cyber criminals are jumping on reported vulnerabilities faster than ever before, meaning a robust approach to patching and a layered defense strategy is crucial for the upcoming year.

Cryptocurrency will supply momentum for malicious cryptomining and ransomware.

Without improved regulation, cryptocurrency will continue to drive cryptomining and ransomware in the coming years as attackers continue to extract ransoms from their victims in cryptocurrencies like bitcoin. The United States took its first step in passing an infrastructure bill aimed at regulating crypto exchanges, but until it takes effect in 2023, the use of crypto exchanges will increase for at least another year. Governments worldwide need to introduce new regulations to eliminate ransom payments flowing through crypto exchanges.

AI will be increasingly leveraged to drive cyberattacks.

AI-driven cyberattacks are likely still a few years out, but they are not far enough out of sight for partners to ignore. AI is set to take on a bigger role in cyberattacks, enabling attacks ranging from fake social media accounts and watering-hole attacks to spoof phishing emails and, eventually, utilizing deepfake voice synthesis tech.

To stay a step ahead of next year’s cyberthreat landscape, here are some tips for partners to focus on:

  • Help customers increase employee IT security hygiene and education, to ensure everyone is equally adept at spotting and flagging a phishing attempt and is using multi-factor authentication protocols for secure logins.

  • Constantly monitor abuse of legitimate tools–including suspicious combinations of legitimate tools–with the same frequency you would scan for malicious breaches into a network.

  • Ensure that customers deploy, in tandem, anti-ransomware software, layered protection technologies and human-led expert threat hunting teams, to cover all potential vulnerabilities and points of entry into your network.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like