Cyberattacks: how 2022 is measuring up against 2021

The threat of a data breach at a company is ever-present and IT professionals are only too aware of this. In fact, nearly two-thirds of CIOs plan on increasing spending on cybersecurity in 2022 to tackle potential attacks.

With businesses storing more and more customer and operational data on the cloud, hackers have more targets than ever, and how they take advantage of vulnerabilities is changing. To help you understand the landscape of online security, we’re going to look at:

  • Cybersecurity trends in 2021
  • Trends for cybersecurity in the coming year
  • How to protect you and your business

Cybersecurity trends in 2021

Online security has come a long way from the days of the ILOVEYOU worm back at the turn of the century. While some of the standard online advice still stands – like to keep your OS up to date and to be wary of anything too good to be true – the internet is a much more advanced place now.

2021 saw a slew of corporate-level attacks with trends towards:

  • Ransomware
  • Supply chain disruption
  • Stealing trade secrets

Let’s check out some of the most notorious attacks in the previous year before we see how 2022 is shaping up.

SolarWinds

Although this hack began in 2020, the shockwaves were felt well into 2021. This Russian hack of a software provider was well hidden as an update and managed to expose government and corporate networks.

The attack has disrupted a range of networks and supply chains and is expected to have repercussions for years.

Microsoft Exchange

The hack of the Microsoft tool has been attributed to a Chinese group. Around 30,000 organizations had their details exposed and the main aim of the hack seemed to be to access business information.

After the software vulnerability was exposed, other groups went on to exploit it before Microsoft could get a handle on it – hacks can easily snowball.

REvil

In a more “traditional” ransomware attack, the REvil group hacked Qanta – an Apple supplier – and demanded $50 million. The group even went on to demand ransoms from Apple directly to stop them from leaking future design details.

Another huge 2021 cyberattack by the group targeted Kaseya, a tech management company. More than 1,500 businesses faced disruptions. The success of attacking managed service providers (MSPs) to get to bigger targets has since led to attempts to hack similar companies.

This group is prolific and successful – it’s estimated that they made a $123 million profit in 2020.

Colonial Pipeline

Showing that hacks can affect the real as well as the digital world, this hack took out the biggest pipeline in the USA. It’s another attack that has been attributed to a Russian group, and the ransomware they installed in the company systems netted them $4.4 million.

This move to target tangible infrastructure and not just the online realm is a warning to those working with the internet of things (IoT) to get your security sorted. Keeping all devices protected needs to be a priority; get Surfshark VPN installed on your connected electronics to keep them safe from attacks.

Log4j

First discovered at the tail end of 2021, the vulnerability exposed in the open-source logging software could have wide-ranging repercussions. It’s got the potential to embed malicious code across millions of software and the full implications probably still aren’t known.

What cyber attacks look like in 2022

While the online cold war has been raging for years, with Russian attacks on White House email servers in 2014 and 2015 as a notorious example, recent events have ramped up this cybersecurity touchpoint.

With the buildup of Russian troops and their subsequent invasion of Ukraine came an online strategy to disrupt security. An early 2022 example of a government hit was the attack on Global Affairs Canada. It may not be a direct hit in the wider war, but it was a shot across the bow in January.

The online war has intensified as events on the ground have become increasingly violent. Attacks have gone back and forth with Ukraine bringing down the Russian Stock Exchange at the end of February.

Away from the ongoing conflict, ransomware continues to be a worrying trend. Out of all the cyberattacks in February 2022, 14 out of 85 hacks were ransomware-based.

Hitting real-world supply lines continues to be an issue, taking cybercrime into the tangible space. An attack on a Norwegian newspaper halted presses for days at the start of the year and in February a ransomware attack against snacks company KP caused supermarket shortages of products.

Staying safe online in 2022

Much of what you know about preventing a cyberattack still stands. On a personal level, you need to make sure you:

  • Have an effective VPN installed
  • Keep your OS up to date
  • Use a firewall
  • Have data backups

If you’re an IT professional, there are other precautions you should be taking, such as having strong, relevant training for all system users, controlling and regularly auditing your systems access, and having end-point protection.

What are the next cyberattack trends?

With the first quarter of 2022 dominated by the war in Ukraine, it’s no surprise that attacks have taken a political spin. One of the most infamous hacker collectives – Anonymous – has even gone as far as declaring cyberwar on Russia.

Away from geopolitics, ransomware continues to be lucrative for cyberattackers and a shift towards disrupting on-the-ground operations may bring new challenges into the rest of the year. Add into that the long-term consequences of SolarWinds and log4j, and 2022 could be a very turbulent year in the realms of cybersecurity.