Most Favourable Cyber Security Trends In 2022.

When the whole world had to stay at home in 2020, most companies had to implement telecommuting and focused on providing solutions to their employees so that they can perform their tasks using online tools. This work model – new for many – was very effective, as employees found in this modality a better balance between personal and work life by saving time and money in traveling to an office. In addition, many managers were surprised to see not only that productivity did not plummet, but in many cases it increased.

In 2021 it has become clear that remote work is here to stay. According to a survey carried out by ESET in Latin America, 70.5% of workers are concerned about cybersecurity more than before and 91% of companies have had to digitize critical processes. However, 30% of those surveyed believe that their company is not better prepared to face today’s threats. In fact, 77% of those surveyed use their personal equipment to work and 57% were not provided with the necessary security tools to carry out their work from home.

If we review what tools companies have adopted, only 30% use solutions that are basic for remote access protection, such as two-step authentication or a VPN connection, and only 52% have completed security training for telecommuters.

The hybrid work model and the challenges for companies

In this context and with many organizations “returning to normality” it seems that the path proposed by the “hybrid” work model is being the most traveled. In fact, 55.4% of workers who return to face-to-face do so for just a few days, being able to divide their week between the days they work from home and the days they go to the office.

While it stands to reason that with all the time that has elapsed, organizations will be better prepared for telecommuting than they were in early 2020, the leaders of many organizations still admit that they are still unclear on the scope and impact of the hybrid work model.

The biggest challenge it presents is that it significantly expands the attack surface, which means higher risk. First, the migration to the cloud and the adoption of software and infrastructure as a service provides cybercriminals with more opportunities to target in the form of misconfigured accounts and systems, weak passwords and vulnerabilities. On the other hand, remote users will no longer only work from their homes, but will be able to resort to bars and public places, so they will be connecting from insecure networks and taking their equipment from here to there. Finally, many companies have gone from their own office spaces to shared “coworking” spaces, in which there is no longer a controlled physical access perimeter, but rather many people can have access to the workspace, devices, network and users.

Phishing and the human factor as a key element

As we have already mentioned on other occasions, cybercriminals have taken advantage of the health crisis from the beginning to launch phishing campaigns and deceive users. As revealed by Google , in April 2020 it blocked more than 240 million daily spam messages that took advantage of all kinds of excuses related to COVID and 18 million phishing emails with malware.

Remote workers are also exposed to distractions at home that can lead them to click on malicious links. Additionally, being physically alone at work encourages people to click on links that they probably wouldn’t open if they were working in an office with a colleague next door.

During 2020, twice as many phishing emails were detected in Latin America alone than in 2019; and so far in 2021 the number of detections doubled again compared to 2020. In addition, in 2021 more than 2.1 million unique files related to phishing campaigns were detected, 31% more than in 2020 and 132% more than in 2019 .

n addition to emails, many deceptions and threats are spread through WhatsApp and we have seen a wide variety of topics that have been used in recent months, such as financial aid impersonating a legitimate body, false awards on behalf of recognized brands , etc. However, in the very near future we will probably start to see increasingly advanced and difficult to detect hoaxes, powered by the use of machine learning technologies.

Currently, machine learning is being used to know the behavior patterns of users and design commercial campaigns using ‘AI’ software available to everyone, so it would be very naive to think that cybercriminals are not using it, for example , to better know its victims and identify the best moment in which to carry out an attack. Or even use Deep Fakes applications to impersonate company employees or even imitate the voice of senior managers .

Technological challenges for companies

During 2020, there was a lot of talk about the issue of the technological infrastructure necessary to work remotely and securely , since it has been complex for many organizations and with the adoption of a hybrid model it is even more so.

As the infrastructure grows and encompasses not only own equipment but also cloud services , VPN networks and more and more applications to communicate and access information, the number of possible security breaches grows. During the pandemic, significant zero day vulnerabilities were discovered in VPN services, platforms such as Zoom, and other applications offered as software as a service (SaaS) that could have allowed attackers to take control remotely. of users’ devices.

The need for remote access increased the use of web applications, which led to an increase in attacks on these platforms and that, according to a Verizon report , 20% of information leaks were due to attacks on web applications. In addition, attacks on remote access protocols such as SMB and RDP grew; in fact, ESET reported a 768% increase in attacks targeting RDP in Q3 2020 .

With regard to Latin America, among the most detected exploits in the region are those that exploit vulnerabilities such as CVE-2012-0143 (with 70% of exploit detections), CVE-2017-11882 and CVE-2017- 0144 (corresponding to the Double Pulsar exploit). In all three cases, these security flaws allow the attacker to take control of the affected system. However, what is most striking is that these are known vulnerabilities (since 2017 and even 2012) and that have security patches published years ago. This indicates the lack of updates that occurs in Latin America. In many cases this is due to the use of outdated software, mismanagement, or worse, the use of pirated software. Whatever the reason, unfortunately it is a trend that we see difficult to reverse in the short term.

What will happen to the ransomware

On the other hand, ransomware continues to be one of the biggest concerns for companies in the region . However, according to ESET telemetry data, 2021 has been the year with the fewest ransomware detections compared to the previous six years. Is this good news? In fact, if we analyze the number of hashes (or unique ransomware samples) detected year after year, we see that these have been increasing considerably. This shows how cybercriminals changed the focus of their attacks and migrated from massive campaigns to targeted operations.

Since ransomware no longer only encrypts the information on the compromised computer, but also steals it and exfiltrates data to extort and put more pressure on the victims to pay the ransom, it is logical to think that they will continue to target specific objectives that they have valuable information.

In Latin America, Peru is the country with the highest number of Ransomware detections, with 23% of detections in the region. Argentina, for its part, is the country in which the largest increase in the number of detected ransomware families was recorded. Between the first and second four months of 2021 the number of families grew by 54% and from ESET we project an increase of 43% by the end of 2021.

It is worth mentioning that some countries in Latin America have joined international initiatives that emerged this year with the aim of fighting to combat the accelerated advance of ransomware and the great impact it has been having on a global level. While ransomware activity remains significant , collaborative work between security forces in various countries has led to the closure of some very active groups in recent times and gives some hope that the situation may change.

Finally, brute force attacks have once again become a favorite among cybercriminals. This is mainly due to the large number of computers that have been published to the Internet during the pandemic, especially exposing services such as Remote Desktop. According to ESET telemetry, detections of brute force attacks on RDP clients have increased exponentially since April of this year and have grown by 32% in Latin America during 2021.

This situation is even more complex if we consider that, according to the Shodan search engine , there are more than 151 thousand computers with port 3389 (corresponding to RDP) published on the Internet in Latin America. Many even have multiple users available to try different password combinations. Unless organizations start taking steps to protect remote access , for example through two-step authentication, this trend is unlikely to reverse in the coming months.

Underground Markets: An Accelerator of the Cybercrime Business

We have known for years that cybercrime is a millionaire business , where malicious actors not only exchange information, but also have a wide network for the sale of all kinds of malicious tools and services.

According to the data collected by the Digital Shadows company, after analyzing around 150 million sites from both anonymous networks and the traditional Internet, more than 1 million trading markets were found on the deep web, including those destined for the malware trade. as well as the trafficking of illegal products. More than 20 million forums for the exchange of information, tactics and methodologies from the world of cybercrime were also discovered, on the deep and superficial internet.

When it comes to putting this information into perspective with the number of sites registered within the Onion network, we have seen an increase in recent years, growing even faster than the number of users actually accessing them.

One of the main players in the underground markets and the deep web is malware as a service (MaaS), in which ransomware as a service (RaaS) stands out. Here, those who develop the malware are not in charge of distributing it, but rather seek to recruit affiliates to take care of its distribution and in return offer to divide the profits they obtain by paying the ransoms. This business model, in combination with the attackers’ pursuit of attractive targets, has companies from all types of industries globally in its sights.

While ransomware-as-a-service is not new, and neither is the commercialization of malware in general, there is a trend that consolidated in 2021 and is likely to continue in the near future: there are no longer just a few bands of ransomware carrying out major attacks, Rather, the scene has diversified and today there are many groups that have uniquely designed threats, in addition to the fact that the historical groups persecuted by the international security forces are completely reinventing themselves to continue their actions.

Lastly, many of these illegal markets are no longer even found on the dark web and are even available on Telegram groups. So far this year, there has been an increase of more than 100% in the use of the messaging platform by cybercriminals . Links to Telegram groups that were shared within dark web forums went from just over 170 thousand in 2020 to over one million in 2021. That is, with the advancement of customizable threat services from the web and the selling information and services through messaging apps, it is less and less necessary to have great technical knowledge to carry out a cyberattack, which facilitates the proliferation of cybercriminals more easily.

Fraud around crypto assets will continue to increase

In addition to the challenges associated with remote work, it is worth mentioning that new technologies, especially those that are more ‘fashionable’, will undoubtedly be the target of deception. Such is the case of NFTs , also known as non-fungible tokens, which are non-exchangeable units of data that are stored on the blockchain.and that allow converting digital items into unique and unrepeatable, whose property can be demonstrated, transforming them into valuable items that can be marketed. These NFT tokens are already used in the art world, in collectibles and even in video games. The sales volume of these items went from more than US $ 15,289 million in early 2020 to more than US $ 2,021 billion in 2021. Therefore, as the NFT market continues to grow, cybercriminals will start to take an interest in them. Soon we will be seeing more and more scams associated with the purchase and sale of these assets, as well as malicious software that seeks to obtain these digital assets.

All is not lost, what is the future of cybersecurity?

First, it is essential that organizations in the region improve their security management. For example, migrating towards Zero Trust management . This model, unlike the approach focused on perimeter security that is based on the premise of trust and verify, Zero Trust starts from the idea that, by default, organizations should never trust any internal or external entity that enters their perimeter and hence its name. Considering that hybrid work increased the attack surface, you cannot put all your security assets at the perimeter and then trust everything within it.

The good news is that the change towards this type of management does not require a great effort. In fact, you may already be using many of the tools and techniques necessary to start implementing Zero Trust, such as access controls based on the principle of least privilege , asset management and information classification, network segmentation, among others. To these controls it is enough to add a crucial layer: automation and orchestration; and visibility and analysis. These integrate all the defense-in-depth controls necessary to support Zero Trust.

Second, the implementation of powerful technologies such as blockchain and machine learning for cybersecurity are key to face the current threat landscape, and those to come.

The blockchain or chain of blocks is like a scribe’s book. What is written on the blockchain is settled and certified and the integrity and availability of the information is guaranteed. If that content is also encrypted, its confidentiality is guaranteed. This unique and unalterable record is distributed in several nodes of a network where each block stores information about that block, about valid transactions, and how it is linked to the previous and next blocks.

Although the use of blockchain is strongly associated with cryptocurrencies, this technology can be used for other types of digital assets, such as NFTs, financial transactions, safeguarding confidential critical information (such as medical records, documentation, etc.) and even systems of electronic voting. In fact, blockchain-based security is already being used for the protection of mobile devices and IoT, leading to a new concept, the “ Encryption of things ”. Undoubtedly, this technology will be essential to guarantee the availability, integrity and confidentiality of the information in the coming years.

For its part, machine learning has been established as a means to fight against cyber threats. Cyber ​​attacks are not stable, as cybercriminals improve their techniques and tools all the time and threats evolve. In this context, machine learning is definitely an ideal tool to combat them, given its adaptive and learning capabilities. This technology can be used, for example, to detect online fraud in real time, find zero-day vulnerabilities or even detect fake news and even deepfakes. In addition, it is widely used to detect malware, as a trained algorithm is capable of automatically detecting and mitigating malware samples, even new ones never seen before. In fact, ESET’s machine learning engine, called Augur,It is responsible for 37% of malicious code detections globally. If we consider that the ESET laboratory receives more than 450,000 new samples of malicious code per day, it is essential to have this type of technology to deal with this volume of threats.

“As the world becomes increasingly interconnected, everyone shares the responsibility to protect cyberspace.” – Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness.

If we think about the ‘new normal’ that we are already going through, many of the technological habits adopted last year will continue to be part of our day to day. The comfort of working or studying from home, the increased use of technology to streamline procedures or even consult a doctor have become daily activities. Threats, however, will follow this same path, increasingly targeting technologies. In this sense, security solutions with the new paradigms are already challenging all of us who use the digital world.

Leave a Reply

Your email address will not be published. Required fields are marked *