Believe it or not, we are now halfway through 2022. Where has the time gone? Before we know it, we’ll be talking about Thanksgiving and Christmas. But right now, let’s pause, take stock of where we’ve been and make some educated guesses as to where we are headed in cybersecurity for the second half of 2022.
Ransomware is still on the rampage
Some estimates point to a business falling victim to ransomware every 14 seconds. Educational institutions, medical facilities and government offices continue to lead the way as key targets for ransomware attacks.
“Hackers will stick with what works and as long as there is a perceived pay-off, this will continue,” says Kirk Justice, a cybersecurity analyst in Atlanta, Georgia. “I don’t foresee a slow-down in ransomware in the last half of 2022. Instead, I see it getting worse, as the war in Ukraine grinds on and the U.S. economy remains weak. Hackers will prey upon world events or anxieties for well-crafted ransomware attacks.”
Expanding attack surface create opportunity for MSPs
Yet, what is bad for businesses can be good for MSPs. “There’s a lot more that needs to be protected now days,” Justice suggests. “Most businesses simply don’t have the staff to police every vulnerability, so outsourcing to an MSP makes sense.”
According to researchers, IoT devices experience an average of 5,200 attacks per month. The fact that a majority of new IoT devices are still in their infancy means there is a much larger attack surface for cybercriminals to target the vulnerabilities associated with them.
“The proliferation of IoT devices is going to accelerate in the last six months of 2022, and that means the number of attack vectors will climb also,” Justice warns. He advises MSPs to continue to audit every connected device that comes into the office and check the security.
“Cybersecurity standards have lagged on most devices, leaving a gaping security hole,” Justice says.
Social engineering attacks compound the problem
“People are social animals, and they put their lives online, making easy pickings for hackers who are becoming increasingly sophisticated at scraping information and then crafting it into a believable social engineering attack,” Justice explains. “And despite the warnings, people continue to post their lives online for all to see.”
This is leading to an increase in social engineering attacks, which go hand-in-hand with ransomware. Justice advises MSPs to continue doubling down on social media’s dangers and the role it plays in social engineering attacks as part of regular training.
Old is new again with phone fraud
Yes, it is 2022, and we are talking about…. the telephone. This is a perfect example of what is old is new again. Phone fraud via email blends several hacker tools and is gaining popularity. This type of attack is a sophisticated scam where the scammer sends an email to the target, asking the target to call them. In the second half of 2021, those attacks increased by 10 percent.
Medical establishments, insurance companies and some law offices seem especially vulnerable to these attacks. For example, according to a new cybersecurity report from San Francisco-based Abnormal Security, medical industries and insurance companies had a 45 to 60 percent chance of being the target of a phone fraud attack via email.
“Anecdotally, it appears these attacks are ramping up in 2022, and I expect them to grab some headlines in the final half of this year,” says Justice. “People just feel very comfortable around the phone and aren’t using it with a cybersecurity mindset. That must change, and the phone must be viewed with the same suspicion as other devices. MSPs especially must see it as being as much of a threat as an unprotected computer.”
Vigilance against state-sponsored attacks is crucial
State-sponsored attacks can be the most harmful of cyber-attacks, and MSPs with portfolios that include critical infrastructure need to be especially vigilant.
“Let’s face it, we have a war in Europe, we have mid-term elections coming up in the United States, we have tension between China and Taiwan, the world is a dangerous place and never has the risk of a state-sponsored actor unleashing its cyber-fury on another country been higher,” Justice warns. “I’d not be surprised at all to see attacks on some of our critical infrastructure happen in the final half of this year.”
So, MSPs, buckle up, watch these trends, and prepare for a second half of 2022 that is anything but dull from a cybersecurity standpoint.
Photo: Blue Planet Studio / Shutterstock