Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Tuesday, 11 January 2022 15:26

Why cybercrime will continue to flourish in 2022

By Pascal Geenens, director, threat intelligence at Radware
Pascal Geenens, director, threat intelligence at Radware Pascal Geenens, director, threat intelligence at Radware

GUEST OPINION: Cybercrime flourished in 2021, and there are no signs of a slowdown in 2022. There are several factors behind this high-confidence prediction.

Over recent years, organisations have quickened the pace at which they migrate applications to multiple clouds and leverage new software architectures to increase the agility and feature velocity of their application development.

According to my company’s The State of Web Application and API report, 70% of production web applications now run in cloud environments. This increase in distributed and hybrid infrastructure and application complexity is creating even more challenges for organisations in keeping the wide attack surfaces under control.

The report reveals that approximately one-third of respondents anticipate that their organisation’s most significant application security concern over the next two years will be maintaining a coherent security policy across heterogenous environments. Nearly as many respondents believe that their most significant concern will be gaining visibility into the security events impacting their organisation.

Despite the implementation of new security technologies, organisations continue to struggle maintaining visibility and consistency of security policies across the heterogenous collection of platforms, infrastructures, and technologies.

There are five key challenges for securing hybrid environments. These include emerging threat vectors, broader attack surfaces, agile software development and DevOps cultures that often leave security as a secondary priority, and multi-cloud deployments that convolute the implementation of coherent security policies. Many organisations have simply been unable to overcome all of these challenges.

Hackers for hire

Meanwhile, attackers have been organising their underground ecosystems and gathering followers from skilled hackers-for-hire and affiliates, who are happy to enjoy the profits of large extortion campaigns. For example, the Avaddon, SunCrypt and Ragnar Locker ransomware gangs have been known to use DDoS attacks to put additional pressure on their victims.

Ransomware groups regularly post messages to hire experts in domains such as backup technology, not to fix but to destroy, and conduct high-profile DDoS attacks. For example, cybercrime gang Lockbit was found to be posting ads to recruit affiliates, including Mēris botnet operators.

The incentives are large. A survey of 300 US based IT decision-makers found 83% of ransomware victims paid the ransom demand. And the demand for hacking skills and underground resources has been growing ever since ransomware operators began conducting successful campaigns.

With highly motivated threat actors looking for payments from organised cybercrime groups, attacks have shifted from automated to human operated attacks. Agari researchers determined that most leaked password reuse was done by humans and not automation. It is one thing to defend against automation, but far more difficult to defend against human intelligence and perseverance driven by multi-million-dollar payouts.

Because authorities around the world are making efforts to crack down on criminals and roll up parts of their organisations, criminals might be tempted to hit back where it hurts the most.

The attacker economy is currently out of balance with defenders' security budgets. There is little to no opportunity to take out the hacking economy by putting up more barriers and making it more costly and time consuming for attackers to breach organisations and infrastructures. These threat actors are sitting on a mountain of crypto gold. The US Treasury recently said that $5.2 billion in Bitcoin transactions can be tied to ransomware payments over the past two years.

In just one example, US travel services firm CWT Global paid a reported $4.5 million in July 2020 to the Ragnar Locker ransomware gang. A recent report from Unit 42 security consulting group indicated that the average ransomware payment increased 82% since 2020 to a record $570,000 in the first half of 2021. That increase follows a reported 171% increase over 2019.

Cybercrime here to stay

Even if the ransomware issue is resolved more quickly than expected, criminals will pivot and find new ways to monetise crime. The security community will have to be vigilant, and organisations will need to make considerable efforts to keep their attack surfaces under control.

Unfortunately, 2020 and 2021 brought in a new dawn for cybercrime and information security, and it’s not going away any time soon — certainly not in 2022.

Read 1584 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments