Top attack trends every organization should build resilience against

Expel announced the release of the cybersecurity trends and predictions for 2022. Based on aggregated data from its security operations center (SOC), the report provides insights on the biggest cybersecurity threats, practical recommendations on how to handle them, and predictions on what to expect in the year ahead.

Supply chain and ransomware attacks hogged headlines in 2021, and the year concluded with security practitioners scrambling to guard against the Log4j vulnerability exploit that put hundreds of millions of devices at risk.

The report highlights the four top attack trends that every organization should build resilience against: business email compromise (BEC), ransomware, supply chain targeting, and cryptojacking.

2022 cybersecurity trends and predictions

• BEC: This type of attack is still public enemy number one. Fifty percent of incidents in 2021 were BEC attempts. And security analysts have spotted a trend: SaaS apps are becoming the top target.
• Ransomware: Groups like the REvil gang spurred a record high for ransomware attacks in 2021 – and they’re targeting end-users. Ninety percent of ransomware incidents used a “self-installation” technique to gain initial entry.
• Supply chain targeting: Attacks like the Kaseya compromise got the world’s attention in 2021, and private citizens felt the impact of widespread supply chain attacks throughout the year. While these types of attacks aren’t going away soon, the Expel SOC spotted a common pattern that every organization can guard against.
• Cryptojacking: Exploitation of web apps to deploy cryptocurrency coin miners was the free Red Team the Internet needed in 2021. While the world focused on new vulnerabilities, these attackers exploited older, known vulnerabilities. This report is sounding the alarm: web apps are becoming top targets. Thirty-five percent of web app compromises resulted in deployment of a crypto miner.

“We’re seeing security operations centers and security operations in general become increasingly data-driven,” said Yanek Korff, COO of Expel.