It’s the Christmas list that no one wants: from phishing to APIs to the Internet of Things, it could be a bleak midwinter if your business has to deal with anything from this naughty list!
Threat actors are continuously leveraging new ways to increase their attack surface in exchange for higher success rates. Threat actors include nation-state actors, advanced persistent threats (APTs), hacktivists, organised crime, and insider threats.
Each have varying motivations for targeting an organisation, ranging from disruption, financial gain, and political reasons.
Although they have differing motivations, there are more than often commonalities in the attack vectors used. SecurityAffairs have compiled a list of the top five attack vectors to look out for in 2022. They are:
Threat actors are continuously searching for better ways to ensure the success rate of a cyber-attack. To achieve this, they will often employ new attack methods or leverage existing exploits which may be reliant on vulnerable technology or social engineering tactics.
Phishing is expected to continue to be the top attack vector in 2022. Phishing techniques are known to use social engineering to manipulate victims into taking action that they wouldn’t normally take, with the end goal of compromising a network or gaining access to sensitive data. The most common form of phishing is email, often using manipulation techniques to trick recipients into providing sensitive information, such as login credentials or bank details.
In second place is stolen credentials. A 2021 report on data breaches by Verizon identified that stolen credentials were the initial attack vector used in 61% of all breaches. Threat actors can purchase bulk lists of stolen credentials from DarkWeb forums to target organisations.
Data breaches often stem from poor password hygiene and access management controls. Employees regularly re-use passwords across multiple applications and services, increasing the risk of further compromise.
API (Application Programming Interfaces) exploits is in third place. APIs are now a significant way for organisations to integrate their applications and services with other resources within the digital realm by facilitating communication between different apps and services via third party vendors.
Traditional security tactics cannot detect API attacks, so organisations remain at higher risk of a breach or data exfiltration via API technology.
In fourth place is remote technology, given the recent increase in the use of remote access technology, organisations are now heavily reliant on a hybrid workforce which places greater strain on protecting networks and systems, with threat actors seeking to exploit Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) connections.
A report by Malwarebytes found that 20% of organisations experienced a security breach due to remote work.
Finally, in fifth place is Internet of Things (IoT) devices. Many organisations don’t have clear visibility of their IoT devices, and it is very common for IoT products to use default credentials that threat actors can either easily guess or access websites like Shodan.io or the Google Hacking database to identify lists of vulnerable devices with publicly known access credentials. An attack on an IoT device could also be the initial entry point into a wider network and could lead into further activities such as the installation of ransomware.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to firstname.lastname@example.org. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).