By Malcolm Tuck, Managing Director of ESET UK
Cyber threats impact individuals and organisations around the globe every day, and with cybercriminalsbecoming increasingly sophisticated year on year, businesses are left vulnerable to attack through many different avenues.
Tokeep businesses abreast ofthe mostcriticalthreatsthat they faceright now, we have taken a look at our own data to highlight the key trends impacting organisations and, using this data, predict the most significant threats we see in the months ahead. Our inaugural ESET Threat Intelligence Index highlights the most relevant findings for the UK market drawn from the more granular Threat Index Report produced by ESET three times a year.
Escalating conflict puts everyone at risk
The conflict in Ukraine is something that almost everybody will be familiar with, but its impacts are much further reaching than you may realise. In recent months, there has been a surge in nation-state cyber conflict, which has brought cybersecurity into the public consciousness much more than usual, raising anxieties about cyberattacks on a national level.
We already see hacker groups choosing sides and entering the cyber-battlefield guided by their sympathies. As geopolitical tensions remain high, countries whose governments actively support either Ukraine or Russia will likely be targeted with cyberattacks intended to disrupt, cause damage, and steal information.
The biggest threats to UK business
In the final three months of 2021, on average, ESET blocked 4.8 million web threats and 400,000 unique URLs daily, a rise of 2.6% from May-August 2021. The most frequent method was brute-force attacks, which use a systematic approach to break into accounts by calculating all possible combinations for passwords.
Another standardmethod seen in these months was the exploitation of the ProxyLogonVulnerability on the Microsoft Exchange Server. ProxyLogon, also known as pre-authenticated vulnerability,gives the attacker a way to avoid any authentication process or log in by impersonating an admin.
The pandemic’s influence on cyberattacks
The move to home working due tothe pandemic has brought about the emergence of Remote Desktop Protocol attacks, whichareused to specifically target employees using remote access tools from their own homes. Hackers take advantage of the weaker security associated with home networks and target remote endpoints, gaining access to the company’s networks.There were record-breaking 206 billion RDP password guessing attacks in the final third of 2021.
Let’s get serious…
While all cyberattacks impact the victim, some are more serious than others. Ransomware attacks continue to be as aggressive as ever, with 2021 seeing the highest ever ransom ultimatum of$240 million, more than triple the previous record.
The route chosen for the more serious attacks is often through email. We found that detection numbers of email threats more than doubledtoward the end of 2021. Email attacks oftenmimica well-knowncompany whose email would not come as a surprise to your inbox, and these phishingemailshave frequently used DHL and WeTransfer as a lure recently.
Looking to the future
The cyber landscapeis lookingincreasingly threatening,and in our report, we havemade a range of predictions about what 2022 may hold. We expect to see more opportunistic campaigns designed to harvest sensitive information from our increasingly connected world. And, as cybercriminals are always looking for new means of detection evasion, we can expect the attacks to become sneakier and sneakier.
The first key trend we anticipate is that the professionalism of ransomware attacks will continue to improve, giving the victimless opportunity to decrypt their data without paying the ransom.
One of the frequent crimes mentioned above, RDP attacks,ishere to stay along with our change in working style, giving companies constant pressure to make sure their hybrid working security protocols arerobust. Individuals will have to remain alert to what is coming into their email inboxes,as phishing is also going nowhere.
There is a high probability that bigger brands will be leveraged for attacks and current trends, aswe saw with the Covid vaccine.We can also expect to see plenty more of the word ‘crypto’ across the rest of the year,with cryptocurrencies’ and NFTs’ massive popularity likely to increase crypto stealers looking to rob people of their funds.
Furthermore, with the conflict in Ukraine not showing any signs of immediate resolution, threats will continue to evolve in volume and sophistication, so it is important to remain vigilant.
Protecting your business
Companies and individuals need to be more aware of the dangers of cybercrimes, and the accessibility hackers have to their personal information.
Educating staff on the attacks cybercriminals commonly use is helpful for any business. There is a reason why hackers continue to use compromised links and infected attachments within emails:it works. Get teams to undertake regular cybersecurity awareness training to add a vital layer of protection for the business.
It is alsoessential to create fire breaks within the network. There are several approaches to implementing such a strategy, but network segmentation is the most common. It is particularly relevant in the cloud, which has become a fertile hunting ground for cybercriminals.
Similarly, a properly managed backup and recovery program provides a safety net. An all-in approach is needed, though. It is important to backup data and system state on all endpoints, servers, mailboxes, network drives, mobile devices, and virtual machines.
Lastly, timely patching of applications and operating systems closes off potential avenues of attack. An intelligent, multi-platform patch management solution is recommended.
To find out more, head to this link to read our Threat Intelligence Index.