Zurich, 5 January 2021 – According to a cyber report issued by Allianz for the first half of 2021, the number of cyber incidents increased by 125 percentage points year on year. The fact that many people are working from home and shopping more than ever online instead of visiting brick-and-mortar shops also creates new security vulnerabilities that cybercriminals are only too happy to exploit. Several trends are emerging in this context that are likely to be significant for the year 2022.
The relationship between malware programmers and cybersecurity experts has always resembled a race in which one side or the other is ahead. All parties involved are inevitably forced to keep pace with the latest technological developments at all times. This ranges from responding immediately to zero-day exploits – security vulnerabilities that have just come to light – or deploying innovative technologies for which the other side has yet to develop an effective response.
Building malicious code more quickly
Speed is often what counts for criminal hackers because once a security vulnerability becomes known, it doesn’t take long for software developers and security experts to rectify it. The aim of the perpetrators is to launch as many attacks as possible before this happens. To gain time, they are increasingly using new programming tools such as OpenAI Codex – an artificial intelligence that is trained to convert spoken language into programming languages such as Python, JavaScript or PHP. This semi-automated process, which also reduces the number of errors in the code, dramatically increases the speed and efficiency with which ransomware, trojans and similar types of malicious software can be programmed.
What’s more, criminals are increasingly turning to new programming languages such as Nim, Rust or Go. They are doing so in the hope that their malicious code will not initially be detected by the relevant analysis tools deployed by the security industry and will slip through checks unnoticed. This too is a neck-and-neck race between criminals and an IT security sector eager to eliminate any “blind spots” in its software as quickly as possible.
Targeting supply chains
Another insight from the Allianz report is that cybercriminals behind ransomware attacks are increasingly targeting large companies, especially those that produce commodities that are particularly in demand and scarce in the context of the global supply chain crisis. The perpetrators’ cynical logic is that the willingness to pay in these cases is very high. That’s because these producers want to avoid an interruption to their production at any cost and are prepared to reach a little deeper into their pockets if necessary.
The case of the American IT service provider Kaseya also illustrates how hackers try to maximise the impact of their attacks. Criminals managed to gain access to a program sold by Kaseya to client companies, which used it to manage and distribute their software updates. This enabled the hackers to encrypt the systems of more than one thousand companies in order to extort a ransom payment. Although challenging to mount, these attacks are extremely effective and we can expect to see similar exploits in 2022.
Attacks in the healthcare sector
The healthcare sector is another popular target for attacks. During the COVID-19 pandemic, many providers relaxed their security guidelines to make it easier for their employees to work remotely from home. However, this also introduced vulnerabilities in the security protocols that normally applied, which then had to be painstakingly addressed in the ensuing months. Even though the adaptation of IT security measures has improved the situation to a degree, we can expect to see more targeted cyber-attacks in the coming months as perpetrators seek to acquire sensitive commercial and patient data.
Awareness remains key
In 2022, user awareness remains an important cornerstone of every IT security concept that underpins software-based and hardware-based security measures. Users must have a clear understanding at all times of the types of attacks they can repel through their own personal awareness. Phishing attacks in particular are becoming increasingly sophisticated – convincingly forged company websites and stolen user data from managers are being used to induce people to reveal internal company information and passwords. Security training and regular updates for the workforce regarding the threat situation can make an important contribution to warding off these types of cyber-attacks.
###
About Nevis
Nevis develops security solutions for the digital world of tomorrow. Its portfolio encompasses passwordless logins, which are intuitive to use and offer optimal protection for user data. Nevis is the market leader for Identity and Access Management in Switzerland and secures over 80 per cent of all online banking transactions. Public authorities, leading service providers, and industrial enterprises worldwide rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany, and Hungary.
Press Contact
LEWIS Communications GmbH
Ingo Geisler, nevis-security@teamlewis.com