The Biggest Attack Vectors for Cybercriminals in 2022
-
Loading... - Colbie Messina
- 25 Aug 2022
- 82 Views
- 0 Like
- 0 Comment
It’s been said that lyrics are poetry with a limp. They’re meant to go along with music, unlike poems that stand on their own. Just like lyrics, considering cyberattack statistics apart from the supporting data of areas such as industry and the data that a company holds keeps one from fully appreciating the statistics or how that information relates to any particular company, especially that of the reader.
Considering Vectors – Industries, business size, and data held
There’s a lot of information flowing throughout this planet. Consider this infographic:
Along with the enormous business and personal opportunities presented by technology come enormous criminal opportunities. This information shouldn’t lead to fear but to action, specifically actionable defense.
There are many reputable sources of the top cyber threats and attacks to expect in 2022. SANS gives the top five major categories of cyber-threats.
Verizon’s DBIR gives detailed studies on various industries, vectors, threats, etc. Sophos has an excellent report, as does Symantec with its white paper. IBM weighs in with its industry expertise. There are numerous other expert and anecdotal studies.
Given all this information, each business has to pore over the data to discover and ask: “What applies to me?”
When applying the information to one’s own company, three main factors appear when considering the risk factors: industry, business size, and data held. It’s obvious that healthcare companies hold PHI and banks hold financial information, but crime isn’t always straightforward. There are plenty of criminals who will take the long con, such as stealing thousands of social security numbers to use later in the year, or even a couple of years down the road, to gain unemployment benefits wrongfully. And there are many companies, such as Marketing, who hold and transfer tons of data that would benefit threat actors. And the larger the company, the more things can be stolen.
On a side note, one industry that has increased as a target in recent years, but doesn’t get reported much, is legal. A not-so-recent but prominent example is an attack on a large law firm in 2017. So those in the legal profession, while not getting much coverage, are examples of those who need to be on the lookout, even though many of those firms are smaller and don’t get much press.
In addition to these three factors, let’s condense the findings into two overarching common vectors of attack: Servers and People.
Servers (including Web Applications and APIs)
DDoS attacks against web servers are common. Even with advancements in security, such as including DDoS capabilities often being included or built-in to existing controls, 2021 saw an increase over 2020 losses from DDoS attacks. DDoS is an old method, but the server that the attack is leveled against needs to be ready for it.
Some other common attacks in this category are data leaks and stolen credentials (abusing something like Broken Access Control). Web apps and endpoints must be prepared for an onslaught of attacks such as fuzzing and SQLi.
APIs are a big deal. How big? The API management market (e.g., gateways, portals) is expected to reach $21.68 billion by 2028. APIs enable businesses to succeed, grow, and excel by accelerating business possibilities, decreasing business costs, and creating opportunities for quick change. A recent survey shows that “26% of businesses use at least twice as many APIs now as a year ago.” Protect those APIs, because they are like street-facing store doors – necessary for business, and a ready target.
Along with the opportunities afforded by web applications and APIs come the desire of criminals to commit crimes. Read More...
