As we move into the second quarter of 2022, the cybersecurity landscape looks increasingly complex and dangerous. The number of data breaches continues to rise, and the types of attacks are becoming more sophisticated. Ransomware is a growing threat, and phishing remains a major problem. The number of data breaches continues to rise, and in 2021, there were more than 5,000 reported data breaches. This was a significant increase from the previous year, when there were 4,501 data breaches.
Organizations need to be prepared for these threats and must take steps to protect their data. They need to have a comprehensive security plan in place, and they must also educate their employees about cybersecurity risks.
Ransomware Outlook for 2022 Is Grim
Ransomware attacks increased 17% from 2020 to 2021, and US government agencies like the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA are predicting further growth in 2022. There were approximately 292 ransomware attacks reported in 2021, and of those attacks, 51% of the targeted victims were within the United States. Also concerning these ransomware attacks, over 80% of them involved data exfiltration, or data theft, with 16% of the attacks exporting unauthorized data directly to China and 12% to Russia. With the current geopolitical situation, and the increased tensions between the United States, China, and Russia, it is anticipated that ransomware attacks originating from China and Russia will only increase in the U.S. in 2022.
Aside from ransomware attacks from major geopolitical foes to the United States, there is likely to be an increase in ransomware attacks. A rise is likely, not only organized and/or government-sponsored hacking collectives, but from smaller groups and individual hackers as well. Smaller hacking groups and individuals are taking advantage of an alarming trend that may be one of the largest catalysts of growth for the number of ransomware attacks in 2022.
The trend is ransomware for hire. Ransomware for hire is essentially more organized and experienced hacking collectives franchising their ransomware tools and techniques to less skilled and less organized cyber-criminal groups and individuals. By empowering these less-skilled hackers and charging for their services, large cyber-criminal organizations are setting into motion a ransomware golden age that will only continue to grow in and beyond 2022.
Who Are the Most Common Victims of Ransomware?
According to the Cybersecurity and Infrastructure Security Agency (CISA), many of the latest ransomware attacks are specifically targeting critical infrastructure inside of the United States. The industries that are most commonly under attack from cyber-criminals include the communications industry, emergency water services, the energy sector, financial services industry, as well as the healthcare sector.
2021 Attack on the U.S. Energy Sector
The Colonial Pipeline ransomware attack is probably one of the most memorable recent ransomware attacks that specifically targeted one of these five main critical infrastructure industries. In May of 2021, a hacker group directly attacked the US energy sector by implementing a targeted cyberattack on all the computerized equipment managing the Colonial Pipeline. The Colonial Pipeline carries gasoline and jet fuel from Houston, Texas to cities throughout the Southeastern United States and Eastern Seaboard. It is estimated that about 45% of all the fuel consumed on the East Coast arrives from the Colonial Pipeline system.
As soon as the infiltration was discovered, the Colonial Pipeline Company halted all of its pipeline operations to contain the attack. This is when the hacker collective “Darkside”, demanded a payment of 75-Bitcoin or about 4.4-million dollars at the time, in exchange for an IT tool to restore the system. The Colonial Pipeline Company had no choice but to pay the ransom, and in coordination with the FBI, the ransom was paid to the Darkside hacking collective. After the hackers received the Bitcoins, they then released the IT tool needed to get all the computerized equipment used to manage the pipeline back up and running. The only problem was that the tool contained an incredibly long processing time which only further exacerbated the situation.
The impact of the Colonial Pipeline Company halting its operations was felt all over the East Coast as well as at the pump. Fuel shortages as a result of the shutdown of the pipeline and panic buying caused the national gas price average to rise to its highest level in almost seven years. Additionally, major airports like Charlotte Douglas International Airport and Hartsfield-Jackson Atlanta International Airport were directly affected since the Colonial Pipeline is their number one direct supplier of jet fuel and gasoline. Also, within four days of the cyber-attack, 71% of filling stations in Charlotte, NC were completely out of fuel, and within eight days, 87% of stations in the Washington D.C. area were also empty.
In total, because of the ransomware attack on the Colonial Pipeline Company, the pipeline was shut down for six days and normal services were not fully restored until several days later. Additionally, the Darkside hacking collective was able to extract over 100-gigabytes of sensitive data.
Although it has not been confirmed that the Colonial Pipeline ransomware attack is connected to the Russian government, there has been some evidence that the attack originated in Russia and that the Darkside hacking group is located in Russia as well.
The Colonial Pipeline ransomware attack was the largest attack on the US oil infrastructure in history.
What Industries are Most at Risk for Ransomware Attacks in 2022?
One of the industries that may be the most at risk of ransomware attacks in 2022 is the public health and healthcare industry. As ransomware has become more sophisticated and the healthcare industry is stretched thin due to a global pandemic, cyber-criminals have identified targets such as hospitals, out-patient clinics, and other health care facilities as easy targets that are vulnerable and lucrative.
For this reason, the U.S. Department of Health and Human Services has publicly warned the healthcare industry to be vigilant against cybersecurity threats and to bulk up on their cyber defenses in anticipation of a potentially volatile 2022 when it comes to ransomware attacks. The warning from HHS goes on to explain that cybersecurity experts have identified specific vulnerabilities in the Apache Log4j software that is used in thousands of applications and controls systems for medical devices and hardware. If a ransomware attack was somehow able to exploit those vulnerabilities, then the attacks could potentially disrupt healthcare facilities from delivering health care services as well as pose a threat to national security.
What Types of Ransomware Attacks are Expected to Increase in 2022?
As ransomware attacks are expected to increase in 2022, what types of attacks should companies and government agencies be on the lookout for? According to the CISA, FBI, and the NSA, the following cyber-criminal tactics are going to be used more frequently in 2022 to breach cybersecurity systems and to implement ransomware attacks.
- Phishing attacks – when a hacker sends an email or text message that looks like it is from a legitimate source then request the victim’s username and password or other sensitive information.
- Theft of remote desktop credentials – when a hacker gains access to a computer by stealing the username and password in order to login and access data.
- Brute-force attacks – method used by hackers to guess a password by trying different combinations of passwords until they find one that works.
- Ransomware for hire services – where hackers offer to launch ransomware attacks against businesses or individuals for a fee.
- More frequent attacks on weekends and holidays when users are not as vigilant.
- Cyber-criminals sharing information and vulnerabilities about target victims.
- More diverse matrixes that may involve cloud services and software supply chains.
Ransomware attacks are becoming more prevalent year after year, and 2022 is expected to bring even more sophisticated attacks and more emboldened cyber-criminals looking to exploit any and all IT vulnerabilities in the critical infrastructure industries within the US.