The ongoing threat to businesses from cybercriminals is bigger than ever, according to the findings of a new report from ESET.
ESET, which offers a range of malware protection and internet security products for MacOS, Windows and Android devices, has produced its 2022 cybersecurity guide highlighting many of the issues we all face.
Malcolm Tuck, UK Managing Director of ESET, has put together the guide for businesses, analysing the company’s own data to reveal the biggest threats of last year, while also offering his predictions on what the cyber landscape will look like in the coming months.
The report makes for fascinating reading and covers the last quarter’s main problem areas, including web threats and Microsoft Exchange exploits. It’s also invaluable for getting a feel for emerging trends and predictions. Most importantly of all, however, is ESET’s advice on how businesses can prepare and protect themselves, from patching to segmentation.
Related: Best remote desktop software.
Growing cybersecurity threat
ESET’s own stats offer an impressive insight into the extent of the problems faced by businesses. The company blocked 4.8 million web threats and 400,000 unique URLs daily, with attempts to exploit MS Exchange and password guessing being the most frequent issues identified.
There were also a record-breaking 206 billion RDP password guessing attacks, along with rocketing numbers of email threats. Meanwhile, ransomware threats on Android devices increased 114 percent alone.
Additional figures produced by ESET show that the highest ever ransom of $240 million was recorded, RDP attacks increased by 274 percent and downloaders by 46.1 percent. Email threats were up by 8.5 percent and cryptocurrency threats increased by 7.7 percent. ESET found that threat detections rose by 7.2 percent while Android threats crept up by 2.8 percent.
Search for the best data recovery software.
ESET’s Cyber Threat Predictions for 2022
Ransomware: The professionalism of ransomware attacks will continue to improve in 2022, meaning the victim will have less opportunity to decrypt their data without paying the ransom.
RDP: 2022 will bring further growth of RDP bruteforce attacks. The Log4Shell exploit is here to stay and – together with ProxyLogon or EternalBlue – will become a key part of security testing suites.
Downloaders: In 2022, we expect Emotet’s malicious macros in email attachments to surge again as its botnet expands rapidly, returning it to a leading position among downloader families.
Phishing: Rates of phishing attacks will continue to grow, leveraging big brand names, as well as current trends.
Cryptocurrencies: Cryptocurrencies and Non-Fungible Tokens (NFTs) are both likely to lead to an increase in cryptostealers looking to rob users of their funds.
Android: We expect malware developers to focus even more on malicious apps that offer them a high return on investment, such as ransomware, banking malware and threats mining cryptocurrencies on victims’ devices
macOS and iOS: Adware, a type of malware that displays unwanted advertisements on devices, will continue to be the most common threat to the macOS platform, as it is relatively cheap to acquire and does not depend on focused targeting.
IoT: Many threat actors will continue to target IoT devices, such as smart speakers and connected security systems in 2022 – some utilising older malware and vulnerabilities, while others will try to exploit freshly reported flaws.
ESET’s preventative measures
Crucially, ESET’s report offers plenty of sound advice on how to combat these ongoing threats:
- Educate staff on the attack vectors cybercriminals commonly use. There is a reason why they continue to use compromised links and infected attachments within emails. It works. Get teams to undertake regular cybersecurity Awareness Training, to add a vital layer of protection for the business.
- Timely patching of applications and operating systems closes off potential avenues of attack. An intelligent, multi-platform patch management solution is recommended. It is important to create fire breaks within the network. There are several approaches to implementing such a strategy, but the most common is network segmentation. It is particularly relevant in the cloud, which has become a fertile hunting ground for cybercriminals.
- A properly managed backup and recovery program provides a safety net. An all-in approach is needed, though. It is important to backup data and system state on all endpoints, servers, mailboxes, network drives, mobile devices and virtual machines.
To access the full T3 2021 Threat Report, visit WeLiveSecurity.