The global pandemic has continued to place a major strain on businesses, so any boost to trade is welcome.
But it can also leave organisations struggling to cope with increased consumer demand, while handling staff shortages and overcoming supply chain issues.
Effective management of cyber threats is equally important, with attackers ready and waiting to take advantage of any opportunities. With potential breaches of sensitive information, not to mention the associated reputational and financial damage, preparation and prevention is essential.
All sectors need to be wary of cyber threats, but industries under heavy strain are a natural target for criminals. The Australian Retailers Association expected shoppers to spend almost $59 billion before Christmas, an 11 per cent increase on spending during the same period in 2019. This creates a huge increase in financial activity and emails, which along with ongoing workforce shortages, leaves businesses distracted and vulnerable – an ideal scenario for opportunistic cyber criminals.
Andrew Hastie, Assistant Minister for Defence, recently called on Australians to be wary of theft of money and personal information while they do their Christmas shopping online. He pointed out that the Australian Cyber Security Centre received more than 11,000 reports of online shopping cybercrime last year. With an incident reported every eight minutes, it’s essential that retailers play their part in preventing fraud.
Supply chain and logistics companies also feel the strain. BCI’s Supply Chain Resilience Report 2021 found more disruptions than ever last year, with almost 28 per cent reporting more than 20 supply chain disruptions, a five per cent increase on 2019. Disruption was mostly pandemic-related, but phishing attacks, including those using COVID-19-related topics, also increased.
One-third of organisations (33 per cent) in this industry experienced cyberattack-related disruption and/or data breaches in 2020, compared to a quarter (26 per cent) in 2019. Just over 12 months ago we uncovered the SolarWinds supply chain compromise by suspected Russian actors and threats of this kind remain.
The pandemic also hit the travel industry hard. The International Air Transport Association expects total losses over the 2020-2022 period to exceed $200 billion. The anticipated surge in demand, along with COVID-19-related changes like vaccination requirements and workforce shortages, makes it another at-risk sector.
Ransomware and multi-faceted extortion remain major threats and continue to evolve as threat actors continue to find new ways to extort payments from victims. Critical industries are a popular target for ransomware attacks. This begins by locking victims out of their own files using encryption, as attackers know they are more likely to pay to avoid disruption. Our 14 Cyber Security Predictions for 2022 and Beyond report explains ransomware’s popularity with threat actors will continue because there is still more to gain than lose.
State-sponsored and financially motivated actors are increasingly interested in deepfake technology. They’re using manipulated media to make social engineering more convincing, bypass automated identity verification systems, and tailor content to specific targets.
With a growing number of organisations using enterprise software delivered by third parties through the cloud, we expect this area to become more vulnerable to compromises, as well as errors, misconfigurations or outages affecting cloud resources.
Organisations have a lot to deal with right now, but it’s vital to stay alert to threats and know how to respond when a breach does occur. These threats are just a small percentage of the risks companies need to think about, but with the right cyber defence solutions in place, businesses will be less exposed.
Mandiant uses the broadest and deepest cyber expertise and threat intelligence into dynamic cyber defence technologies to help empower your business.
Summary of our key report findings:
Ransomware and multi-faceted extortion will continue to evolve in 2022. Its popularity with threat actors is easy to explain – the rewards outweigh the risks, the ransomware-as-a-service model is easy to use, and extortion increases the chances victims will pay to regain access to files.
Attacks are increasingly aggressive and complex, but the ransomware-as-a-service business model remains popular. US and international efforts against ransomware are underway, but rules against victim organisations paying groups could lead to negative consequences, both in terms of encrypted files and potential government recourse.
Espionage and information operations will continue, with regional and international activity conducted by the Big Four – Russia, Iran, China and North Korea – as well as activity related to recent events in Afghanistan.
Deepfake technology is becoming increasingly popular to make social engineering more convincing, bypass automated identity verification systems and tailor content to specific targets. The ever-increasing using of cloud and cloud-hosted providers is likely to make them a target.
Businesses need to remain vigilant to defend against upcoming threats and respond to those that get through. Companies should empower themselves by incorporating the broadest and deepest cyber expertise and threat intelligence into dynamic cyber defence technologies.