In the last six months, an organisation in South Africa was attacked on average 1737 times per week. This is more than double the global average (819) of attacks per organisation per week, according to Check Point Threat Intelligence Report. So what can we expect from the year ahead?
2021 Supply chain cyber-attacks will become more common in 2022. This is according to Check Point Research’s (CPR) cyber security predictions for 2022. The predictions outline some of the key challenges that organisations will face over the next year.
Why the supply chain?
Supply chain attackers take advantage of a lack of monitoring to perform different types of cyber-attacks, from data breaches to malware infections. In 2021 alone, we saw supply chain attacks affect big brands like SolarWinds, and Kaseya. These particular incidents were significant in that the attack spread to their customers. Similarly, in July, Transnet, which operates ports and rail infrastructure in South Africa, announced that their online systems had been hacked. Transnet was forced to shut down certain IT applications in an effort to identify the source of the attack bringing various operations around the country to a halt.
“In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organisations’ supply chains and networks to achieve maximum disruption,” says Pankaj Bhula, Check Point’s Regional Director for Africa. “The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks.”
As supply chain attacks become more common, governments will need to establish regulations to address these attacks and protect networks, says CPR. They will also have to look into collaborating with the private sector, and with other countries, to identify threat groups operating on a global and regional scale.
Cybersecurity predictions for 2022
Below, is a list of CPR’s cybersecurity and cyber-crime predictions for 2022.
Misinformation makes a comeback: At the start of the pandemic, the South African government introduced a law that prohibited the spread of fake news. Unfortunately, this will do little to deter cyber groups. In 2022, fake news 2.0 will see malicious actors using emerging technologies to create fake news campaigns as part of elaborate phishing attacks and scams.
Mobile malware attacks to increase: There are 650 million mobile users in Africa, and, on some African countries, more people have access to a mobile phone than to clean water, a bank account or electricity, according to the World Bank and African Development Bank. As mobile wallets and mobile payment platforms are used more frequently, cyber criminals will adapt their techniques to exploit this growing reliance on mobile devices.
Cyber war to intensify: Just as companies are using new technologies to up their security game, hackers and cyber criminals are using the same innovations to improve their illicit activities. For example, in 2022, hackers will utilise penetration tools, which are typically used to evaluate how secure a system is, to customise their attacks in real time. Improved infrastructure and technological capabilities will enable criminal groups to carry out more sophisticated, widespread attacks that aim to destabilise global activities.
Data breaches will be larger scale and costlier: Ransom amounts demanded by attackers are predicted to increase in 2022. Accompanying this trend, CPR also predict that data breaches will be on a larger scale as attackers target an organisation’s customers and/or business partners and demand ransoms from them too. In the last six months, we’ve seen the MSP, finance and public sector industries in South Africa hit hardest by cyber-attacks and this trend is expected to continue into 2022.
Cryptocurrency to become a focal point for cyber-attacks: In June 2021, the founders of South Africa's largest cryptocurrency exchange, Africrypt, vanished, along with nearly $3.6 billion in Bitcoin. The pair told investors that the exchange had been hacked. In 2022, we can expect to see an increase in similar cryptocurrency related incidents and attacks.
Attackers to weaponise deepfake technologies: Taking the fake news threat to a whole new level, criminals will increasingly use deepfake social engineering attacks, which leverage artificial intelligence (AI) to create videos and images of fake events, to access sensitive data.
“Looking ahead, organisations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones,” concludes Horowitz. “To stay ahead of threats, organisations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”