2022: The threat landscape is paved with faster and more complex attacks
2020 may have been the year of establishing remote connectivity and addressing the cybersecurity skills gap, but 2021 presented security experts, government officials and businesses with a series of unprecedented challenges. The increased reliance on decentralized connection and the continued rapid expansion of digital transformation by enterprises, small to medium-sized businesses (SMBs) and individuals, provided cybercriminals with many opportunities to exploit and capitalize on unsuspecting businesses and individuals. With nothing short of a major financial windfall waiting in the midst, numerous organizations and individuals fell victim to the mischievous efforts of malicious actors.
Threats abound in 2021In 2021, we witnessed so many competing shifts, many of which we detailed early on in our 2021 BrightCloud® Threat Report. In particular, we witnessed an increase in distributed denial of service (DDoS) attacks and a surge in the usage of the internet of things (IoT). For enterprises, SMBs and individuals that entrust IoT devices for work and entertainment, this opens up vulnerabilities to malicious vectors that take advantage of unprotected blind spots and wreak havoc.
The cybercrime marketplace also continued to get more robust while the barrier to entry for malicious actors continued to drop. This has created a perfect breeding ground for aspiring cybercriminals and organized cybercrime groups that support newcomers with venture capitalist-style funding.
Suffice to say, a lot has been happening at once.
Below, our security experts forecast where the main areas of concern lie in the year ahead.
Malware
Malware made leaps and bounds in 2021. In particular, six key threats made our list. These dark contenders include LemonDuck, REvil, Trickbot, Dridex, Conti and Cobalt Strike.
“In 2022, the widespread growth of mobile access will increase the prevalence of mobile malware, given all of the behavior tracking capabilities,” says Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText companies. Malicious actors will continue to improve their social engineering tactics, making it more difficult to recognize deception and make it increasingly easier to become a victim, predicts Milbourne.
RansomwareEarlier in 2021, we detailed the hidden costs of ransomware in our eBook. Many organizations when faced with an attack, gave into the demands of threat actors, paying hundreds of thousands of dollars on average. Since mid-October 2021, there have been more than 25 active strains of ransomware circulating. The evolution of ransomware as a service (RaaS) has vastly proliferated. Conti, in particular, continues to be the more prevalent ransomware affecting SMBs.
“As the year progresses, we will likely see faster times to network-wide deployment of ransomware after an initial compromise, even in as little as 24 hours,” says Milbourne.
“Stealth ransomware attacks, which would deploy all the necessary elements to control, exfiltrate and encrypt key assets of an organization but do not execute until there is no alternative, will likely continue to proliferate,” says Matt Aldridge, principal solutions consultant at Carbonite + Webroot. “This approach will be used to get around restrictions on reporting and on ransomware payments. Criminals can extort their targets based on the impending threat of ransomware without ever having to encrypt or exfiltrate the data. This could lead to quicker financial gains for criminals, as organizations will be more willing to pay to avoid generating awareness, experiencing major downtime or incurring data protection fines,” forecasts Aldridge.
CryptocurrencyThere was no shortage of discussion surrounding cryptocurrency and its security flaws. The rise of exchange attacks grew, and quick scams reigned. The free operation of cryptocurrency exchanges and marketplaces will be significantly impacted by government regulation and criminal investigation in 2022, especially in the United States.
“This year, we will likely see new threat actors become strategic in their cost-benefit analysis of undertaking long-term mining versus short-term ransomware payments. The focus will likely fall to Linux and the growth of manipulation of social media platforms to determine price,” predicts Kelvin Murray, senior threat researcher, Carbonite + Webroot.
Supply Chain“Simply put, attacks on the supply will never stop; it will only get worse,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot. Each year the industry gets increasingly stronger and more intelligent. Yet every year, we witness more never-before-seen attacks and business leaders and security experts are constantly looking at each other thinking, “I’m glad it wasn't us in that supply chain attack,” continues Moffitt.
General Data Protection Regulation (GDPR) fines have more than doubled since they came out a few years ago just as ransom amounts have increased. These fine values have also been promoted on leak sites. Moffitt predicts GDPR will continue to increase their fines, which may serve to help, instead of thwart, the threat of ransomware extortion.
PhishingLast year, we forecasted phishing would continue to remain a prevailing method of attack, as unsuspecting individuals and businesses would fall victim to tailored assaults. In our mid-year BrightCloud® Threat report, we found a 440% increase in phishing, holding the record for the single largest phishing spike in one month alone. Industries like oil, gas, manufacturing and mining will continue to see growth in targeted attacks. Consumers also remain at risk. As more learning, shopping and personal banking is conducted online, consumers could face identity and financial theft.
What to expect in 2022?The new year ushers in a new wave of imminent concerns. In 2022, we expect to see an increased use of deepfake technology to influence political opinion. We also expect business email compromise (BEC) attacks to become more common. To make matters worse, we also foresee another record-breaking year of vulnerability discovery which is further complicated by bidding wars between bug bounty programs, governments and organized cybercrime. Most bug bounties pay six figures or less, and for a government or a well-funded cybercrime organization, paying millions is not out of reach. Ultimately, this means more critical vulnerabilities will impact individuals and businesses. The early days of 2022 will also be compounded by the discovery of Log4j bugs hidden within Java code.
“The critical vulnerability identified within Log4Shell is a great example of how attackers can remotely inject malware into vulnerable systems. This active exploitation is happening as we speak,” says Milbourne.
The key to preparing for the plethora of attacks we will likely witness in 2022 is to establish cyber resilience.
Whether you’re looking to protect your family, business or customers, Carbonite + Webroot offer the solutions you need to establish a multi-layer approach to combating these threats. By adopting a cyber resilience posture, individuals, businesses small and large can mitigate risks in the ever-changing cyber threat landscape.
Experience our award-winning protection for yourself.
To learn more about Carbonite and begin your free trial, please click here.
To discover Webroot’s solutions for yourself, begin a free trial here.
Protect your data with Carbonite
Whether your data is stored in the public, private or hybrid clouds, it remains vulnerable to accidental data loss or malicious attacks. Backing up your data remains critical for business continuity.
Carbonite offers flexible backup solutions to keep your data secure no matter where it’s held. Gain assurance in an uncertain world with Carbonite. Discover our server backup solution plans for yourself. Protect your critical business data before disaster strikes.
To get started, please visit https://www.carbonite.com/backup-software/buy-carbonite-safe.
Cyber Resiliency Against Ransomware: The Next Frontier
In the third and final episode of our series, Ransomware 2021, you can hear more from our experts about the proliferation of ransomware, explore why businesses and individuals are being attacked and describe how security plus backup create a strong cybersecurity posture against this billion-dollar industry.
In this episode we’ll explore the following:
Whether your cybersecurity posture and cyber hygiene are up to code - Maintaining a strong cybersecurity posture involves a multi-layered approach.
Cyber resiliency in the face of increasingly sophisticated cyber threats - Small and medium-sized businesses (SMBs) that prioritize cyber hygiene, invest in regular security training and backup and recovery solutions are better prepared to maintain business continuity in the event they are hit with a cyberattack
Watch Episode 3: Resilience Against Ransomware
Tune into the final episode of our three-part series to learn what the best defenses can yield for your business and your bottom line.
https://www.youtube.com/watch?v=zuWHVfBceVs
Carbonite wins SaaS Enterprise Solution of the Year! 🎉
We’re pleased to report that Carbonite has been recognized by the European IT & Software Excellence Awards in this year’s category of SaaS Enterprise Solution of the Year!
Read more about Europe's most prestigious IT Channel Awards and the other winners here.
Don’t miss this out of the galaxy contest! Win Star Wars Prizes from Carbonite
From the initial creation and utilization of data, to its eventual planned and strategic deletion, it’s our mission – together, with Webroot’s cybersecurity solutions – to ensure the entire lifespan of data for the people and organizations that need it.
Consider us… The Jedi of data protection, defending against the Siths of cybersecurity.
“Use the data, Luke… But, make sure you back it up and protect it.”
— Obi-Wan Kenobi (probably, maybe)
We’re thrilled to help backup and protect data as best we can, so we’d like to help encourage the Community to “build up” your backup with an assortment of Star Wars related Legos. If you follow the instructions below, you could win one of the following prizes:
Grand Prize (1)
LEGO Art Star Wars The Sith 31200 Creative Sith Lord Building Kit; an Elegant Piece for Adults who Love Mindful Art Projects or The Dark Lords of The Sith, New 2020 (3,406 Pieces) ($112)
$100 Amazon Gift Card
Runner Up Prizes (2)
Luke Skywalker's X-Wing Fighter™ 75301 | Star Wars™ | Buy online at the Official LEGO® Shop US ($59.99 each)
2nd Runner Up Prizes (5)
Choice between a Star Wars keychain ($5.99 each):
- Chewbacca
- Darth Vader
- R2-D2
- Yoda
- Stormtrooper
Here’s what you need to do to defend the data galaxy:
1. Fill out this form
2. Reply below with your answer to this question: “If you were facing bad-actor Sith Lords, what Star Wars character would you want to be to backup and protect your data?”
AND, we’d love to see who all has utilized or is utilizing Carbonite! For a BONUS ENTRY, if you have used Carbonite or are using Carbonite services today, leave us a review in our product pages here in Spiceworks. Just leave a comment in your reply saying you have done so!
T&Cs - Ends December 31st - US SpiceHeads Only
Join Us for a Live Webinar on 12/7 on the Nastiest Malware, Stay for the Trivia!
If you've ever experienced trivia with Webroot + Carbonite, you know how awesome of a time we have! If you missed us at SpiceWorld, there's another chance...
For those who may be interested, we'll be hosting a live Spiceworks partner webinar entitled: Nastiest Malware 2021 & Trivia on Tuesday, Dec. 7th at 3PM CST.
Our cybersecurity expert, Tyler Moffitt will be examining this year’s biggest cybersecurity attacks and attendees will learn which malware and ransomware threats are the nastiest and pose the most threats to businesses in the coming months. We’ll even be hosting some live trivia during the event that is always so much fun!
Key takeaways:
- Discover the most dangerous malware attacks and why they’re not going away
- Learn essential tips for protecting your business with a multi-layered approach
- Explore strategies for keeping pace with evolving cybersecurity threats
- Enjoy interactive trivia for some prizes!
BONUS: The Lucky attendee will win a Nubily Laptop Waterproof Backpack.
Sign Up Here
ELIGIBILITY - Open only to Spiceworks Registered Community Users who are legal residents of the United States or Canada (excluding residents of locations where sweepstakes are restricted or not permitted), and who are 18 years of age or older as of date of entry. A Spiceworks Registered Community User (“User”) is a person who has joined the Spiceworks community at http://www.spiceworks.com/community/ before the start of the Sweepstakes Period.
To read more about how the Sponsor may use your information, please read our privacy policy.
Edited Dec 6, 2021 at 20:01 UTC
The History of Ransomware and How Cybercriminals Find their Targets
Even though the headlines about the latest cyberattacks often mention large, Fortune 500 companies, the majority of ransomware targets include families as well as small and medium sized businesses.
Check out our recent blog post to learn how ransomware targets its victims, what tactics ransomware employs, and what you can do to protect your business and personal life.
New ransomware and backup management tools for Carbonite Server!
We’re excited to announce the 2021 Carbonite Server release contains significant and frequently requested updates. While backups were previously scheduled at most daily, we now provide the option to schedule them hourly. Along with hourly scheduling, there are new monitoring, alerting and reporting functions that measure the progress, status and success of higher-frequency back-ups.
This release also features other enhancements, including:
Administrators may now delete backup safe sets directly from the management portal
Administrators may now delete offline agents
Administrators may now use duplicate company naming
Microsoft Hyper-V is now fully supported for Rapid VM Recovery (RMVR)
A new datacenter facility in the Netherlands for local GDPR and EU data sovereignty requirements is now available
While it’s no surprise that ransomware reigns as the current thorn of every business, in addition to the robust data security safeguards and pre-existing built-in processes, this new release contains a new ransomware resilience module. The module automatically flags and alerts potential ransomware, utilizing multi-level alerting tools like dashboard warnings, threat views, and auto-email notifications. In the event that a threat is identified and confirmed, uncompromised data can be quickly selected and recovered.
To learn more details about this release’s other feature enhancements check out the product bulletin with complete notes attached to our post.
Which new Carbonite Server feature are you most excited about?
Nastiest Malware 2021 is Here!
“It’s like 2020 but worse…”
In honor of Cybersecurity Awareness Month, once again we’ve reviewed this year’s biggest cyber threats to find out which ones truly are the nastiest! This year was another year with COVID-19 and malware making daily headlines. We also saw attacking critical infrastructure and supply chains become a popular tactic among bad actors.
In 2021, Ransomware extortion evolved from a trend into a new normal with hackers targeting businesses of all sizes while the majority of victims are small businesses. Phishing continues to be key for these campaigns and it’s typically the first step in compromising a business for the nastiest malware.
So, in no particular order, meet this year’s Nastiest Malware...
To learn more, check out our website.
Did the malware you detest most make this year’s list?
Edited Oct 12, 2021 at 21:24 UTC
Status of Ransomware in 2021: How did we get here?
An unsettling trend has made some ransomware variants like WannaCry, NotPetya, into household names.
In the second episode of our series on ransomware, featured experts chart the rise of ransomware from a scam run by fake AVs to the multi-billion-dollar racket it is today. From humble origins, this form of online extortion has been co-opted by state-sponsored hackers and turned into a business model with ransomware as a service.
Be sure to watch and share the episode, which covers key developments in ransomware including:
What happens when ransomware spreads with worm-like capabilities
The emergence of the ransomware-as-a-service business model
Cryptocurrency’s effect on online extortion rackets
COVID-19’s impact on global cybercrime
As workforces migrate from offices, workflows migrate to the cloud
When the pandemic put unprecedented pressure on IT departments across the UK and wider world, CloudHappi, an IT solutions provider, helped local schools by shifting the IT burden from on-premise servers to the cloud. #Carbonite was tapped as a server migration solution and while other solutions were taking weeks, it was able to perform a complete migration for its first school within a single day.
Many reasons to migrate
There seems to be a growing trend towards workforces requiring many more migrations from on-premise servers to the cloud. IT admins will require greater access to productivity solutions without the need for physical space in which to operate. Aside from the flexibility of being able to access systems from anywhere, migrating to the cloud entails several knock-on benefits for businesses, whether MSPs or their clients including:
Streamlined management
Enhanced security
High-availability
To learn more about the benefits of migrating to the cloud, visit the Carbonite Migrate page here.
What workflows have you moved to the cloud, if any?
IT admins, has Carbonite made your WFH lives easier?
Welcome to the Club!
Hey SpiceHeads - I wanted to introduce you to Tamara for Carbonite!
Tamara will be your new point of contact for any and all things Carbonite. It's been a lot of fun, SpiceHeads! I know you'll be in good hands. :)
-
Sep 1, 2021 at 22:51 UTC
So excited to join team Carbonite! Thank you for all your hard work and the warm welcome, Tiffany!
About Carbonite
Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters. From automated computer backup to comprehensive protection for physical and virtual server environments, Carbonite ensures the accessibility and resiliency of data for any system.
Contact Carbonite
- 2 Avenue de LafayetteBoston, MA 02111
- www.carbonite.com
Help Desk »
Inventory »
Monitor »
Community »