Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cybercrime Trends 2022: How to prepare for the updated risk landscape
There’s no question that during this year we’ve experienced a period of exceptionally rapid change to the risk landscape. Naturally, more sensitive and personal data floating around in the digital sphere translates into more new attack opportunities and forms of cybercrime. As the landscape continues to evolve at lightning speed in the coming year, the ongoing changes will require equally rapid adaptation on behalf of cyber security experts — and everyone else.
With 47% of the UK workforce working from home and flexible work patterns expected to continue, it’s time to take a serious look at the new cyber threats that have arisen. In this article, we will explore some of the top cybercrime trends we expect to see in 2022 and explain how you can prepare your systems for this updated risk landscape.
Suggested reading: To make sure you are prepared, use our free assessment to identify weaknesses in your cyber security posture: Cyber Security and Threat Management Toolkit.
In today’s digital landscape, it’s increasingly possible for less sophisticated attackers to carry out more sophisticated cyber attacks. On the Dark Web, novice cybercriminals can now purchase malware-as-a-service, which enables them to deploy advanced denial of service (DoS) attacks that they would otherwise be incapable of performing. In 2020, a meagre 4% of attacks required the attacker to take more than four actions. This serves as supporting evidence that the majority of attacks are at least partially automated and therefore increasingly easy for malicious attackers to deploy.
The best way to stop common threats — including DoS and DDoS attacks — in their tracks is to partner with a managed detection and response service (MDR). Adding a managed service to your existing endpoint capabilities — such as Microsoft Defender for Endpoint — enables you to build in cyber incident management, prevention and analysis. The right managed service provider (MSP) can also provide expert advice on emerging cybercrime threats, keeping you apprised of new details as soon as they come to light.
COVID has been the topic of the year, so it’s no surprise that hackers are taking advantage of the number-one global issue on most people’s minds — around a quarter of all coronavirus-related domains have been found to be malicious or fraudulent.
A significant number of COVID-themed attacks involve phishing emails that impersonate government organisations, such as the World Health Organisation or national health authorities. Others have tried to capitalise on government stimulus packages — victims might receive fraudulent but targeted emails prompting them to click a malicious link to sign up for what looks to be an official scheme. Google/Gmail reports seeing 18 million COVID-related malware and phishing emails each day, in addition to over 240 million COVID-themed spam messages.
Research by Microsoft revealed a dramatic uptick in these COVID-themed attacks, spiking with the lockdown measures that came into place in March 2020.
Instances of COVID-themed malware in the UK
Although these types of attacks have persisted throughout the year, the figures have never reached the levels we saw in March. But we can expect to see them continue as long as the health crisis does, and it’s possible that we will see an increase now that we’re in lockdown 3.0.
It’s interesting to note that the number of unique malware threats has remained far lower than the total number of encounters — essentially, a relatively consistent number of attackers seemed to be scaling their attacks up during the most profitable times.
So, while the prevalence of COVID-themed malware does seem to be decreasing, it remains an ongoing threat — and one that businesses should continue to keep their eyes on in 2022.
First, responding to COVID-themed cyber threats means educating and raising awareness throughout your organisation. Although your employees are likely already aware of the basic coronavirus cyber threats, it’s essential to encourage them not to let their guards down, as well as update them on any specific emerging threats that come to light. Second, two-factor authentication, strong passwords and regular software updates are key, as is strong endpoint security. But getting the most from the cutting-edge platform requires extensive in-house security expertise or a partnership with a trusted Managed Security Provider.
Suggested reading: If you want to learn more about endpoint security and MDR, check out our guide — How to Build a Better Cyber Security System Today.
Phishing, malware and ransomware have been growing problems throughout the previous years. But in 2020, we’ve seen a sharp rise in the number of campaigns deployed to steal credentials and scam users out of money. Scamming and brand impersonations account for 88% of these attacks.
In particular, the more frequent use of ransomware — a form of malware — is cause for particular concern as we move into 2022. Because of the vulnerabilities associated with remote working, decreased network defences and the leveraging of coronavirus as a lure, the number of ransomware attacks looks extremely likely to increase over the next 6 to 12 months.
We’ve also seen a shift in ransomware attack trajectories. Rather than simply encrypting a network as leverage for ransom, 83% of ransomware attacks in 2020 involved leaking sensitive data online to extort even more money from victims.
Suggested reading: CNS Cyber Intelligence Report 19/06/202
Ransomware poses a risk to organisations of all sizes — the average size of UK firms targeted by ransomware in 2020 was 100 employees. All industries are also affected, but the five most-targeted sectors last year were:
In 2020, the three most common methods that ransomware groups used to gain access to networks were:
Since mid-July 2020, there has been a sudden and sharp uptick in Emotet phishing attacks on UK and US organisations. Since October, Emotet attacks have been considered the most active strain of malware in the world and therefore pose a significant threat to organisations as we move into 2022.
Suggested reading: CNS Cyber Intelligence Threat Report 07/10/20
It’s essential to educate employees about the dangers of downloading suspicious attachments — most malware and ransomware, including Emotet and secondary payloads, can only work when a user in your network makes a judgement error. Meanwhile, preventing RDP attacks usually means disabling internet-facing RDP when possible, creating stronger passwords and backing the passwords up with additional measures, such as security analytics (which help with crime threat assessment) and multi-factor authentication.
To prevent Emotet attacks, it’s also vital to keep your endpoints up-to-date with the latest Microsoft patches — the deployment of secondary payloads often relies on specific Windows vulnerabilities, including EternalBlue. Of course, the best security software can block and detect Emotet in real-time — this means that working with a managed detection and response (MDR) partner can be an extremely valuable investment.
In fact, managed services that provide detection and response capabilities and help you get the most out of your endpoint cyber security technology can be a massive help in all of these areas — this way, experts are always on-hand to advise you on the best steps to keep your business secure.
Suggested reading: Four Ways Strategic Partnerships Improve Cyber Security
As of 2020, there were an estimated 30 billion IoT connected devices globally, and this number is set to continue growing throughout the coming decade. More IoT gadgets mean more endpoints for attackers to target — in 2019, cyber attacks on IoT devices surged by 300%. Unfortunately, devices within the IoT ecosystem are a particularly easy target for attackers, and as more businesses embrace IoT endpoints, new vulnerabilities and security challenges will inevitably arise.
One of the reasons that IoT devices are such an easy target is that many don’t receive regular security updates, nor do many users take care to change/update passwords. It’s also common for organisations to deliver firmware updates for a short duration before forgetting about vulnerabilities when a fresh device is launched. However, both outdated software and hardware expose users and networks to costly attacks. It sounds simplistic, but one of the best ways to protect against these threats is to update all devices and passwords regularly.
Although the data associated with IoT devices is typically stored in the cloud and these devices don’t have user interfaces or operate in the same way as computers or smartphones, ransomware and malware still pose significant threats to IoT devices. Ransomware can restrict a device’s functionality, as well as steal personal data. More recently, attackers have sought to combine ransomware and malware strains to form a distinct type of attack. For example, some malicious actors gain access to Internet Protocol security cameras to capture vital information and extract data by utilising a series of locations.
To resolve IoT vulnerabilities and protect attacks, it’s vital to update and authenticate software and IoT devices regularly, change passwords and other credentials frequently, and keep up-to-date with the latest IoT security vulnerabilities, breaches and threats. The right strategic partner can help you detect and remediate threats, as well as provide valuable, industry-specific insight into the types of breaches that pose the greatest threat to your devices and network.
Remember, cyber security is a journey, not a destination. That’s why it’s crucial to have the right people working alongside you, every step of the way. As we’ve stressed throughout this article, even the best technology cannot solve your problems on its own. Think of tech as a vehicle. It’s capable of getting you where you want to go, but first, you need a human to operate it. You need experts on your team who can steer the tech in the right direction.
Because cyber-threats aren’t passive, your defence must be both active and agile. Working with an MSP can help you gain greater control and transparency over your journey while overcoming the cyber security skills shortage problem. At Six Degrees, we provide managed response services, offering you reliability, flexibility and 24/7 access to the expertise your organisation needs to keep your networks and data secure in 2022 and beyond.
A full-service solution like Six Degrees will:
Want to learn more about how we can help you on your cyber journey? Feel free to get in touch!
As the UK continues to phase out 3G…
Whether they admit to it or not, most…
We are proud to announce that Six Degrees…
The Digital Operational Resilience Act (DORA) entered into…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
