Check Point Research (CPR) has published its ‘Cyber Attack Trends: 2022 Mid-Year Report’ highlighting how cyber attacks have become firmly entrenched as a state-level weapon, including the new ransomware method of ‘Country Extortion’ and state-affiliated hacktivism.
Besides insight into the evolution of cyber attacks as a state-level weapon complementing actual military conflict, and the elevation of ransomware utilized in nation-state level attacks for financial and social gain, the report also delves into the growth of cloud supply chain attacks through new sources of modules in the open-source community.
Top predictions for H2 highlighted in the report include:
Ransomware will become a much more fragmented ecosystem
While ransomware groups have become more structured and operate like regular businesses, with set targets to hit, there will be a lesson learned from the Conti ransomware group, whose size and power garnered too much attention, which led to its downfall. Going forward, CPR thinks there will be many small-medium groups instead of a few large ones, to hide in plain sight more effectively.
More diverse email infection chains
Due to the implementation of Internet macros being blocked by default in Microsoft Office, the more sophisticated malware families will accelerate the development of new infection chains, with different file types that are password protected to prevent detection as sophisticated social engineering attacks increase.
Hacktivism will continue to evolve
Hacktivist groups will continue to align their attacks with the agenda of their chosen nation state, particularly as the Russia-Ukraine war is still ongoing.
Continued attacks on decentralized blockchain networks with expected first attacks in Metaverse
With major incidents relating to blockchain platforms, such as a vulnerability on Rarible market place or ApeCoin Airdrop vulnerability, CPR expects to see continued efforts by hackers to breach and hijack crypto assets. In addition, CPR believes that we will see initial attacks in the Metaverse that will exploit smart contract vulnerabilities.