Acronis recently released its yearly Acronis Cyberthreat Report 2022, an in-depth review of cybersecurity trends and threats worldwide.
The report warns that managed service providers (MSPs) are particularly at risk. This is because having more of their management tools, such as PSA or RMM, are being used against them by cybercriminals, becoming increasingly vulnerable to supply chain attacks.
For context, supply-chain attacks on MSPs are particularly devastating since attackers gain access to their business and clients. This is evident by the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021. One successful attack means crippling hundreds or thousands of SMBs.
The report also discovered that during the second half of 2021, only 20% of companies reported not having been attacked — as opposed to 32% last year — indicating that attacks are increasing in frequency across the board.
Key trends of 2021 — and predictions for 2022
Beyond the growing efficiency of cybercriminals and the impact on MSPs and small businesses, the Acronis Cyberthreat Report 2022 shows:
- Phishing remains the primary attack vector. 94% of malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links; phishing has been topping the charts even before the pandemic. It continues to snowball: just this year, Acronis reported blocking 23% more phishing emails and 40% more malware emails in Q3, compared with Q2 of the same year.
- Phishing actors develop new tricks, move to messengers. Now targeting OAuth and multifactor authentication tools (MFA), these new tricks allow criminals to take over accounts. To bypass standard anti-phishing tools, they will use text messages, Slack, Teams chats, and other tools for attacks like business email compromise (BEC). One recent example of such an attack was the infamous hijacking of the FBI’s email service, which compromised and sent spam emails in November 2021.
- Ransomware still the #1 threat — to big companies and SMBs alike. High-value targets include the public sector, healthcare, manufacturing, and other critical organizations. But despite some recent arrests, ransomware continues to be one of the most profitable cyber attacks these days. Cybercrime Magazine predicts ransomware damages will exceed $20 billion before the end of 2021.
- Cryptocurrency among the attackers’ favorite playing cards. Infostealers and malware that swaps digital wallet addresses are the reality today. We can expect more such attacks waged directly against smart contracts in 2022 — attacking the programs at the heart of cryptocurrencies. Attacks against Web 3.0 apps will also occur more frequently. New and increasingly sophisticated attacks, such as flash loan attacks, will allow attackers to drain millions of dollars from cryptocurrency pools.
Read the full report of Acronis Cyberthreats Report 2022 here.