It's been a difficult year, to say the least.
As the world continued to grapple with the stressors of the pandemic, criminals seized the opportunity to exploit distributed work for their own gains. The past year saw a troubling rise in ransomware attacks, social engineering, and insider threats. As seems to be tradition by now, there was also a massive surge in data breaches targeting major organizations.
There's ample time to discuss all of that later, though. Because 2021 is nearly at its end. A new year is nearly upon us, one that (hopefully) will prove at least a little less taxing than the previous one.
Per tradition, it's time for us to take a look forward and prepare ourselves for what's to come. Specifically, we're going to be discussing malware — the trends, threats, and changes of which you should be aware in 2022.
Social Engineering Takes Off
If there's one thing the pandemic taught us, it's how easily misinformation can spread on a site like Facebook. Even now, false facts run rampant on the site, a fact that criminals are exploiting to the fullest. We've already seen some especially vile bad actors exploiting the pandemic in an effort to spread malware and commit fraud — this trend seems very likely to continue through the New Year.
Misinformation isn't the only issue, either. While few people are likely to access any malicious links sent by social media spambots, criminals are putting more time and effort into establishing fake profiles. Although this is usually done in the interest of gaining access to more lucrative targets like businesses, the fact remains that one of these well-researched, well-executed attacks could still place individual users in their crosshairs.
More Mobile Malware
In 2020, 97% of businesses faced threats targeted at mobile devices that had multiple attack vectors. 46% of businesses had at least one employee who downloaded a malicious smartphone app. And perhaps most troublingly, 40% of the world's mobile devices were found to be vulnerable to attack.
There is no indication that any of this has changed. On the contrary, as mobile wallets, mobile payment platforms, and general smartphone use continue to increase, the potential returns for criminals targeting mobile devices grow ever more lucrative. It isn't just ransomware and malware that we need to worry about, either — aside from the fact that most smartphones are nowhere near as private as we'd like to assume, spyware from agencies like NSO Group can be used to monitor our every move.
The "Pinpoint Shotgun" Approach
Typical malware and ransomware infections are frequently the result of a 'fire and forget' approach. Criminals attempt to hurl their malicious software at as many targets as they can. If they even manage to infect one victim out of one hundred, it can still be counted as a win.
In 2022, we're still going to see that same shotgun approach. However, as reported by The Register, it's going to paradoxically be targeted, as well. Security threats like Gootloader, which used search engine optimization to push malicious websites to the top of the search engine results page, may become increasingly common, targeting not just an individual business or victim, but entire demographics.
A New Ecosystem for Ransomware
Not all the news is bad. Over the past several years, we've witnessed several major ransomware-as-a-service distributors brought low. Most recently, BlackMatter announced plans to shut down due to pressure from the authorities — though conveniently, this happened on the tail end of security researchers costing the criminals millions, courtesy of a flaw in the ransomware's code.
The elimination of larger distributors is shifting the balance of power in the ransomware sector. Smaller, self-sufficient groups of criminals are breaking off from large RaaS platforms. While there's a chance this could lead to some frightful innovations in the space, it's equally likely that we'll end up seeing a surge of inexpert, inexperienced ransomware developers in lieu of the more sophisticated attacks we've gotten used to.
Bootkits Make Their Return
Perhaps most notably (and troublingly), 2022 may end up being the year of the bootkit. For the uninitiated, a bootkit is a type of malware that embeds itself deep within an infected operating system, attempting to launch as early in the boot process as possible. In addition to granting the criminal extensive control over the infected system, a bootkit can even delete core drivers and modify system files, all directly under the nose of antivirus software.
This type of attack has never been especially common, owing both to sophistication and the potential to completely brick an infected system. SecureList estimates that the prevalence of Secure Boot will once more make bootkits a necessity for criminals
Security Starts With the Right Software
When it comes to defending against ransomware, knowledge and mindfulness can only get you so far. You also need the right antivirus software. A solution that protects not just your smartphone and PC, but actively monitors your entire network.
A solution like Bitdefender Total Security. Although it has a remarkably light resource footprint, it offers real-time protection against everything from phishing sites to social media fraud to network intrusion attempts. Better yet, it's currently on sale for 50% off, meaning now's the perfect time to subscribe.