Cybercrime Trends 2022: How to prepare for the updated risk landscape

In 2019, the total cost of cybercrime stood at more than $1 trillion. And in 2020, this costly trend is set to accelerate as the unprecedented shift to remote working has opened up endless new avenues of attack. After all, along with remote working came:

  • An ever-expanding number of endpoints
  • The expedited adoption of the cloud 
  • An ever-growing number of critical applications operating online

There’s no question that during this year we’ve experienced a period of exceptionally rapid change to the risk landscape. Naturally, more sensitive and personal data floating around in the digital sphere translates into more new attack opportunities and forms of cybercrime. As the landscape continues to evolve at lightning speed in the coming year, the ongoing changes will require equally rapid adaptation on behalf of cyber security experts — and everyone else.  

With 47% of the UK workforce working from home and flexible work patterns expected to continue, it’s time to take a serious look at the new cyber threats that have arisen. In this article, we will explore some of the top cybercrime trends we expect to see in 2022 and explain how you can prepare your systems for this updated risk landscape.

Suggested reading: To make sure you are prepared, use our free assessment to identify weaknesses in your cyber security posture: Cyber Security and Threat Management Toolkit.

Identify Strengths & Weaknesses Toolkit

1. New types of cybercriminals

In today’s digital landscape, it’s increasingly possible for less sophisticated attackers to carry out more sophisticated cyber attacks. On the Dark Web, novice cybercriminals can now purchase malware-as-a-service, which enables them to deploy advanced denial of service (DoS) attacks that they would otherwise be incapable of performing. In 2020, a meagre 4% of attacks required the attacker to take more than four actions. This serves as supporting evidence that the majority of attacks are at least partially automated and therefore increasingly easy for malicious attackers to deploy.

How you should respond 

The best way to stop common threats — including DoS and DDoS attacks — in their tracks is to partner with a managed detection and response service (MDR). Adding a managed service to your existing endpoint capabilities — such as Microsoft Defender for Endpoint — enables you to build in cyber incident management, prevention and analysis. The right managed service provider (MSP) can also provide expert advice on emerging cybercrime threats, keeping you apprised of new details as soon as they come to light.

2. COVID-themed attacks

COVID has been the topic of the year, so it’s no surprise that hackers are taking advantage of the number-one global issue on most people’s minds — around a quarter of all coronavirus-related domains have been found to be malicious or fraudulent. 

A significant number of COVID-themed attacks involve phishing emails that impersonate government organisations, such as the World Health Organisation or national health authorities. Others have tried to capitalise on government stimulus packages — victims might receive fraudulent but targeted emails prompting them to click a malicious link to sign up for what looks to be an official scheme. Google/Gmail reports seeing 18 million COVID-related malware and phishing emails each day, in addition to over 240 million COVID-themed spam messages.  

Research by Microsoft revealed a dramatic uptick in these COVID-themed attacks, spiking with the lockdown measures that came into place in March 2020.   

Instances of COVID-themed malware in the UK 


Although these types of attacks have persisted throughout the year, the figures have never reached the levels we saw in March. But we can expect to see them continue as long as the health crisis does, and it’s possible that we will see an increase now that we’re in lockdown 3.0. 

It’s interesting to note that the number of unique malware threats has remained far lower than the total number of encounters — essentially, a relatively consistent number of attackers seemed to be scaling their attacks up during the most profitable times.

So, while the prevalence of COVID-themed malware does seem to be decreasing, it remains an ongoing threat — and one that businesses should continue to keep their eyes on in 2022.

How you should respond 

First, responding to COVID-themed cyber threats means educating and raising awareness throughout your organisation. Although your employees are likely already aware of the basic coronavirus cyber threats, it’s essential to encourage them not to let their guards down, as well as update them on any specific emerging threats that come to light. Second, two-factor authentication, strong passwords and regular software updates are key, as is strong endpoint security. But getting the most from the cutting-edge platform requires extensive in-house security expertise or a partnership with a trusted Managed Security Provider.

Suggested reading: If you want to learn more about endpoint security and MDR, check out our guide — How to Build a Better Cyber Security System Today

3. More spear phishing, malware and ransomware

Phishing, malware and ransomware have been growing problems throughout the previous years. But in 2020, we’ve seen a sharp rise in the number of campaigns deployed to steal credentials and scam users out of money. Scamming and brand impersonations account for 88% of these attacks

In particular, the more frequent use of ransomware — a form of malware — is cause for particular concern as we move into 2022. Because of the vulnerabilities associated with remote working, decreased network defences and the leveraging of coronavirus as a lure, the number of ransomware attacks looks extremely likely to increase over the next 6 to 12 months.

We’ve also seen a shift in ransomware attack trajectories. Rather than simply encrypting a network as leverage for ransom, 83% of ransomware attacks in 2020 involved leaking sensitive data online to extort even more money from victims. 

Suggested reading: CNS Cyber Intelligence Report 19/06/202

Ransomware poses a risk to organisations of all sizes — the average size of UK firms targeted by ransomware in 2020 was 100 employees. All industries are also affected, but the five most-targeted sectors last year were:

  1. Retail and manufacturing
  2. Legal and accountancy
  3. Online technology and telecoms
  4. Finance, insurance and credit
  5. Utilities

In 2020, the three most common methods that ransomware groups used to gain access to networks were:

  1. Phishing: Attackers often use topical emails, as these serve as the most effective lures. As we’ve discussed, this year, many malicious actors benefited from using coronavirus-themed content.
  2. Remote Desktop Protocol (RDP): Malicious actors often use publicly available capabilities to search for externally facing and unprotected RDP servers. Once these servers are located, attackers use brute force attacks to gain access. Between February and April 2020, a significant increase in the number of RDP brute force attacks was observed — in the United States, the number of attack attempts increased seven-fold.
  3. Software vulnerabilities: Malicious actors regularly use unpatched vulnerabilities to gain direct access to networks. 

Since mid-July 2020, there has been a sudden and sharp uptick in Emotet phishing attacks on UK and US organisations. Since October, Emotet attacks have been considered the most active strain of malware in the world and therefore pose a significant threat to organisations as we move into 2022. 

Suggested reading: CNS Cyber Intelligence Threat Report 07/10/20 

How you should respond 

It’s essential to educate employees about the dangers of downloading suspicious attachments — most malware and ransomware, including Emotet and secondary payloads, can only work when a user in your network makes a judgement error. Meanwhile, preventing RDP attacks usually means disabling internet-facing RDP when possible, creating stronger passwords and backing the passwords up with additional measures, such as security analytics (which help with crime threat assessment) and multi-factor authentication. 

To prevent Emotet attacks, it’s also vital to keep your endpoints up-to-date with the latest Microsoft patches — the deployment of secondary payloads often relies on specific Windows vulnerabilities, including EternalBlue. Of course, the best security software can block and detect Emotet in real-time — this means that working with a managed detection and response (MDR) partner can be an extremely valuable investment. 

In fact, managed services that provide detection and response capabilities and help you get the most out of your endpoint cyber security technology can be a massive help in all of these areas — this way, experts are always on-hand to advise you on the best steps to keep your business secure.

Suggested reading: Four Ways Strategic Partnerships Improve Cyber Security 

4. IoT vulnerabilities

As of 2020, there were an estimated 30 billion IoT connected devices globally, and this number is set to continue growing throughout the coming decade. More IoT gadgets mean more endpoints for attackers to target — in 2019, cyber attacks on IoT devices surged by 300%. Unfortunately, devices within the IoT ecosystem are a particularly easy target for attackers, and as more businesses embrace IoT endpoints, new vulnerabilities and security challenges will inevitably arise. 

One of the reasons that IoT devices are such an easy target is that many don’t receive regular security updates, nor do many users take care to change/update passwords. It’s also common for organisations to deliver firmware updates for a short duration before forgetting about vulnerabilities when a fresh device is launched. However, both outdated software and hardware expose users and networks to costly attacks. It sounds simplistic, but one of the best ways to protect against these threats is to update all devices and passwords regularly.

Although the data associated with IoT devices is typically stored in the cloud and these devices don’t have user interfaces or operate in the same way as computers or smartphones, ransomware and malware still pose significant threats to IoT devices. Ransomware can restrict a device’s functionality, as well as steal personal data. More recently, attackers have sought to combine ransomware and malware strains to form a distinct type of attack. For example, some malicious actors gain access to Internet Protocol security cameras to capture vital information and extract data by utilising a series of locations.

How you should respond 

To resolve IoT vulnerabilities and protect attacks, it’s vital to update and authenticate software and IoT devices regularly, change passwords and other credentials frequently, and keep up-to-date with the latest IoT security vulnerabilities, breaches and threats. The right strategic partner can help you detect and remediate threats, as well as provide valuable, industry-specific insight into the types of breaches that pose the greatest threat to your devices and network.

You don’t have to face these threats alone

Remember, cyber security is a journey, not a destination. That’s why it’s crucial to have the right people working alongside you, every step of the way. As we’ve stressed throughout this article, even the best technology cannot solve your problems on its own. Think of tech as a vehicle. It’s capable of getting you where you want to go, but first, you need a human to operate it. You need experts on your team who can steer the tech in the right direction.

Because cyber-threats aren’t passive, your defence must be both active and agile. Working with an MSP can help you gain greater control and transparency over your journey while overcoming the cyber security skills shortage problem. At Six Degrees, we provide managed response services, offering you reliability, flexibility and 24/7 access to the expertise your organisation needs to keep your networks and data secure in 2022 and beyond. 

A full-service solution like Six Degrees will: 

  • Mitigate the cyber security risks associated with maintaining a remote workforce.
  • Reduce attackers’ ability to expand cyber attacks across your network infrastructure.
  • Minimise the risk of a data breaches, protecting your organisation’s finances, operations and reputation.

Want to learn more about how we can help you on your cyber journey? Feel free to get in touch!

cyber security threats CTA

Subscribe to the newsletter today

Related posts

How to Prepare for the Digital Operational Resilience Act (DORA)

How to Prepare for the Digital Operational…

The Digital Operational Resilience Act (DORA) entered into…

How to Make the Most of Your Copilot for Microsoft 365 Licences

How to Make the Most of Your…

Copilot for Microsoft 365 has been available to…

Harnessing Fixed and Wireless 5G Connectivity

Harnessing Fixed and Wireless 5G Connectivity

Wireless 5G connectivity is a real game-changer, reshaping…