By Malcolm Tuck, Managing Director of ESET UK

Cyber threats impact individuals and organisations around the globe every day, and with cybercriminals becoming increasingly sophisticated year on year, businesses are left vulnerable to attack through many different avenues.

To keep businesses abreast of the most critical threats that they face right now, we have taken a look at our own data to highlight the key trends impacting organisations and, using this data, predict the most significant threats we see in the months ahead. Our inaugural ESET Threat Intelligence Index  highlights the most relevant findings for the UK market drawn from the more granular Threat Index Report produced by ESET three times a year.

Escalating conflict puts everyone at risk

The conflict in Ukraine is something that almost everybody will be familiar with, but its impacts are much further reaching than you may realise. In recent months, there has been a surge in nation-state cyber conflict, which has brought cybersecurity into the public consciousness much more than usual, raising anxieties about cyberattacks on a national level.

We already see hacker groups choosing sides and entering the cyber-battlefield guided by their sympathies. As geopolitical tensions remain high, countries whose governments actively support either Ukraine or Russia will likely be targeted with cyberattacks intended to disrupt, cause damage, and steal information.

The biggest threats to UK business

In the final three months of 2021, on average, ESET blocked 4.8 million web threats and 400,000 unique URLs daily, a rise of 2.6% from May-August 2021. The most frequent method was brute-force attacks, which use a systematic approach to break into accounts by calculating all possible combinations for passwords.

Another standard method seen in these months was the exploitation of the ProxyLogon Vulnerability on the Microsoft Exchange Server. ProxyLogon, also known as pre-authenticated vulnerability, gives the attacker a way to avoid any authentication process or log in by impersonating an admin.

The pandemic’s influence on cyberattacks

The move to home working due to the pandemic has brought about the emergence of Remote Desktop Protocol attacks, which are used to specifically target employees using remote access tools from their own homes. Hackers take advantage of the weaker security associated with home networks and target remote endpoints, gaining access to the company’s networks. There were record-breaking 206 billion RDP password guessing attacks in the final third of 2021.

Let’s get serious…

While all cyberattacks impact the victim, some are more serious than others. Ransomware attacks continue to be as aggressive as ever, with 2021 seeing the highest ever ransom ultimatum of $240 million, more than triple the previous record.

The route chosen for the more serious attacks is often through email. We found that detection numbers of email threats more than doubled toward the end of 2021. Email attacks often mimic a well-known company whose email would not come as a surprise to your inbox, and these phishing emails have frequently used DHL and WeTransfer as a lure recently.

Looking to the future

The cyber landscape is looking increasingly threatening, and in our report, we have made a range of predictions about what 2022 may hold. We expect to see more opportunistic campaigns designed to harvest sensitive information from our increasingly connected world. And, as cybercriminals are always looking for new means of detection evasion, we can expect the attacks to become sneakier and sneakier.

The first key trend we anticipate is that the professionalism of ransomware attacks will continue to improve, giving the victimless opportunity to decrypt their data without paying the ransom.

One of the frequent crimes mentioned above, RDP attacks, is here to stay along with our change in working style, giving companies constant pressure to make sure their hybrid working security protocols are robust. Individuals will have to remain alert to what is coming into their email inboxes, as phishing is also going nowhere.

There is a high probability that bigger brands will be leveraged for attacks and current trends, as we saw with the Covid vaccine. We can also expect to see plenty more of the word ‘crypto’ across the rest of the year, with cryptocurrencies’ and NFTs’ massive popularity likely to increase crypto stealers looking to rob people of their funds.

Furthermore, with the conflict in Ukraine not showing any signs of immediate resolution, threats will continue to evolve in volume and sophistication, so it is important to remain vigilant.

Protecting your business

Companies and individuals need to be more aware of the dangers of cybercrimes, and the accessibility hackers have to their personal information.

Educating staff on the attacks cybercriminals commonly use is helpful for any business. There is a reason why hackers continue to use compromised links and infected attachments within emails: it works. Get teams to undertake regular cybersecurity awareness training to add a vital layer of protection for the business.

It is also essential to create fire breaks within the network. There are several approaches to implementing such a strategy, but network segmentation is the most common. It is particularly relevant in the cloud, which has become a fertile hunting ground for cybercriminals.

Similarly, a properly managed backup and recovery program provides a safety net. An all-in approach is needed, though. It is important to backup data and system state on all endpoints, servers, mailboxes, network drives, mobile devices, and virtual machines.

Lastly, timely patching of applications and operating systems closes off potential avenues of attack. An intelligent, multi-platform patch management solution is recommended.

To find out more, head to this link to read our Threat Intelligence Index.