Chris Swagler | December 1st, 2022

There’s always one certainty in the cybersecurity world: breaches will continue to occur. It’s an unavoidable constant in an industry that spent about $150 billion globally this year without stopping threat operators. This year has seen Russian government threat actors aiming at Ukraine; more ransomware against hospitals, schools, and government; a never-ending series of expensive crypto breaches and high-profile breaches of companies, including Microsoft, Nvidia, and Grand Theft Auto maker Rockstar Games, carried out by teenagers. Here are some trends people are expecting to see in the coming year:

Russia Continuing Online Operations Against Ukraine

The Russian invasion of Ukraine was this year’s significant cybersecurity story. The industry switched its attention to the embattled country, which had been targeted by Russian government groups multiple times. One of the first was directed against Viasat, a United States satellite communications company utilized by civilians and troops in Ukraine. According to Ukraine’s defensive cybersecurity agency, the breach caused massive losses in communications at the beginning of the war. Additionally, wiper malware, malicious computer code designed to destroy data, was used in at least six attacks against Ukrainian targets.

Furthermore, Ukraine has been working on its cyber defenses for years, having received international support when the war began. An intriguing twist in the digital warfare between Russia and Ukraine was the formation of the IT Army, a decentralized global cyber coalition that scored several big breaches, demonstrating that future war can be fought by breach activists.

Ransomware Attacks Increasing

Aside from the usual companies, hospitals, and schools, damaging ransomware attacks on numerous governments, including Costa Rica, Montenegro, and Albania all occurred this year. The Costa Rica government declared a national emergency, a first following a ransomware attack. Following a devastating cyberattack, the Albanian government removed Iranian diplomats from the country, a first in cybersecurity history. According to threat intelligence reports, these brands of attacks hit an all-time in 2022 and will likely continue next year.

Fortunately, the ransomware situation is not all negative, and early indicators point to the death of the ransomware-as-a-service model in which ransomware groups rent out breaching tools.

Governments targeted and disrupted REvil and DarkSide/BlackMatter; Conti, a Russian ransomware group, fell apart internally when a Ukrainian researcher outraged by Conti’s public support of the war disclosed internal communications; the LockBit group experienced a code leak. Numerous affiliates are deciding not to be part of a major ransomware group due to having targets on their back, meaning individual threat operators have targets on their backs. Adversaries are realizing they don’t want to be known under a specific name that attracts the United States government or other international partners’ attention. However, the Ukrainian conflict may make international cooperation more difficult. The Russian government declared that it was working with the United States by arresting 14 REvil members, seizing laptops, luxury cars, and more than $5 million. However, the unparalleled collaboration didn’t last because Russia invaded Ukraine.

Crypto Continues to Bring Challenges

Cryptocurrency didn’t merely migrate from ransomware to threat operators in 2022, it flowed directly out of crypto projects and Web3 companies. According to a blockchain tracking company, this year cryptocurrency breaches, which have been occurring since their invention, have become mainstream with threat operators stealing approximately $3 billion in crypto during the year. In the world of cryptocurrency, there are over 100 large-scale victims, websites, and social media accounts dedicated to tracking the breaches that appear to happen every day. Nomad protocol breach was the most significant of them all, in which a threat operator discovered a vulnerability and began draining funds. Because the threat operator’s transactions were public, others observed and simply copied-pasted the exploit, resulting in history’s first decentralized robbery. Threat operators gained access to the server where the crypto exchange Deribit held its wallets, stealing $28 million.

There is some good news in the crypto world. According to a blockchain security company, a huge new wave of cybersecurity professionals will continue to enter the crypto industry and build the infrastructure, tooling, and practices required to execute things in a secure way. A cybersecurity veteran who currently serves as CTO of a crypto wallet app explains that there are building blocks in place to create cybersecurity solutions tailored to crypto and blockchains, implying that the future will be safer. There will be some signs of answers in 2023; however, threat operators may retain the advantage. The organization known as Lapsus$ was one of the most successful threat operators in 2022. The threat operators went after software supply chain suppliers like Okta, which provides identity and access management to other companies. This enabled the threat operators to infiltrate well-known companies, including Microsoft, Nvidia, and Rockstar Games.

Threat operators are always looking for a path of least resistance and some infrastructure providers are among the paths. Supply chain attacks are both present and future because some suppliers, including cybersecurity companies, have a large footprint across numerous industries. Cybercriminals will continue to make a significant impact without having to deploy advanced capabilities. With 2023 approaching, it’s important for companies to remain vigilant of the current threat landscape and utilize strong cybersecurity like SpearTip to prevent future cyberattacks. At SpearTip, our certified engineers are continuously working at our 24/7/365 Security Operations Center monitoring companies’ network infrastructures for potential cyber threats. Our pre-breach advisory services allow us to examine companies’ security posture to improve weak points in their networks. Our team engages companies’ people, processes, and technology to measure the maturity of the technical environment and provide technical roadmaps ensuring companies have the awareness and support to optimize their overall cyber security posture.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.