Evolving cyber threat tactics keeping businesses and individuals alike on their toes

The expanded attack surface caused a massive increase in cyber threats. New industries, platforms, and processes have been targeted by the miscreants

Soma Tah
New Update

Soma Tah & Ashok Pandey


The burgeoning cybercrime marketplace offering Cybercrime-as-a-Service has not only made it easier for even less technically-minded criminals to engage with cybercrimes, it created a perfect breeding ground too for malicious actors and organized cybercrime groups to exploit unsuspecting businesses and individuals 

From 2020 onwards, when the lines between digital and physical worlds started blurring increasingly by the growing adoption of digital during the pandemic, cyberattacks on critical infrastructure and cyber security failure have also started emerging as top risks globally.  

The expanded attack surface caused a massive increase in cyber threats. New industries, platforms, and processes have been targeted by the miscreants leaving consumers as well as businesses alike at risks of being held hostage.  


The growing business model of Cybercrime-as-a-Service makes malicious activities more affordable and easily accessible for anyone, while the increasing sophistication of tools makes detection and prosecution of cybercrimes even more difficult.  

Surfshark’s study revealed that 4 in 1M Indian internet users have been a victim of cybercrimes in 2020, ranking India 10th in the world in terms of cybercrime density. The FBI received almost 3,000 complaints during the year from India, ranging from romance scams to ransomware attacks.  

In its global incident response analysis for the first half of 2021, Accenture Security found that there’s a triple digit increase in intrusion volume driven by three trends-  1) global uptick in web shell activity by way of nation-state and cybercrime actors alike, 2) targeted ransomware and extortion operations and 3) supply chain intrusions.   

How threat actors and the expanded attack surfaces are likely to hurt us in 2022?  

Although Financial services, Government, ICT, Manufacturing, Healthcare, and Education have been the most targeted industries during the pandemic, but as the pandemic starts to subside and the world returns to normal, it can turn the spotlight again on ‘dormant’ industries such as Consumer Goods & Services, Industrials, Travel & Hospitality and Retail—already reeling from lockdowns and staff shortages.  

The continuing work from home trend with an unprecedented number of people working remotely, will also leave the company's doors exposed to cybercriminals. Nathan Wenzler, Chief Security Strategist, Tenable said, “Remote work has become the perfect ongoing distraction for attackers to build social engineering attack campaigns around. After all, only one-third of remote workers strictly follow their organization’s security guidelines, and they have an average of eight devices connecting to their home network, creating plenty of targets of opportunity for attackers to take advantage of. All it takes is one employee falling victim to a single, well-crafted social engineering stunt, which makes end users the perfect target for today's adversaries who are aiming for access to corporate networks, databases, and other valuable assets.”  

Screen Shot at . . AM


Despite the global pandemic, cybercrimes continued to thrive. Ransomware wreaked havoc in 2021- not only by increasing the frequency of assaults, but by increasing the amount of ransom demands also.  CrowdStrike’s 2021 Global Security Attitude Survey revealed that Indian firms suffered more ransomware attacks than any other country in 2021, and accounted for the highest average extortion fee payment ($1.128 million) on top of ransom.  


It is likely that instances of worldwide ransomware attacks will continue to increase in 2022 targeting crucial data/infrastructures. Mandiant forecast says that In 2022, threat actors are likely to ramp up new tactics, such as trying to recruit insiders within their victims or targets. We can also expect to see more cybercriminals punishing victims that hire professional negotiation firms to help reduce the final amount of the extortion payment.   

Jakub Kroustek, Malware Research Director, Avast said, “Cybercriminals delivering Ransomware-as-a-Service (RaaS) will strengthen affiliate models to better target enterprises, including adding Linux-specific ransomware, greater rewards and extending extortion layers.”  

An entire underground economy being built around the business of data exfiltration and extortion. Mike Sentonas, CTO, CrowdStrike said, “We’re seeingData-shaming websites popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and  find other ways to gain access to the data to sell for a profit anyway. This year we spoke about the rise of the double extortion ransomware model where adversaries demand one ransom for the return of data and another to ensure that data is not leaked or sold. This double extortion ransom model will grow in sophistication in 2022.”   



Alongside Ransomware, Phishing also continues to be one of the most common cybercrimes globally. According to the Verizon 2021 Data Breach Investigations Report, phishing attacks were connected to 36pc of breaches, and increased by 11 percent which in part could be attributed to the COVID-19 pandemic. Threat actors have been observed tweaking their phishing campaigns based on what’s making the news at any moment in time.  

Social Engineering- Deepfakes and Romance Scams:


Researchers say that audio deepfakes will be increasingly utilized in spear-phishing attacks, such as impersonating a senior executive or other employee/trusted contacts to persuade someone to allow them access to sensitive data or a company network. Deepfake identity thefts are more difficult to detect as fraudsters falsify identity documents and/or imitate a victim's voice on the phone to get around verification steps. They can gain access to devices that collect data using biometrics, especially facial recognition. They collect audio, video, and photo samples from social media/mobile phones to feed into the AI.  

While we are talking about complex threat vectors, it might sound surprising that many cyberattacks rely on less technically demanding techniques. Romance scams, for example, have boomed during the COVID-19 pandemic, when many people felt lonely and isolated and looked for love online. A romance scam, also known as an online dating scam, is when a person gets tricked into believing they’re in a romantic relationship with someone they met online, while their cyber sweetheart is a cybercriminal using a fake identity to gain enough of their victim’s trust to ask them for money. According to the FTC, the reports of the online dating scams have nearly tripled in the past years. In 2020 alone victims lost around $304 million from being swindled by their cyber sweetheart.   

Exploiting Open Source vulnerabilities:

Rohan Vaidya, Regional Director- India, CyberArk said, “In 2022 we can expect attackers to continue looking for new ways to compromise open source libraries. Digital economy runs on open source software (OSS) - it’s flexible, scalable and harnesses collective community power to spark new innovations. But countless open and free OSS libraries also mean a dramatically expanded attack surface and a way for threat actors to automate their efforts, sidestep detection and do more harm.”  

Log4j exploits, of late, have become a security concern already by impacting almost half of all companies worldwide. The humble open source Apache Java logging library is used in many Internet services and apps with over 400,000 downloads from its GitHub project. Attackers are able to exploit vulnerable apps to execute cryptojackers and other malware on compromised servers. Until now, most of the attacks have focused on the use of cryptocurrency mining at the expense of the victims. However, advanced attackers have started to act aggressively and take advantage of the breach on high-quality targets, warns Check Point Research.  


Since cryptocurrencies have garnered a lot of interest from the retail investors, researchers also foresee continued use of crypto-mining malware, cryptocurrency wallets/exchange-related frauds in 2022. For example, researchers at the Lookout Threat Lab have identified over 170 Android apps, including 25 on Google Play, scamming people interested in cryptocurrencies by offering cloud-based mining services. They scammed more than 93,000 people and stole at least $350,000 between users paying for apps and buying additional fake upgrades and services.   

Cyber Espionage and Cyber Warfare:

Cyber spying and attacks are part of modern warfare. As the geopolitical tensions grow due to the Russia-Ukraine crisis, we might see more cyber espionage, warfare, and zero-day attack tactics globally. Securonix Threat Labs has seen a significant increase in cyberthreats- MuddyWater, HermeticWiper and SandWorm are actively being used to launch cyberattacks, including DDoS attacks targeting financial institutions, cyber espionage campaigns and infrastructure. Coming to cyber espionage, India, in fact, is among the top 5 targets for cyberattacks in the APAC region, particularly security breaches that involve cyber espionage, revealed Kaspersky’s findings. Its bustling economy and expected growth are among the key reasons for the elevated level of threat it faces. 

Concerns are reasonable and valid, according to Sandra Joyce, EVP, Head of Mandiant Intelligence. “Russia has twice turned off power to Kyiv in the middle of winter, they have carried out a global destructive attack that froze global shipping and vaccine production, and they have even fielded tools to target critical infrastructure technology that could have fatal consequences,” wrote Joyce in an official blog post. “This isn’t just a Ukraine problem. In fact, we believe that after attacking US and French elections, Western media, the Olympics, and many other targets with limited repercussions, Russia is emboldened to use their most aggressive cyber capabilities throughout the West. While they are unlikely to engage the West in combat, these tools give Russia the means to aggressively compete with others without risking open armed conflict. Should US and allies deploy sanctions in the event of a full invasion, the risk of this only increases,” wrote Joyce. 

Also Read:

open-source accenture cyber-threat cyber-attacks ransomware malware tenable avast securonix mandiant cyberark cyber-warfare cryptojacking cyber-espionage phishing norton cybercrime