In 2020, the financial services sector was the industry that experienced the most cyberattacks. For years, attackers went after these organizations because they were expectedly lucrative targets.
But in 2021, the financial services sector was no longer the most targeted. Instead, the information technology (IT) and communications sector, including telecommunications providers, software developers, managed security service providers and others, faced the most attempted cyberattacks.
This shift in priority is not surprising for industry experts given the numerous high-profile software supply chain attacks in 2021, including those on SolarWinds, Kaseya and GitLab. Bad actors increasingly see software and developer infrastructure, platforms and providers as entry vectors into governments, corporations and critical infrastructure.
Darktrace’s researchers observed that its artificial intelligence (AI) autonomously interrupted around 150,000 threats each week against the sector in 2021. These research findings are developed based on Darktrace data generated by “early indicator analysis” that looks at the breadcrumbs of potential cyberattacks at several stages before attributing them to any actor and before they escalate into a full-blown crises.
From this analysis, we predict that in 2022 we will see threat actors embed malicious software throughout the software supply chain, including in proprietary source code, developer repositories, open-source libraries and more. We will likely see further supply chain attacks against software platforms and additional publicized vulnerabilities.
Explaining the shift
This increase in attacks on this sector is likely because more companies rely on third-party trusted suppliers to handle their data while it’s in motion and at rest. This cyberattack vector has proven substantially profitable for attackers who focused their efforts on related organizations to get to a target’s crown jewels. This shift means that small- and medium-sized companies are now more likely to experience an attack, even if they are not the end target.
Most recently, the uncovered vulnerability Log4Shell embedded in a widely used software library left billions of devices exposed and prompted the Cybersecurity and Infrastructure Security Agency (CISA) to provide formal guidance.
Unfortunately, many of these libraries are only updated and supported by volunteers, making it easy for vulnerabilities and intentional corruptions to slip through. DevSecOps will be a significant discussion point in 2022 as organizations begin to understand the importance of baking security into applications much earlier in the development process. Risks presented by the dependence on open source will put dev teams front and center.
Email phishing persists
Despite this relevant shift in targets, the most widely used attack method on the IT sector continues to be phishing. Darktrace found that organizations in the industry faced an average of 600 unique email phishing campaigns a month in 2021. These campaigns also matured in sophistication, as most no longer contain a malicious link or attachment, such as the typical ill-intended email.
In 2022, attackers will continue to advance their email attacks to hijack the communications chain more directly. We will see attackers hijack trusted supplier accounts to send spear phishing emails from genuine, trusted accounts, as we saw in the November 2021 FBI account takeover.
Organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices.
Top cyber criminals will use clean emails containing normal text, with messages carefully crafted to impersonate a trusted third party to induce recipients to reply and reveal sensitive information.
Facing software supply chain attacks head-on
As the global software supply chain becomes increasingly interconnected, governments, corporations and critical infrastructure organizations are all at risk of breach not only through their software and communications suppliers but via any security flaw in the extensive global software supply chain.
In the face of this cyber threat, organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices. There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. This year, like 2021, it is increasingly unrealistic for companies to hope to avoid breaches via their supply chains. Instead, they must have the ability to detect the presence of attackers after a breach and stop this malicious activity in the early stages.
If attackers can embed themselves at the beginning of the development process, organizations will have to detect and stop the attacker after they have gotten through. This problem calls for cyber defense technology that can spot vulnerabilities as threat actors exploit them.
This threat reinforces the need for security to be integrated earlier in the development process and the importance of quickly containing attacks to prevent business disruption. Since these are multistage attacks, organizations can use AI at every step to contain and remediate the threat.