2021 started with a bang, just the first 6 months saw some of the largest and most harmful cyberattacks ever witnessed, such as SolarWinds and the attack on the Colonial Pipeline. These gave us a small taste of how the rest of the year would go, as attackers continued to attack vulnerable organisations and introduce us to their new and improved tactics. JBS Food fell victim to a cyberattack, a hacker attempted to change the pH levels at a water treatment facility, online learning was impacted in the UK when schools in the Isle of Wight were hit, and the Kaseya hack impacted approximately 1.5k businesses. And these are only a few of the incidents seen this past year. Threat-actors have targeted hospitals, schools, even charities, demonstrating their ruthlessness as they become increasingly sophisticated and dangerous.
Reflecting on the past year
While other industries have struggled as the COVID-19 pandemic continued throughout 2021, the cybersecurity industry has been in high demand as businesses have recognised how online activity has increased from both an employee and consumer perspective. Organisations have scrambled to buy the newest solutions, without really knowing what they’re for, in an attempt to protect themselves and their employees. In some cases, stronger security measures have been successfully implemented in many organisations, to protect against vulnerabilities, but there is still a long way to go in terms of securing accounts and passwords, which have posed a serious blind spot for many industries.
Passwords themselves create a substantial cybersecurity gap, as we saw with various breaches this year. For instance, the Authlogics Password Breach Database tells us that, in October 2021, data reportedly from the website coffeefads[.]co[.]uk was posted on a popular hacking forum. The data contained emails, names, and hashed passwords, providing threat-actors with an easy and legitimate gateway onto the company’s servers. There were over 8700 compromised passwords, which we were able to recover in plain text. Even worse, a mobile parking app (ParkMobile) suffered a data breach in March, during which 20,949,825 passwords were compromised.. Another example found on our database in 2021 was a breach exposing 1.4 million unique customer email addresses from customers on MeetMindful, an online dating service. This exposed a vast amount of sensitive information including geographical locations, IP addresses, and passwords stored as bcrypt hashes. Shockingly, 1,422,717 passwords were compromised on this platform – no wonder malicious actors found a way to access the servers and extract valuable information. These are just a few examples amongst thousand others, which underline the importance of secure account management and good password practices. Threat actors don’t discriminate amongst their victims. Essentially, no one is safe and a lack of multi-factor authentication or adequate security besides passwords, leaves accounts unsecured and puts individuals and entire businesses at risk of breach.
Now that 2021 is coming to an end, it is time to start looking ahead and prepare for the advancing threat-landscape and the dangers it could bring. Which existing trends will accompany us into the new year? Will they evolve? Will we see any news trends that may be somewhat unexpected? Of course, we cannot see into the future with 100% clarity, however it’s important to consider what trends will stick around in order to prepare for the worst-case scenario and not get caught with our pants down.
What’s in store for 2022?
Rise of Ransomware: If you thought ransomware was big in 2021 you’ve seen nothing yet. We should expect to see not only more large public attacks like we saw with the Colonial Pipeline, but also many more small, targeted attacks on specific verticals – in particular healthcare and pharmaceuticals.
Vaccine Vulnerabilities: The continuing mainstream and social media hysteria together with the ever-changing government rules over Covid-19 and vaccines has created a perfect environment for bad actors to trick and manipulate people into giving away their private, even medical, information.
Continuation of Compromised Credentials: A lack of awareness and training leaves victims vulnerable as they often don’t know what to look for when attempting to identify a phish. Threat-actors no longer suffer from bad grammar and poorly constructed email addresses, and phishing attacks are becoming almost impossible to spot. As a result, hackers have never been so successful in manipulating their victims into handing over legitimate login credentials. They may as well be holding the door wide open for someone seeking easy, unauthorised access.
Steven Hope, our CEO and co-founder believes that: “despite many viable alternatives, passwords will still dominate as the primary login method, at work, and at home. Unfortunately, legacy password policies and bad personal practices will most certainly continue.” With this in mind, the pandemic has shown us that there is no need for employees to work from their offices full time. As a result, employees will be seeking out more flexible work arrangements, which paired with the uptick in account breaches and password leaks, will slowly increase the demand for multi-factor authentication across organisations.
Cryptocurrency Corruption: On another note, cryptocurrencies will also continue to make major waves in 2022. We believe they will disrupt traditional institutions and find their place in daily life. The waves will be large with continuing volatility in the short term; consequently, there will be more disparity between the ‘winners’ and ‘losers’ when it comes to stocks and trading. As a result, we will see much more “market-making”, media, and technical attacks on Bitcoin and Ethereum as they further mature and develop. However, we should expect these not only to survive into the new year, but to thrive. An example of this is the El Salvador experiment, which potentially gives us a glimpse into how cryptocurrencies will play a part in all our futures – for better or worse, whether the respective government likes it or not. In addition, newer currencies such as “Fedcoin” and “Britcoin” will continue to occupy the media and attempt to move focus off of decentralised crypto currencies; although this will be all talk, with no real functional outcome
Metaverse Domination: On a more personal level, in 2022 as more people become aware of the Metaverse, somebody in your friendship circle may have heard of it, while another may be able to speak a bit about what it is and what it’s for, but nobody will be able to explain how 15-year-olds are making millions from it.
It’s not about “if” but “when”: Ultimately, uncertainty will be an unfortunate theme that will follow us into 2022, which will continue to be present in the news. We need to be prepared for anything and everything and make sure we have the right security measures in place to protect our valuable assets and information.
We believe that those who limit social and mainstream media, ditch using passwords, and buy some Bitcoin will be happier and better off by next Christmas.
Authenticate with Authlogics in 2022, with or without passwords – we’ve got you covered!
[email protected] | +44 1344 568900