2022 year of innovative mobile malware

Cyber ​​attacks were often in the news again in 2021. Cyber ​​criminals not only carried out these attacks on large companies, but also on many consumers because of the massive working from home. Read here what we can expect from cybercriminals in 2022 according to G DATA CyberDefense.

Innovative mobile malware
We are using more and more apps to pay, identify yourself or show that you have been vaccinated. According to the G DATA CyberDefense, cyber criminals will respond to this. Furthermore, in 2021 we saw many fake text messages asking to perform a software update. This update actually contained malware. Expectations are that these text messages will also be happening a lot next year as there are plenty of people doing these updates. While apps are usually approved before they can be downloaded to a mobile device, we are seeing rogue apps increasingly get through app store security measures. That’s because the malicious components are not deployed until the app is deployed.
In addition, human behavior will continue to be a challenge in 2022. During COVID-19 we saw many text messages that supposedly came from, for example, Postnl or DHL. The message stated that you had to pay import costs or shipping costs and then the package would be delivered. The cyber criminals then lured victims through a link to a fake website and in that way withdrew money from their bank account. That is why G DATA CyberDefense will continue to focus in 2022 on structurally training people to prevent this and to insist on installing a mobile security solution.

Ransomware targeting supply chains
G DATA CyberDefense expects that by 2022, cybercriminals will increasingly carry out ransomware attacks on supply chain. The threat is increasing because parties within their chain are sharing more and more information with each other due to increasing digitization, globalization and outsourcing. This is necessary for the chain to function efficiently, but it also creates risks. A supply chainattack means that one company is attacked via another company in the chain.

Attacks on critical infrastructure
In 2022, the infrastructure of countries will also be increasingly attacked, such as gas and electricity companies, public transport, healthcare, finance and water companies. The number of attacks on critical infrastructure will increase in globally leading countries such as the US, UK, Germany and France. Moreover, fossil resources are becoming increasingly scarce and the demand for energy is increasing because the world population is growing and prosperity is increasing. Terrorists and organized crime know this better than anyone and will exert influence through sophisticated attack methods.
As companies continue to digitize, the targeted attacks on their critical infrastructure will also increase. In this way, cyber criminals gain access to sensitive databases and companies can come to a complete standstill. These attacks will sometimes come from direct competitors, who in this way try to improve their competitive position.

Social engineering remains very useful for cybercriminals
While defense mechanisms against malicious software have improved and continue to evolve, attack methods will also become more sophisticated in the future. This inevitably means that weak spots in the defense strategy will be thoroughly investigated. Cyber ​​criminals will therefore also start targeting the misinformed end-user in 2022 and will focus more on social engineering. Social engineering is the manipulation of human behavior by using influencing principles. It is therefore wise for organizations to train their employees better, so that the chance of human errors can be significantly reduced.

Small and medium-sized companies are increasingly victims
Small to medium-sized companies will continue to be victims of cybercrime more and more in 2022. Smaller companies often mistakenly believe that they are not interesting enough to be hacked. Cyber ​​criminals know that smaller companies are often less secure and see this as an opportunity to make quick money. Many of these cyber attacks involve phishing and human behaviour. It is positive, however, that smaller companies are increasingly making the necessary preparations to prevent cybercrime.