Recreational hackers are criminals whose sole career objective is to compromise it infrastructures.

Every year hackers grow in numbers, aggressiveness, organization, and sophistication. And every year there are new attack types and new areas of IT infrastructure that cybercriminals target. 2022 is no different. We are about a third of the way in already and IT pros and security specialists already have their hands full with new attacks and new issues.

Gartner advises IT pros of all ilks to be on guard. “Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities,” said Peter Firstbrook, research vice president at Gartner. “The pandemic accelerated hybrid work and  the shift to the cloud, challenging CISOs to secure an increasingly distributed enterprise—all while dealing with a shortage of skilled security staff,” argued the Insight giants in Gartner Identifies Top Security and Risk Management Trends for 2022.

Here are eight things security experts advise you to be on alert for.

1. Russian Cyber Attacks

Earlier this year, Goldman Sachs economists warned of potential attacks from Russian cybercriminals particularly targeting energy, financial services, and transportation in the US. These attacks could not only cause billions of dollars in infrastructural and economic damage, but they can also bring critical aspects of the economy and societal infrastructure to their knees.

These warnings actually happened before the invasion of Ukraine. Now, given that wrinkle, the threat of Russian attacks against U.S. infrastructure has multiplied.

2. IoT, the Forgotten Security Concern

The internet of things (IoT) continues to be a network security issue, in part because there are so many of these devices, and because they are not fully understood and not all see them as part of the attack surface. “The vast and ever-growing network of online, connected devices encompassing everything from industrial machinery to connected cars and smart home appliances. It’s predicted that there will be over 27 billion of these devices by 2025, creating an unprecedented number of opportunities for cyber-criminals,” argued Forbes in its article The Biggest Cyber Security Risks in 2022.

3. Ransomware Ugly Head Rears Higher

Ransomware certainly is not new. What is new is that it's getting worse, more widespread, increasingly devious, and dangerous.

In fact, Experian believes that AI will drive smarter and more insidious ransomware attacks.

Meanwhile Cybernews.com, in its Top Cybersecurity Threats of 2022 Report, argues it is not always a good idea to pay off the ransomware creeps. “There has been much debate over the effectiveness of paying a ransom between pundits. While many insurance companies opt for paying, experts suggest that such decision does not only fuel cybercrime, but also doesn’t guarantee the return of data,” the site advised.

Instead, stop ransomware from happening, or have ways of protecting the data so even if it is encrypted, there are current backups that are not frozen or corrupt. “It is like a burglar going through the neighborhood—they are not going to attack a house that probably has bars on the windows as much as the one that looks like a much easier target to penetrate,” Jack O'Meara from Guidehouse told CyberNews.

4. Attack Automation and Fraud-as-a-Service

With so many attacks it certainly appears that hackers never sleep. And indeed they don't—at least, their attacks never take a snooze. More and more attacks are automated and various attack styles are available for download or even as a service. One area credit services firm Experian is interested in is fraud-as-a-service. Here, threat actors monetize their fraudulent exploits by turning them into a cloud service that cybercriminals can simply subscribe to.

These can even include AI-style features such as voice bots which impersonate businesses and embark on social engineering exploits in robotic fashion. “The boom in this type of threat created additional issues, as it minimized the number of skills needed from a malicious actor to conduct criminal activity,” Experian cautioned.

With automated attacks and hacking as a service, criminals need virtually no skills at all in order to wreak real havoc.

Experian believes that this year “a large portion of fraudulent transactions will be submitted by legitimate consumers who are being socially engineered to not only provide data, but to use their own devices to submit what they believe are legitimate transactions,” the Experian 7 Fraud Trends and Predictions for 2022 blog warned.

5. Your Attack Surface is Growing

As your network expands and applications and devices increase, your attack surface likewise grows. “Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more have brought organizations’ exposed surfaces outside of a set of controllable assets,” argued Gartner Identifies Top Security and Risk Management Trends for 2022.

6. More People are Now Security Decision Makers

We've talked about the burgeoning complexity of your network and all the applications and devices it hosts. In the meantime, we've seen business units take more control over their IT decisions, often acquiring solutions and managing them themselves. Not only are the attacks surfaces growing but there are very specific attack surfaces that IT does not necessarily understand.

That has led to a fairly radical decentralization and security-based decision making, Gartner argues. “Enterprise cybersecurity needs and expectations are maturing, and executives require more agile security amidst an expanding attack surface. Thus, the scope, scale and complexity of digital business makes it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organization units and away from a centralized function,” the research house said.

This has also changed the role of the CISO to a higher level and more strategic post. “The CISO role has moved from a technical subject matter expert to that of an executive risk manager,” said Peter Firstbrook, a Gartner research vice president. “By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs and other business leaders to make their own informed risk decisions.”

7. Hybrid Work a Hacker Field Day

The COVID pandemic created a radical shift to remote and hybrid work creating unique and serious challenges for its security professionals. Many of these remote or hybrid devices are not managed by it, and of course they connect to it from outside of the network. This not only expands the attack surface, but many of these devices and the networks they use to connect have little or no protection.

“Threat actors could start to target the homes and personal networks of top executives or even government officials, as these networks are easier to compromise than traditional enterprise environments,” argued Security Magazine in its 4 Cybersecurity Threats That Organizations Should Prepare for in 2022 blog.

Phishing is more prevalent and dangerous in hybrid work scenarios. “The line between personal and professional has been blurred, with employees using home devices for work or corporate devices for personal tasks. This will continue, and it’s likely there will be an increase in phishing attacks targeting both corporate and personal email accounts, doubling attackers’ chances of a successful attack,” Security Magazine argued.

8. Be Prepared

Forbes interviewed Equifax CISO Jamil Farshchi who should know a thing or two about breaches. After all, Equifax was hit with one of the world’s largest breaches in 2017. A whopping 148 million Americans had their data compromised, including their names, home addresses, dates of birth, phone numbers, and social security and driver’s license numbers. In short, everything a hacker needs for identity theft. 

Like the growing threat of Russian state or state-inspired hacks, the Equifax breach was blamed on the Chinese military.

For Farshchi, preparedness is key. "If you've been through the steps to prepare, you can adapt in your muscle memory and respond. I grew up in Iowa—we get a lot of tornados there … and you practice and prepare for them. Then fast forward to college, when I was there, and there were tornados all over the place. When you looked around, you could tell which [classmates] had grown up in the Midwest and which hadn’t … they knew what to do,” Farshchi said in the Forbes article The Biggest Cyber Security Risks in 2022. “I was in a different circumstance—I wasn’t back in Iowa, but I knew how to respond, and I think the same thing applies here. If organizations go through the steps and they practice with their board and executives, then when bad things happen … you’re able to lean in and solve them in a very rapid fashion.”

A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.

A cyber attack can be launched from anywhere by any individual or group using one or more various attack strategies.

People who carry out cyber attacks are generally regarded as cybercriminals. Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks. They can also belong to a criminal syndicate, working with other threat actors to find weaknesses or problems in the computer systems -- called vulnerabilities -- that can be exploited for criminal gain.

Government-sponsored groups of computer experts also launch cyber attacks. They're identified as nation-state attackers, and they have been accused of attacking the information technology (IT) infrastructure of other governments, as well as nongovernment entities, such as businesses, nonprofits and utilities.

Why do cyber attacks happen?

Cyber attacks are designed to cause damage. They can have various objectives, including the following:

Financial gain. Most cyber attacks today, especially those against commercial entities, are launched by cybercriminals for financial gain. These attacks often aim to steal sensitive data, such as customer credit card numbers or employee personal information, which the cybercriminals then use to access money or goods using the victims' identities.

Other financially motivated attacks are designed to disable the computer systems themselves, with cybercriminals locking computers so that their owners and authorized users cannot access the applications or data they need; attackers then demand that the targeted organizations pay them ransoms to unlock the computer systems.

Still other attacks aim to gain valuable corporate data, such as propriety information; these types of cyber attacks are a modern, computerized form of corporate espionage.

Disruption and revenge. Bad actors also launch attacks specifically to sow chaos, confusion, discontent, frustration or mistrust. They could be taking such action as a way to get revenge for acts taken against them. They could be aiming to publicly embarrass the attacked entities or to damage the organizations' reputation. These attacks are often directed at government entities but can also hit commercial entities or nonprofit organizations.

Nation-state attackers are behind some of these types of attacks. Others, called hacktivists, might launch these types of attacks as a form of protest against the targeted entity; a secretive decentralized group of internationalist activists known as Anonymous is the most well known of such groups.

Insider threats are attacks that come from employees with malicious intent.

Cyberwarfare. Governments around the world are also involved in cyber attacks, with many national governments acknowledging or suspected of designing and executing attacks against other countries as part of ongoing political, economic and social disputes. These types of attacks are classified as cyberwarfare.

How do cyber attacks work?

Threat actors use various techniques to launch cyber attacks, depending in large part on whether they're attacking a targeted or an untargeted entity.

In an untargeted attack, where the bad actors are trying to break into as many devices or systems as possible, they generally look for vulnerabilities that will enable them to gain access without being detected or blocked. They might use, for example, a phishing attack, emailing large numbers of people with socially engineered messages crafted to entice recipients to click a link that will download malicious code.

In a targeted attack, the threat actors are going after a specific organization, and methods used vary depending on the attack's objectives. The hacktivist group Anonymous, for example, was suspected in a 2020 distributed denial-of-service (DDoS) attack on the Minneapolis Police Department website after a Black man died while being arrested by Minneapolis officers. Hackers also use spear-phishing campaigns in a targeted attack, crafting emails to specific individuals who, if they click included links, would download malicious software designed to subvert the organization's technology or the sensitive data it holds.

Cyber criminals often create the software tools to use in their attacks, and they frequently share those on the so-called dark web.

Cyber attacks often happen in stages, starting with hackers surveying or scanning for vulnerabilities or access points, initiating the initial compromise and then executing the full attack -- whether it's stealing valuable data, disabling the computer systems or both.

What are the most common types of cyber attacks?

Cyber attacks most commonly involve the following:

1. Malware, in which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.
2. Phishing, in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link.
3. Man-in-the-middle, or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes called an eavesdropping attack.
4. DDoS, in which hackers bombard an organization's servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests.
5. SQL injection, where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data.
6. Zero-day exploit, which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers.
7. Domain name system (DNS) tunneling, a sophisticated attack in which attackers establish and then use persistently available access -- or a tunnel -- into their targets' systems.
8. Drive-by, or drive-by download, occurs when an individual visits a website that, in turn, infects the unsuspecting individual's computer with malware.
9. Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.

How can you prevent a cyber attack?

There is no guaranteed way for any organization to prevent a cyber attack, but there are numerous cybersecurity best practices that organizations can follow to reduce the risk.

Reducing the risk of a cyber attack relies on using a combination of skilled security professionals, processes and technology.

Reducing risk also involves three broad categories of defensive action:

1. preventing attempted attacks from actually entering the organization's IT systems;
2. detecting intrusions; and
3. disrupting attacks already in motion -- ideally, at the earliest possible time.

Best practices include the following:

• implementing perimeter defenses, such as firewalls, to help block attack attempts and to block access to known malicious domains;
• using software to protect against malware, namely antivirus software, thereby adding another layer of protection against cyber attacks;
• having a patch management program to address known software vulnerabilities that could be exploited by hackers;
• setting appropriate security configurations, password policies and user access controls;
• maintaining a monitoring and detection program to identify and alert to suspicious activity;
• creating incident response plans to guide reaction to a breach; and
• training and educating individual users about attack scenarios and how they as individuals have a role to play in protecting the organization.

What are the most well-known cyber attacks?

The massive so-called SolarWinds attack, detected in December 2020, breached U.S. federal agencies, infrastructure and private corporations in what is believed to be among the worst cyberespionage attacks inflicted on the U.S. On Dec. 13, 2020, it was revealed that Austin-based IT management software company SolarWinds was hit by a supply chain attack that compromised updates for its Orion software platform. As part of this attack, threat actors inserted their own malware, now known as Sunburst or Solorigate, into the updates, which were distributed to many SolarWinds customers. The first confirmed victim of this backdoor was cybersecurity firm FireEye, which had disclosed on Dec. 8 that it had been breached by suspected nation-state hackers. It was soon revealed that SolarWinds attacks affected other organizations, including tech giants Micrososft and VMware and many U.S. government agencies. Investigations showed that the hackers -- believed to be sponsored by the Russian government -- had been infiltrating targeted systems undetected since March 2020. As of January 2021, investigators were still trying to determine the scope of the attack.

Here is a rundown of some of the most notorious breaches, dating back to 2009:

• a July 2020 attack on Twitter, in which hackers were able to access the Twitter accounts of high-profile users;
• a breach at Marriott's Starwood hotels, announced in November 2018, with the personal data of upward of 500 million guests compromised;
• the Feb. 2018 breach at Under Armour's MyFitnessPal (Under Armour has since sold MyFitnessPal) that exposed email addresses and login information for 150 million user accounts;
• the May 2017 WannaCry ransomware attack, which hit more than 300,000 computers across various industries in 150 nations, causing billions of dollars of damage;
• the September 2017 Equifax breach, which saw the personal information of 145 million individuals compromised;
• the Petya attacks in 2016 that were followed by the NotPetya attacks of 2017, which hit targets around the world causing more than $10 billion in damage;
• another 2016 attack, this time at FriendFinder, which said more than 20 years' worth of data belonging to 412 million users was compromised;
• a data breach at Yahoo in 2016 that exposed personal information contained within 500 million user accounts, which was then followed by news of another attack that compromised 1 billion user accounts;
• a 2014 attack against entertainment company Sony, which compromised both personal data and corporate intellectual property (IP), including yet-to-be-released films, with U.S. officials blaming North Korea for the hack;
• eBay's May 2014 announcement that hackers used employee credentials to collect personal information on its 145 million users;
• the 2013 breach suffered by Target Corp., in which the data belonging to 110 million customers was stolen; and
• the Heartland Payment Systems data breach, announced in January 2009, in which information on 134 million credit cards was exposed.

Cyber attack trends

The number of cyber attacks grew significantly in 2020, following a years-long trend of escalating cyber incidents and presaging a cybersecurity future beset with challenges.

The types of cyber attacks, as well as their sophistication, also grew during the first two decades of the 21st century.

Consider, for example, the growing number and type of attack vectors -- that is, the method or pathway that malicious code uses to infect systems -- over the years.

The first virus was invented in 1986, although it wasn't intended to corrupt data in the infected systems. The first worm distributed through the internet, called the Morris worm, was created in 1988 by Cornell University graduate student Robert Tappan Morris.

Then came Trojan horse, ransomware and DDoS attacks, which became more destructive and notorious with names like WannaCry, Petya and NotPetya -- all ransomware attack vectors.

The 2010s then saw the emergence of cryptomining malware -- also called cryptocurrency mining malware or cryptojacking -- where hackers use malware to illegally take over a computer's processing power to use it to solve complex mathematical problems in order to earn cryptocurrency, a process called mining. Cryptomining malware dramatically slows down computers and disrupts their normal operations.

Hackers also adopted more sophisticated technologies throughout the first decades of the 21st century, using machine learning and artificial intelligence (AI), as well as bots and other robotic tools, to increase the velocity and volume of their attacks.

And they developed more sophisticated phishing and spear-phishing campaigns, even as they continued to go after unpatched vulnerabilities; compromised credentials, including passwords; and misconfigurations to gain unauthorized access to computer systems.