The European Union Agency for Cybersecurity (ENISA) published a report revealing that cyberwarfare, hacktivism, and malicious cyberattacks have transformed the geopolitical climate. The Russian invasion of Ukraine has had a significant impact on the global cyber sector over the past decade. They detected a rise in cyberthreats, as well as an increase in the variety of vectors, including zero-day exploits and AI-based disinformation and deepfakes. As a result, more extensive and damaging attacks are now common.
Geopolitics impacts the ransomware landscape
According to Enisa, the Ukrainian crisis has redefined the boundaries of cyberwarfare and hacktivism, whether it be private firms or unknown groups. Geopolitically motivated cyberattacks may increase, posing a risk of collateral damage. Ransomware is still one of the most harmful forms of malware, but there has been an increase in denial-of-service attacks. Denial-of-service attacks are becoming more complicated, and they have become more frequent in Ukraine and the Internet of Things. Although denial-of-service attacks can be used to extort money, they are simpler to execute than ransomware.
Zero-days vulnerabilities
In addition to an increase in the quantity of 0-day exploits, ENISA also sees a rise in the number of malware attacks exploiting such flaws. This may be a manifestation of attackers becoming more professional or a sign that more mature security levels are forcing them to strike harder. According to them, the most exploited vulnerabilities in cyber attacks were ProxyLogon, ProxyShell, PrintNightmare, and Log4Shell. Phishing was the most common intrusion vector, despite its low cost. It involves remote access via the Remote Desktop Protocol, which is simple for attackers to execute. It is also evolving with new variants that target specific individuals or declining to SMS or phone calls.
According to the agency, malicious hackers are purchasing a lot on black markets to obtain unauthorized access to organizations’ networks. They are also expected to exploit new vulnerabilities in 2022. They will target the Internet of Things, VPNs, and cloud infrastructure, in addition to continuing to exploit opportunities presented by newly discovered vulnerabilities.
AI-based disinformation
The prevalence of disinformation and misinformation campaigns has risen in recent years, primarily because of the rise in social media and online media. Digital platforms have become the norm for news and information. People now get their information from social media sites, news and media outlets, even search engines. Because these sites attract users and drive traffic, information that gets the most eyeballs is typically the one that is promoted, particularly if it hasn’t been verified.
The conflict between Russia and Ukraine has demonstrated new ways to exploit this danger, influencing people’s perceptions of the war’s status and the responsibilities of the parties involved. There are various motivations behind the difference between incorrect and purposely falsified details. To put up with the definitions of misinformation and disinformation is where this comes in.
Deepfakes
For decades, political leaders have artificially generated or distributed altered or decontextualized content. Recently, deepfakes have offered malicious actors with simple and efficient tools for generating fake content that appears authentic (audio, video, images, and text).
Deepfakes have become an important tool in the hands of AI-enabled disinformation, allowing for Vladimir Putin and Volodymyr Zelenskyy to be portrayed in supporting messages of the adversary’s views. Despite being fabricated, these videos still spread online.
Attacks on the supply chain
A supply chain attack targets the connection between suppliers and organizations. It is defined as a combination of two assaults or more in the supply chain. In order to qualify as a supply chain assault, both the supplier and buyer must be targeted. Supply chain assaults have the potential to cause serious damage. They were brought in public light with the SolarWinds case and demonstrated the potential for such assaults. It appears that threat actors are still exploiting this technique in order to infiltrate organizations and exploit their widespread potential victim population.
Cybercriminals are becoming more interested and skilled in supply chain attacks. Supply chain assaults are primarily associated with state-backed actors, but cybercriminals have become more interested and skilled in this approach as an assault vector during the reporting period. During the reporting period, supply chain assaults have been increasingly connected with ransomware campaigns, allowing the threat actors to enlarge the extent of their operations by compromising a single supply chain initially. Supply chain assaults normally lead to ransomware deployment, coin mining, stealing cryptocurrency, or stealing credentials that cybercriminals may utilize in their malicious actions.
