Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.
This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.
ReasonLabs has compiled a detailed report on the status of consumer-level cybersecurity and what trends are most likely to emerge this year.
Path of least resistance
Cybercriminals like to follow the shortest and most accessible pathway to achieving their goals, and when it comes to targeting corporate networks, the best chances lie at targeting remote workers.
The pandemic may slowly be fading, but remote work and the security risks that arise from this new work environment are here to stay. At the same time, organizations are spending significant amounts of money on bolstering their on-premise systems.
As such, for hackers looking to gain access to company networks, the easier way is to target remote employees through phishing or social engineering, take over their account, and use it to log in to the network.
Crypto-boom
2021 was the year of the crypto-miner, primarily due to the rising value of Bitcoin, Ether, and other cryptocurrencies that followed the same trend, further augmented by the rise of NFTs.
People in fear of missing out invested heavily in virtual assets, and many of these new investors don't know how to protect them adequately.
This crypto rush has created a steep rise in info-stealer infections, which according to ReasonLabs, is bound to continue following the same trajectory in 2022.
The rise of Meta, which is expected to create a new boom around digital asset payments from consumers, will fuel that fire even more.
Shutting the door on macros
Microsoft's move to disable Excel 4.0 macros by default shuts the door to malicious documents that included malicious macros to download malware on the user's device. This tactic was predominately used against corporate users.
Adversaries are now forced to lure victims to malicious websites instead, set up SEO poisoning attacks, create malware masqueraded as game cracks, or even use social media, YouTube, and IM channels to promote these files directly.
"Throughout 2021, we have seen countless threats that came specifically from supposed games, including miners, RATs, and infostealers, all delivered in a bundle with the (cracked) game," comments the ReasonLabs report.
All these somewhat random malware distribution methods flourished in 2021, and the same trend will most likely continue in 2022.
Adware
Adware remains a steady source of income for cybercriminals and one that relies on infecting and exploiting large numbers of systems, mostly consumer computers and smartphones.
ReasonLabs estimates the number of ad-injectors and clickers to rise in 2022, as they are easy to spread and hard to detect, map, and stop, which usually happens only when they reach jaw-dropping operational sizes.
While many consider adware to be more of a nuisance rather than malware, many adware bundles install information-stealing trojans, ransomware, and even rootkits.
The ransomware space
When it comes to ransomware, the case is especially characteristic because this is the category of threat actors that moved to larger targets in previous years, entirely snubbing consumers.
The busts of 2021 have brought turbulence in RaaS operations, and while most big players continued unabated, we have seen notable adjustments in their targeting scope.
Targeting governmental or critical infrastructure entities has consequences, and ransomware actors have realized that.
The trend we see now is targeting consumers who hold something valuable, and asking for small ransom payments from a larger number of victims.
As ReasonLabs comments in the report: "(Ransomware actors) will shift their focus to unprotected consumers, with the number of attacks drastically increasing to cover the pay gap."
The recent ransomware attacks against NAS devices are an excellent example of that. They weren't carried out by low-skilled opportunists but by hackers who could discover and leverage zero-days.
BleepingComputer has also seen ransomware operations that more commonly target the enterprise, also now targeting consumers and SMBs with ransom demands under $1,000.
With the enterprise more actively defending against network intrusions and ransomware attacks, we may see ransomware operations going back to spray-and-pray attacks hoping to encrypt anyone, including consumers.
