EXECUTIVE SUMMARY

The war in Ukraine has dominated the headlines in the first half of 2022 and we can only hope that it will be brought to a peaceful conclusion soon. However, its impact on the cyber space has been dramatic in both scope and scale, as cyberattacks have become firmly entrenched as a state level weapon. We have identified unprecedented levels of state-sponsored attacks, the growth of hacktivism and even the recruitment of private citizens into an “IT Army.” In this report, we take a closer look at how cyber warfare has intensified to become an essential part of the preparation for, and conduct of, actual military conflict. Furthermore, we uncover what the fallout of this will be for governments and enterprises all over the world, even those that are not directly involved in the conflict.

A second major trend in the first half of this year has been the ability of threat actors to disrupt the everyday lives of normal citizens. In this regard there has been crossover with cyber warfare and hacktivism, as we saw a TV station taken down by missiles in Kyiv with a cyberattack launched at the same time for the same purpose, as well as interference with Moscow’s smart TV platform to beam live antiwar messages into homes across Russia. The full scale of cyber’s ability to cause real harm to citizens, though, is best illustrated by the attack on the entire country of Costa Rica which crippled essential services including healthcare and inland revenue, stopping medical appointments and the collection of taxes. In the US, teachers have been put out of work and student learning disrupted when Lincoln College succumbed to a ransomware attack which resulted in it closing its doors after 157 years. Cyber’s theoretical potential for major disruption to civic society just got real in 2022 and in this report, we will look at what organizations can do to avoid becoming the next victim.

The events in Costa Rica also highlighted why ransomware is the number one security threat to enterprises around the world. Imagine an entire country being the victim of cyber extortion by a criminal gang? This was not even an isolated example as Peru became the second victim of ‘Country Extortion’ not long afterward. The huge potential for financial gain means that ransomware is going to be around for a long time and it’s only going to get worse as threat actors invest their ill-gotten gains into better tools and resources. The good news, however, is that we also have new tools and technologies to meet the danger wherever it comes from and however sophisticated the attack.

At the start of the year, we had the continued fallout of Log4j, one of the most serious zero-day vulnerabilities we have ever seen. Any assumptions that it was a one-off event were soon put to bed as just a couple of months later, another huge zero-day vulnerability was found in the open-source Spring Framework – Spring4Shell. We also saw in H1 the demise of a significant malware family, Trickbot, but the good news ended there as the notorious malware Emotet has continued to dominate since its resurgence late last year. In this report, we will unravel 2022’s threat landscape and provide examples and statistics of real-world events, so you know exactly what you need to be aware of in your organization.

As we look ahead to the remainder of 2022 and beyond, our global team of experts have provided their predictions, from a tsunami of state-sponsored attacks to the first malicious activity in the Metaverse, so that we can all get prepared now for what’s to come.