We are just over half-way through 2022 and already we have seen huge defining events in the cyber landscape, from the Russia-Ukraine war, state-sponsored attacks and hacktivism to Conti’s ransomware attacks on the entire countries of Costa Rica and Peru, not to mention multi-million-dollar incidents, thefts and scams in crypto. So, what can we expect looking forward?

• Ransomware will become a much more fragmented ecosystem - there will be a lesson learned from the Conti ransomware group. Its size and power garnered too much attention and became its downfall. Going forward, we believe there will be many small-medium groups instead of a few large ones, so that they can go under the radar more easily.
• More diverse email infection chains - due to the implementation of internet macros being blocked by default in Microsoft office, the more sophisticated malware families will accelerate the development of new infection chains, with different file types than just the regular Office files. They will also password protect them to make detection more difficult. It’s important that users are well aware of sophisticated social engineering. Cybercriminals will often send a simple email impersonating someone you know just to get into conversation with you and gain trust before then sending a malicious file.

• Hacktivism will continue to evolve - hacktivism was really brought to the fore in H1 2022 and we expect hacktivist groups will continue to align their attacks with the agenda of their nation state throughout the rest of the year, particularly as the Russia-Ukraine war is still ongoing.
• Continued attacks on blockchain and crypto platforms - so far this year we have found major incidents relating to blockchain platforms, such as vulnerability in the Everscale wallet. Withblockchain technology still being so new, cybersecurity is only in the early stages of understanding its full scope and so we expect there to be more vulnerabilities, breaches and crypto attacks in the second half of 2022.
• The first attacks in the Metaverse - the Metaverse is built on the blockchain and due to the amount of malicious activity we already see there, we believe it won’t be long before we start to see initial attacks in the Metaverse too. It will likely be based on authorization and user accounts will get hijacked.

• Install updates and patches regularly. WannaCry hit organizations around the world hard in May 2017, infecting over 200,000 computers in three days. Yet a patch for the exploited EternalBlue vulnerability had been available for a whole month before the attack. Updates and patches must be installed immediately and have an automatic setting.
• Adopt a prevention-first strategy and approach. A detection-only approach is not enough. Cyberattacks can be targeted and evasive and, if data is stolen, the costs to the organization will be high. Once an attack has penetrated a device or a corporate network in any way, it’s too late. It is therefore essential to use advanced threat prevention solutions that stop even the most advanced attacks as well as preventing zero-day and unknown threats.
• Install anti-ransomware. Anti-ransomware protection watches out for any unusual activity such as opening and encrypting large numbers of files, and if any suspicious behavior is detected, it can react immediately and prevent massive damage.

• Education is an essential part of protection. Many cyberattacks start with a targeted email that does not contain malware but uses social engineering to try to lure the user into clicking on a dangerous link. User education is therefore one of the most important parts of protection.
• Collaborate. In the fight against cybercrime collaboration is key. Contact law enforcement and national cyber authorities; do not hesitate to contact the dedicated incident response team of a cybersecurity company. Inform employees of the incident, including instructions on how to proceed in the event of any suspicious behavior.
• Be wary of requests to sign links within any marketplace. To prevent the theft of crypto keys and wallets, be wary whenever receiving a request to sign links within marketplaces. Prior to approving a request, carefully review what is being requested and consider whether it seems abnormal or suspicious. If there are any doubts, you should reject it. Token approvals can be reviewed and revoked using this link: https://etherscan.io/tokenapprovalchecker.