Every year, major cybersecurity firms release their report on the trends of cyber threats/attacks they observe during that year.

Some also release their forecast of cybersecurity trends for the next year.

Examples of reports for 2022 are provided in the list of references.

A summary of the trends observed in these reports is provided here, with additional commentary on how some of these attacks happened.

Among the most impactful trends identified [Che22, Cro22b, Man22a, Spl22] are (in no particular order):

• State-sponsored cyber armies, advanced persistent threats (APTs) and cyberwarfare are on the rise.

  Mandiant has an extensive report [Man22a] on the activities of various threat groups in 2022.

  Threat groups from the “big four” — Russia, China, Iran, North Korea — are expected to be highly active in 2023, using destructive attacks, information operations, financial threats and more [Man22b].

• Ransomware has been occupying news headlines, and nobody should be a stranger to this escalating threat anymore.

  It is not even farfetched to expect ransomware to be used to attack space systems [Pet22].

• Macro viruses have existed ever since Microsoft Office started supporting macros.

  They do not seem to be going away.

  Documents containing malicious macros are called “maldoc”, and Emotet (🖱 for details), one of the world’s most prevalent malware (see Fig. 1), has been hailed as the “unofficial king of maldoc usage” [Che22]

• Mobile malware has in recent years started exploiting zero-click vulnerabilities [Jin21], posing tremendous risks to unpatched devices.
  

• Cloud-based services are increasingly abused by malicious actors in the course of computer network operations, a trend that is likely to continue in the foreseeable future as more businesses seek hybrid work environments [Cro22b].

  Common cloud attack vectors include cloud vulnerability (e.g., CVE-2021-21972) exploitation, credential theft, cloud service provider abuse, use of cloud services for malware hosting and command & control (C2), and the exploitation of misconfigured Docker containers [Cro22b].

• In 2021, compromise of cyber supply chain accounted for 17% of intrusions, compared to less than 1% in 2020 [Man22a].

  Furthermore, 86% of these compromises were related to the SolarWinds breach and the SUNBURST malware (trojanised digitally signed component of the SolarWinds Orion software framework that contains a backdoor that communicates via HTTP with third-party servers).

  Watch news report by ABC:

• An increasing number of malware has cryptocurrency mining (“cryptomining” for short) capabilities [Che22], since these capabilities are readily available in the public domain.

  For example, XMRig is available on GitHub, and is the most popular cryptominer (see Fig. 2).

• The highest-profile example of attack on cryptocurrency is undoubtedly the “FTX hack”, which allegedly stole USD 415 million from the FTX exchange.

  The attacker had been using crypto laundering services like ChipMixer to launder the stolen funds.