Navigating Cyber Crime's Path for 2022
January 13, 2022

Grayson Milbourne
Carbonite + Webroot

Recently, the cybercrime unit of the United States Internal Revenue Service reported that $3.5 billion in cryptocurrencies were seized during 2021 — 93% of all cyber seizures this year — proving that organizations must stay vigilant and understand their greatest security risks ahead of 2022.

Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes. Participants in the ecosystem within cybercrime are behaving like all rational actors within an economy, responding to incentives, and specializing their capabilities while focusing on their advantages. The two most significant groups, cyber-criminal syndicates and nation-states are increasingly forming coalitions of convenience. Unfortunately, we don't anticipate that changing in 2022. With the evolving threat landscape and continued impact of the pandemic, it remains crucial businesses stay abreast of new cybercriminal trends so they can be proactive and actionable in protecting their data and information.

Ransomware: Exploit-as-a-Service?

The adage of try-before-you-buy is raring its head again, but this time in ransomware with Exploit-as-a-Service (EaaS). Most of us are aware of ransomware gangs making headlines; those who can afford to pay upwards of $10 million dollars for a zero-day exploit, an easy way to make money for experienced criminals. Cybercriminals without the same budget or means to exploit now have options to rent out malicious code from developers — this is one of the newest, and more complicated layers of risk and threats for security teams.

This newer, Exploit-as-a-Service model allows malicious threat actors and developers to generate large earnings by renting a zero-day vulnerability as they wait for a buyer to pay outright, allowing the ‘renter' to try and test the proposed zero-day, and later decide whether to purchase the exploit on an exclusive or non-exclusive basis. Such cybercriminal-renters might also have the ability to share tutorials and reviews of their preferred (or least favorite) tool/code on the market, similarly like many consumers do with goods and services.

Ransomware: The as-a-Service Climate Changes

The shift of power within the Ransomware-as-a-Service eco-climate is upon us — from those who control the ransomware to those who control [a] victim's networks — and they have become more self-reliant in the process. It cannot be denied that cybercrime is an ultramodern industry and those within the industry who decide to apply their knowledge and skills not only jeopardize national security and hold critical infrastructure for ransom, but they are uniquely and unfortunately, some of the best in the business. Any exploration of the vast range of new attack techniques and their advanced capabilities points to an underground industry that's growing exponentially in size and sophistication.

Services are sweeping the business scene as organizations package together their expertise and products to offer easy solutions to those without their own time or resources to complete a task; ransomware-as-a-service is no different. Attack vectors can be loaded up with new capabilities (Exploits-as-a-Service) and sold to those wishing to carry out attacks which only diversifies and expands the pool of those with the ability to attack, making ransomware available to all.

What's Next?

No longer are cyber attackers seeking a quick payment in return for the restoration of hijacked systems: the new cyber criminals know that a brand's reputation is worth far more. Cyber insurance is not enough to protect businesses data and assets. A prevention-first approach is by far the best way to reclaim control of your data — ensuring security teams and IT counterparts work seamlessly together to provide the highest level of security and management possible to counter the newest wave of cyber criminals.

Combine a solid backup and recovery plan with expertise to analyze and define risks, make decisions based on big data, and dynamically apply a set of zero trust policy controls to combat the newest threats, and reclaim control over your data.

Grayson Milbourne is Security Intelligence Director for Carbonite + Webroot
Share this

Industry News

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.

April 29, 2025

Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).

April 28, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.

April 28, 2025

SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.

April 28, 2025

Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.

April 24, 2025

Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.