Cyberattacks are constantly evolving as criminals discover new ways to crack strong networks or automate attacks to target vulnerable systems. Nowadays, it seems as if cyberattacks are everywhere you look.
In 2021, we faced many new attack vectors as the shift to remote work challenged traditional work operations, and we are likely to see those continue well into 2022. From a growing need for intelligence-led security to increased insider risk, organizations must consider emerging trends to stay ahead of the attacks and improve their existing cybersecurity risk management operations.
Top 9 cybersecurity predictions for 2022
Here are the top cybersecurity predictions for 2022:
- An exponential increase in cybercrime activity
- Targeted herding attacks
- An increasing amount of automation by adversaries
- No longer hesitation to target critical infrastructure
- Insider risk, bribery, and active recruitment
- Regulatory intelligence
- Growing need for intelligence-led security
- Kinetic warfare triggered by cyber attacks
- Malware/Ransomware event gone wrong
1. An exponential increase in cybercrime activity
Every year, we see an increase in criminal activity specialization such as ransomware as a service — meaning cybercriminals are now working together to run a multi-leg relay race, passing the baton from one specialized criminal operation to another. Operations have gotten so sophisticated that there is even a customer support function for payment interactions that cybercriminals can utilize. Yes, you read that correctly. Even digital criminals are outsourcing their “customer support”. Not everyone knows what bitcoin is, let alone how to purchase it to pay a ransom. Below is an actual example of a RANSOMEXX Leak Site being monitored by SecurityScorecard for discovering “Ransomware Victim” signals.
As a result, criminals are addressing and compromising more attack surfaces not just for money, but also for purposes of destruction, disruption, and disinformation.
2. Targeted herding attacks
A targeted herding attack is when a cybercriminal attacks a piece of shared or core infrastructure to force, or “herd”, traffic to another platform or service provider that may be more vulnerable or already compromised. These days, BGP hijacking is occurring more frequently which results in internet traffic taking, for example, the “scenic route” from your computer on its way to your banking website, perhaps via Russia or China. Distributed Denial of Service (DDoS) attacks can also be used as a herding technique.
A DDoS attack can be used to “shape” traffic and communications of a business or entire industry towards a less-protected backup channel or provider — one that the cybercriminal can perhaps already tap or is currently snooping. In September 2021, Bandwidth.com, a leading telephony provider for US voice over IP (VoIP), experienced a DDoS attack where threat actors impersonated the ransomware group ‘REvil’, demanding 100 bitcoins ($5.7 million as of this writing). Since VoIP services are routed over the Internet, they are prime targets for DDoS extortion attacks.
Cybercriminals expect to get paid a ransom once they have compromised a company or infected one or more of their computers/servers. However, if the victim refuses to pay, attackers will find other ways to get paid. Below is a set of forum posts between digital criminals where they plan to sell information at auction after the skincare company refused to pay a ransom.
3. An increasing amount of automation by adversaries
Within minutes, cybercriminals can detect all of the vulnerabilities in a system that are showing up for the first time on the internet. And once they detect it, they are either going to automatically exploit it, or send a team off to do it for them. Research reports on global threat trends and patterns indicate that some of the fastest APTs can begin lateral movement within 18 minutes of infecting “patient zero” with malware or ransomware. This goes back to the ‘cybercrime as a business’ theme. Cybercriminals now have a growing index of enterprise cybercrime businesses to help detect and exploit vulnerabilities, faster than most organizations can mitigate against them. There is even a market for creating customized malware designed specifically for the intended victim. One size fits all is no longer the modus operandi. Tailored malware delivered via specialized phishing campaigns crafted from extensive social media reconnaissance are being packaged as bundled offerings on dark web sites.
4. No longer hesitation to target critical infrastructure
Happenings from this past year stand as evidence that targeting critical infrastructure will continue to be a trend in the coming years. It used to be that hospitals, schools, power, gas, and food were off-limits unless you were a nation-state (ex. North Korea, China or Russia). But now, cybercriminals are going at these organizations freely. What’s worse is that these industries are historically far behind on their security posture and detection capabilities. Therefore, infiltrating these networks can be easily accomplished by the growing cybercriminal industry.
5. Insider risk, bribery, and active recruitment
Nowadays, cybercriminals are actively advertising to employees by offering a percentage of the payout if they cooperate and provide information — and for a surprisingly low price at that. The median price was $1,000 USD according to research into “Initial Access Brokers” by KELA. And while employee job satisfaction and job security play into this motivation to sell access to a company’s infrastructure, most targets are low responsibility individuals with high access (receptionists, security guards, etc.).
In the coming year, businesses need to address the ‘outsized’ access rights problem, as well as establish an insider risk program to help detect and investigate anomalies. Implementing a principle of “least privilege” is a good practice, where individuals have the permissions and access needed to do their job, but nothing more. Zero Trust Architecture is another popular approach to reducing the possibility of insider threats that put your company in the news such as the recent breach of Electronic Arts. In the case of the Electronic Arts incident, a bit of social engineering combined with buying a Slack session token on the dark web resulted in the theft of 780 GB of source code for games worth at least $28 million USD.
6. Regulatory intelligence
Due to a lack of due diligence, and breaches caused by negligence, regulatory agencies are stepping up to the challenge of cyber risk management and mitigation. Regulators want to be in a better position to prosecute “willful failure to remediate” vulnerabilities of companies under their jurisdiction. Stepping up their games entails transitioning from mere regulatory governance to practicing regulatory intelligence. And with the May 12th Biden Executive Order, software labeling, and Software Bill of Materials (SBOM), regulatory agencies are projected to expand their governance and oversight function much more than they had in the past. This will take time, however, because just as food labelling didn’t automatically make us eat healthier, software labelling won’t make us more “cyber” healthy. But it will make it possible for us to make better software choices moving forward.
7. Growing need for intelligence-led security
There is only so much security researchers can do with automation in identifying software vulnerabilities and configuration errors. Therefore, there is a growing need for analysts that would typically only be available to the government, 3-letter agencies (CIA, FBI, NSA, etc.), or big security companies. These threat intelligence analysts help SMEs understand how they’re being targeted or attacked and generate good intelligence-driven security research to help mitigate security risks at any level. Threat intelligence helps a company know which vulnerabilities are being actively probed, tested, and exploited in their industry, infrastructure, and supply chain. But subscribing to threat intelligence feeds is not enough. Companies need to build the capability for producing tactical threat intelligence. This is more than just an awareness of APT campaigns at a high level, but rather focused and individualized discovery of which campaigns are targeted at your company right now.
8. Kinetic warfare triggered by cyber attacks
Kinetic warfare falls in the domain of those with boots on the ground, weapons in hand (or planes in the air and ships in the sea, of course). The use of traditional military force, or the threat of its use, has governed geopolitical conflict for centuries. But now we are seeing the emergence of cyber-kinetic attacks — attacks on software, critical infrastructure, and industrial control systems that result in direct or indirect physical damage, environmental impacts, and even injury or death. The US Treasury Department has brought sanctions against a Russian government research institution for its alleged participation in the creation and use of Triton malware. In this case, this malware was designed to cause significant damage and loss of life. The next stage in this escalation of digital warfare will most certainly involve a kinetic retaliation to a cyber attack.
9. Malware/Ransomware event gone wrong
As malware attacks increase, the likelihood of something going wrong inside of the malware code increases as well. It isn’t hard to predict a near-future event that causes a massive depopulation of internet-connected devices. Events where iPhones and Android phones are essentially “bricked” by a piece of malware code gone wrong or buggy malware where users cannot “factory reset” their phones, recover, or restore from backups are certainly likely. Or even worse, a widespread corruption of medical devices ( heart pumps, dialysis machines, medical tech, etc.) may become a reality.
An attack like this could disable circuit boards with embedded operating systems and prevent them from having the ability to be reset. This is because there is no screen to display the ransomware message, and no keyboard on which to enter the decryption key, even if the ransom were paid. This might be the digital equivalent of the Irish Potato Famine of 1845, but rather a catastrophic event involving millions of iOS 15 users, for example. If cybercriminals only have to target one particular version of iOS, the likelihood of successfully conducting a destructive malware event improves. And as more players enter the game and try their hand at writing malicious code, one of them might succeed.
How SecurityScorecard can help organizations stay ahead of these and other cyber threats in 2022
As organizations look to secure their networks, applications and devices from emerging threats in the upcoming year, the first step is to improve the visibility of your attack surface and prioritize cybersecurity risk management. SecurityScorecard’s comprehensive security ratings, advanced risk analytics, and powerful digital footprint insights all aid to elevate your cybersecurity posture awareness. Proactive solutions like security ratings provide the tools needed to secure your organization and to stay one step ahead of evolving threats. Intuitive security ratings and scores also help close the communications gap in executive-level reporting to the board of directors, offering clear indicators of where additional security investment is needed.
With the ability to continuously monitor changes in risk profiles and exposures across your organization’s entire ecosystem, SecurityScorecard ensures that your security team can help identify and mitigate future risks. To learn more, book a demo or request a free instant security score to see how your organization stands up against current and impending threats.