Because of the Covid-19 pandemic, organizations have learned to adapt to a new business landscape to keep operations in motion. And in 2022, well over a year into the global pandemic, organizations will shift gears once again to keep pushing forward in a landscape that’s still in flux. The coming year will have organizations prioritizing the hybrid work model in a world that is hopefully at the tail end of the global health crisis. However, to exploit this transitional period, malicious actors will carry out attacks both novel and tried-and-true.
In 2022, an unprecedented number of zero-day exploits will be found in the wild. While enterprises will be busy fending off targeted attacks, malicious actors with improved toolboxes will successfully victimize smaller businesses via commoditized tools of the trade. Cybercriminals will also set their sights on the ever-growing volume of connected car data, which they will peddle in the underground.
While digital transformations will be put into overdrive, malicious actors will launch ever-evolving attacks. But organizations can combat threats by hardening their defenses with security best practices and solutions.
In this entry, we discuss several of our predictions that security professionals and decision-makers should know about to help them make informed decisions on various security fronts in the coming year.
Malicious actors will further induce damage to an already disrupted global logistics situation by generating a surge in the quadruple extortion model. This fourfold extortion technique includes holding a victim’s critical data for ransom, threatening to leak the data and publicize the breach, threatening to go after the victim’s customers, and attacking the victim’s supply chain or vendors. With this approach, malicious actors aim to coerce supply chain companies into paying large sums of money by denying access to critical data, withholding access to production machines, and directly contacting customers and stakeholders.
In the year ahead, companies will make their supply chains more resilient by investing in their supply chain development processes and diversification strategies. And malicious actors will launch targeted attacks to take advantage of the changes and unfamiliarity associated with new partnerships.
Companies can protect their supply chains while they diversify by applying the zero trust approach, in which organizations can secure the way they interact and exchange data via continuous verification throughout a connection’s lifetime.
Cloud attackers will both pivot and stay put; they will shift left to follow technology trends and continue to use tried-and-true attacks to wreak havoc on cloud adopters
In 2022, malicious actors will stay ahead of the game by carrying out attacks that use new trends in technology along with tried-and-true attacks.
Cybercriminals are generally inclined to use strategies that continue to work. To gain access to cloud applications and services, malicious actors will continue to use low-effort but high-impact strategies such as using phishing emails to steal credentials, exploiting known vulnerabilities, and abusing unrotated access keys, unsecure container images, and unsecured secrets.
But malicious actors will also explore new technologies for ill gain. For example, they will increasingly use the shift-left approach in their attacks. Today, malicious actors are already targeting DevOps tools and pipelines in cloud integrated development environments (IDEs). In 2022, they will use DevOps principles in their attacks to target supply chains, Kubernetes environments, and infrastructure-as-code (IaC) deployments.
To keep cloud environments secure, enterprises should apply the basics of cloud security. They should understand and apply the shared responsibility model, use a well-architected framework, encrypt, patch, and bring in the right level of expertise. They can also benefit from enforcing tighter security protocols around build systems.
Servers will be the main ransomware playground
We predict that there will be two major developments in the ransomware threat landscape in 2022. First, ransomware attacks will become more targeted and highly prominent. Although the tactics, techniques, and procedures (TTPs) used by ransomware operators will likely stay the same, they will be used to compromise more complex targets, possibly even bigger than the targets in previous years. Because modern ransomware is a relatively new development, it is highly possible that most enterprises have not made the same ransomware mitigation and defense investments for servers as they have made for endpoints.
The second development we foresee happening in the ransomware landscape is the use of more modern and sophisticated methods of extortion. These will resemble nation-state advanced persistent threat (APT) attacks in such a way that the attackers can just opt to exfiltrate sensitive data to extort money from their victims and skip the encryption process altogether. With this development, the focus will shift from denial of access to critical data to leaking and mining stolen data for abuse and compromise. We also foresee that as more companies migrate to the cloud, the cloud will be an even more lucrative target for cybercriminals.
These ransomware predictions are based on the security incidents that we’ve observed this year. To help secure servers against a wide range of ransomware attacks, enterprises should employ security best practices, including adherence to server-hardening guidelines for all pertinent applications and operating systems.
To learn more about the security issues and challenges that we predict will emerge in 2022 and the vital recommendations and strategies organizations should apply to keep their environments and systems secure, read our full report, “Toward a New Momentum: Trend Micro Security Predictions for 2022.”