Given the growth of the cybersecurity community due to the constant development of cyberattacks, companies are working hard to protect us all in 2022 and beyond.
Based on the growth in threats, we present the top five cybersecurity predictions for 2022:
Zero-day markets attacks and Supply chain will rise
Among the lessons learned in 2021, supply chain attacks targeting Managed Service Providers (MSPs) were the hardest to mitigate. In contrast to other threats, supply chain attacks are more silent, more difficult to stop and propagate at a faster pace. Professional cyber-crime groups will focus more on breaching MSPs to deliver ransomware to larger pools of potential victims. “As cyber-security vendors started to address the documented MiTRE techniques, cyber-criminals will focus their research on the discovery and implementation of new techniques for implementing MiTRE/Kill-chain tactics.
But there is more than zero-day vulnerabilities that will allow cyber-criminals to cause widespread damage to businesses.Cyber-criminals find inspiration inside the community – if one cyber-crime group rises to fame by employing existing tools, the rest of the community will follow suit.
Web infrastructure, Dark Markets and IOT2022 will likely bring a major increase in attacks on cloud infrastructures, including those hosted by top-tier providers . Misconfiguration and a shortage of skilled cyber-security workforce will play a significant role in data breaches and infrastructure compromise, thinks Catalin Cosoi, chief security strategist at Bitdefender.
As the world is gradually preparing for a permanent work-from-anywhere scenario, companies are making constant effort into moving legacy services to the cloud. Cloud attacks will intensify, with a particular focus on Azure AD and Office365, where we expect to see a spike in tools development, especially on Office365 and Azure AD.
With the crypto-currency ecosystem in full swing, we expect to see mounting cyber-criminal interest to attack exchange services, miners, wallet stealers, and launch crypto-currency scams.
The increased interconnectivity in smart cars will also create new opportunities for cyber-criminals. Vehicle telematics has become a cause for concern in the past few years as manufacturers attempt to build services or monetize information sent out by vehicles on the road. But data theft is just part of the cause for concern, says Alexandru “Jay” Balan, as cyber-criminals can leverage internet-connected vehicles to facilitate theft, obtain unauthorized access or even take remote control of the car causing potentially deadly consequences.
Dark markets acted chaotically in 2020-2021, but as consecrated ones get dismantled in coordinated law enforcement actions, we believe that we’ll see new contenders rising in 2022.
Ransomware
Unfortunately, the predictions for increased ransomware activity in 2021 came true. 2021 was extremely active for ransomware.
“Ransomware will continue to be the most lucrative type of cyber-crime in 2022. We expect to see an increase in Ransomware-as-a-Service (RaaS) attacks that will focus on data exfiltration for blackmailing purposes,” said Dragos Gavrilut, director of the Cyber Threat Intelligence Lab at Bitdefender. “Just like any mature business, ransomware will have to constantly keep up with both competition and cyber-security vendors alike.”
Also expects a boost in ransomware for Linux environments that target ESXi storage or templates. ‘silent ransomware’ – malware that stays dormant for periods of time before encrypting data will likely be used in more attacks. The Java Log4j vulnerability that recently shook up the cybersecurity community because of its pervasiveness and ease of exploit, created a perfect storm for ransomware.
Overall, ransomware as a service will undergo reorganization to focus on becoming more resilient, going into the realm of zero-day exploits for maximized reach.
State-sponsored
state-sponsored attacks will leave communities in the dark.
Political tensions will likely have a great impact on the cyber-realm as nation-states race for digital supremacy. 2022 will likely be the year of cyber-attacks against critical infrastructure. Killware could be the weapon of choice since it can be deployed using similar tactics as classic APTs and is effective against power grids, water and sewage plants or public transportation with immediate impact on communities and societies.
Data breaches will fuel a dumpster fire of business attack
As personal information stolen in data breaches becomes more widely available to cyber-criminals, spam campaigns will become much more targeted. From full names and phone number, other exposed information such as passwords, physical addresses, payment logs or sexual orientation will be used to create tailored and convincing phishing or extortion campaigns.
While the spear phishing – whether it’s whaling, business email compromise (BEC), email account compromise (EAC) – Solutions like Blue email certificates (https://bluecerts.eu/blue-e-mail-certificates/) are the most used for improve the safety on email accounts.
The scams of 2022 will likely capitalize on the busy and exclusively online recruitment processes imposed by the Coronavirus pandemic. Cyber-criminals will start impersonating companies to dupe potential candidates into infecting their devices via popular document attachments. Additionally, cyber-crime operators will likely use this remote onboarding opportunity to recruit unwary people looking for jobs into illegal activities such as money-muling.
Our solutions are available on our website, however if you have any questions please do not hesitate to contact us to learn more about our solutions to protect yourself in the best way.