By: Filip Cerny, Enterprise Application Experience, Progress.
Cyberattacks made headline news throughout 2021. Ransomware attacks, in particular, were widespread and impacted both traditional IT services and physical infrastructure in the real world.
Ransomware was not the only attack type used in 2021. Cybercriminals continued to use malware, phishing, business email compromise (BEC) attacks, data theft, cryptocurrency miners, and more.
Supply-chain attacks also made the headlines. These include software supply chain attacks that seek to compromise software tools, and direct attacks against companies in the supply chain that can spread to larger targets, using vectors like phishing and malware drive-by attacks.
Cybersecurity in 2022
Many cybersecurity analysts anticipate that cybercriminals will use what they learned in 2021 to supercharge their attacks in 2022. Last year showed that they can quickly adapt to emerging threat opportunities and retool their techniques to launch attacks. This will still be the case in 2022, even as organisations use the knowledge gained in 2021 to shore up cyber defences.
Here are some specific attack vectors that will need watching and defending against in 2022.
Ransomware will continue to dominate attacks
The ransomware gangs have enjoyed substantial financial returns, and will continue their attacks in 2022. Law enforcement agencies are taking action against prominent gangs, but given the availability of easy-to-use tools that even non-experts can use to mount attacks, we can expect other groups to fill any gaps that result from successful countermeasures. Also, many adversarial nation-states will use ransomware attack techniques, aiming for disruption rather than ransom.
System Updating to apply patches will be as important as ever
To stay ahead of criminals’ efforts to exploit new vulnerabilities, updates and security patches must be deployed as soon as they are made public. Cybercriminals watch for recently announced patches and immediately start scanning systems on the internet to look for vulnerable servers. All unpatched servers are essentially zero-day attack vectors for the criminals. Rapid patching will be crucial in 2022 and beyond.
We’ll see an escalation in the cyber Cold War
Several regimes tolerate the activity of cybercriminal gangs operating from their jurisdictions. This has led to government warnings that they will class cyberattacks from these regions as terrorism. Heads of State summits have put countering ransomware on summit agendas. Analysts expect the rhetoric in this area to ramp up in 2022, and some industry commentators say that there could be military responses against gangs or national assets if there are attacks against critical infrastructure or healthcare systems.
Partner supply chain attacks will escalate
The criminals know that the supply chain provides many weak links that they can exploit when looking to attack partner organisations. This means that in 2022 and beyond, company cybersecurity defence strategies will need to take into account the cybersecurity posture of business partners and the supply chain. Just focusing on your own infrastructure and endpoint devices will not be enough.
Software supply chain attacks will also escalate
Vulnerabilities in open source tools and libraries, micro-services, and commercial software products will continue to be a target and an entry point for sophisticated attackers. This technique will continue to be used by nation-state teams that have the blessing of adversarial regimes.
Evolving working practices will be targeted
In 2022, a return to the pre-pandemic office-first workplace is unlikely for most information workers. This means more adoption of mobile endpoint technology solutions. Organisations’ security perimeters will expand so widely that the concept of a network perimeter will be essentially obsolete. Attackers will target mobile and home workers with technological and social engineering based attacks. The deployment of zero-trust networking and frequent company cybersecurity awareness training will increase to improve security in this new world of work.
Mobile Endpoint devices will become a bigger target
Mobile devices are ubiquitous, and host a lot of information valuable to attackers. In 2022 there will be an increase in the number of applications designed to steal this data. Both Apple and Google are working hard to keep such applications out of their app stores, but the criminals are good at hiding their malware-infested apps in plain sight. Controlling what apps can be installed on devices that access corporate networks will become even more crucial in 2022.
Cybercriminals will increase their use of defender tools
Many cybersecurity defence organisations use tools to do penetration tests to find vulnerabilities and security gaps in their clients’ networks. Many of these tools are similar to those used by criminals. Recently, there has been some movement in the other direction as criminals have started to use suites created for defenders. Many commentators expect this to rise in 2022.
Hybrid attacks will be common
Attacks that simultaneously use multiple attack vectors and techniques will be increasingly common in 2022. This means that if an attack vector gets discovered, you should assume that other attack methods not yet found are also in progress.
Machine learning-backed attack tools
Many researchers expect attackers to use ML-based systems to generate believable content and images for fake sites used in phishing and other social engineering based attacks. They also expect more widespread ML-based brute force attacks designed to guess passwords. Organisations will need to deploy rapid ML-based security tools to augment their human cybersecurity.
Skills shortage will continue to impact
The pandemic has worsened the global shortage of skilled cybersecurity professionals. Significant numbers of people have switched jobs or left the industry entirely. HR experts expect the skills shortage to worsen in 2022.
Cyber insurance will become harder to obtain
The financial impact of ransomware attacks will change the market for cyber insurance in 2022. To obtain or renew their insurance against cyberattacks, companies will need to demonstrate that they have taken all possible precautions. Significantly higher premiums and deductibles were also reported towards the end of 2021; this trend will continue into 2022, and industry experts expect this pressure from insurance companies to drive an overall improvement in business cybersecurity practices.
Government regulation will increase
As Governments focus more on the threats from cyberattacks against critical infrastructure, they will also want to regulate how impacted organizations respond. Mandatory reporting of ransomware attacks, data breaches, and possibly a ban on paying attackers are all likely to be enacted in several countries in 2022.
The coming year will be another challenging one. To be forewarned is to be prepared, and company cybersecurity teams and managed security service providers will need to be alert to these 2022 predictions from industry experts.