Will 2022 be the year of cybersecurity?
2021 was the year we adjusted as a society to the new normal, a world with a deadly virus in permanent circulation. Our lives became ever more digital, and threat actors have not hesitated to take advantage of this new, and often underprotected, landscape. According to the 2021 IDG Security Priorities Study, “90% of security leaders believe their organization is falling short in addressing cyber risk”.1
Both enterprises and governments have begun to realize the importance of a multi-layer cybersecurity approach. The White House is purportedly “prioritizing and elevating cybersecurity like never before2, introducing a wide range of laws, partnerships, executive orders and other measures to bolster the cybersecurity of the nation with the world’s largest GDP.
These signals promise an interesting year ahead in the cybersecurity realm, for both defenders and attackers. In this post, our CEO David Barroso has 7 cybersecurity predictions that will take centerstage in 2022. Read on to see what you can expect over the next year.
1- More (and More, and More) Ransomware
“Ransomware is still ramping up, making it a very clear topic and something we will see more and more of in 2022. The way threat actors are doing things works, so they don’t have to innovate. There are so many low-hanging fruits, from public institutions to medium and large-sized enterprises.”
The average amount of ransomware ransom money collected went from to $34.6 million per month in 2020 to $102.3 million, according to the FinCEN Financial Trend Analysis.3 A further increase in 2022 can only be expected as par for the course. Ransomware gangs have their strategies down to a science, and hundreds of thousands of companies remain vulnerable to their attacks. The same tools and procedures continue to work, and attacks will only increase in 2022. Ransomware gangs will likely start taking advantage of the log4j vulnerability, and the use of Cobalt Strike in this type of incident will become the norm (as it is currently happening). We will also see an increased use of blackmailing with confidential information rather than threatening to encrypt systems—greater emphasis on reputational damage than inflicting technical damage. There is big business behind ransomware—those that sell access, those that sell ransomware, and those that find ways to blackmail companies.
2- Dependence on Cloud Leaves Companies Vulnerable
“As companies are migrating more and more to the cloud, many of the incidents that happen will happen in the cloud. This leaves many organizations feeling blind, as they don’t have control over what is going on in AWS, Azure, Google Cloud and the like. This will require an evolution of the security team and strategy.”
92% of organizations currently host their IT environment in the cloud4, so of course more and more security incidents will be happening there. Individuals don’t have the tools or the access to the data they need to fully understand their cloud security readiness. User education will be key, as life in the cloud requires a new security strategy. The way that you should defend and protect assets is totally different in the cloud versus in one’s own network.
3- Open-Source Components Become a Target for Threat Actors
“We recently saw how devastating and wide-reaching a vulnerability can be when it happens in an open-source project whose components are used in the building blocks of popular programming. It is likely that threat actors will begin to carefully study these components, meaning that the whole tech industry should make an effort to better audit these components to make them more secure.”
Open-source code forms an important part of the digital ecosystem, often making up critical components that everyone is using. Vulnerabilities like log4j wreak havoc, and now cyber criminals will be seeking them out. There are a couple solutions: the US is pushing the use of a Software Bill of Materials (SBOM) that will make clear lists of dependencies for every program to make it easier to identify affected programs in the case of breach. Another solution would be for the companies that so widely benefit from open-source technology to actually fund them. Big companies should help audit and dedicate hours to upkeep of these valuable components.
4- Supply Chain Attacks Increase
“As we saw in 2021, with SolarWinds, supply chain attacks are usually nation-state sponsored attacks. There will be more and more incidents. Finding a provider of the company you want to target is easier than going to that company directly. We saw this in 2021 and we will see more and more.
Look for more incidents like SolarWinds in 2022, perhaps with even higher stakes. Supply chain attacks are a nation-state’s dream: with one successful targeted attack, the real world can come to a standstill, causing all kinds of economic and social issues for not just the company targeted but society as a whole.
5- An Increased Abuse of LOLBins Over Malware
“A favorite, ever more popular trick attackers are using is abusing existing binaries to evade detection. These good binaries are being executed by the bad guys, and therefore they evade most security protocols. Without the detectable malware presence, it is a lot more difficult to stop an attack, or even know that it is happening.”
LOLBins, or Living Off the Land Binaries, are an ingenious trick used by threat actors that will continue to increase in frequency in 2022. In this technique, a “good” binary is exploited by cyber criminals and crime groups to camouflage their malicious activity, making it difficult (if not impossible) to detect it. This technique will be seen more often in the coming year as it’s quite effective.
6- Cryptocurrency Fraud Will Soar
“The cryptocurrency world is where the easy money is. Twenty years ago criminals were robbing banks, but now it’s easier to go to a third party that stores cryptocurrency and you have anonymous money. These are new companies that have grown quickly but have not been properly secured. These companies must put measures in place to detect when fraud happens.”
The rise in value of cryptocurrency makes it an attractive target. Expect a rise in malware that enables crypto mining as well as attacks on newer exchanges that may not have their security up to snuff for the amounts of money they are dealing with. The rise of NFTs complicates things further, involving all kinds of environments and sites that are not accustomed (as a brick and mortar bank may be) to protecting large amounts of money. Banks are usually huge and complex to protect, with legacy applications, but these organizations are dealing with even more zeroes without the layers of protection a traditional bank has.
7- Zero Trust Policies Will Become the Norm
“The standard of zero trust is changing the way our digital world communicates internally. It marks a total change, authentication and authorization everywhere, which will take a lot of time for companies to adopt. Government is pushing this concept, which means it will soon become the norm for enterprise.”
In 2022, organizations will be adopting more zero-trust strategies. The government has made it the gold standard and a must-have, and it is going further by pushing public administrations and enterprises to adopt zero trust. We will see companies demanding zero trust from their security providers, which means it will affect all tech products. It’s not a silver bullet, but this improvement in security posture will go a long way in protecting systems.
Protecting your organization against cutting-edge cybersecurity risks is key. If you’re interested in finding out how deception can strengthen your cybersecurity posture, contact us today.
1https://www.idg.com/tools-for-marketers/research-security-priorities/
2https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/25/fact-sheet-biden-administration-and-private-sector-leaders-announce-ambitious-initiatives-to-bolster-the-nations-cybersecurity/
3https://www.fincen.gov/sites/default/files/2021-10/Financial%20Trend%20Analysis_Ransomware%20508%20FINAL.pdf
4https://resources.idg.com/download/2020-cloud-computing-executive-summary-rl