Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Cyber Threat Predictions for 2022: Cryptocurrency, API attacks, AI and more
By Candid Wüest, VP
of cyber protection research, Acronis
As the COVID-19 pandemic spread,
everyone had to adapt to a very different routine full of challenges that few
were prepared for. This completely changed the security landscape in 2021. Here
are nine trends that are likely to define the cybersecurity landscape in 2022.
1. Ransomware affecting
your daily lives
Ransomware is one of the most profitable cyberattacks at the
moment. Despite some recent arrests, there is no end in sight. Ransomware will
expand further to MacOS and Linux, as well as new environments such as virtual
systems, cloud and OT/IoT. Anything that is connected to a reachable network is
a potential target. This will increasingly lead to consequences and impacts in
the real world, and thus also to more demand for official regulations and
sanctions. Stealing data for double extortion as well as disabling security
tools will be the norm, but it will also become more personal with insider
threats and personal data. The chaos will continue as groups keep rebranding to
defy investigations and ransomware-as-a-service will get smaller tier groups
allowing for overlapping usage of different families.
2. Phishing in a
growing ocean
Malicious emails and phishing in all variations are
still at an all-time high. Despite constant awareness campaigns, users still
fall for them and enable the attacker to compromise their organization. We
don't expect AI to fully take over phishing emails in 2022, but expect
increased automation and personalized information from the various data
breaches, making them more effective. New tricks against OAuth and MFA will continue
to generate profit for attackers, allowing them to takeover accounts, despite
plans from companies such as Google to auto-enroll 150 million users to 2FA. In
order to bypass common anti-phishing tools, attacks such as business email
compromise (BEC) will make use of alternative messaging services, like text
messages, Slack or Teams chat.
3. Cryptocurrency -
the attackers favorite
With the price of Bitcoin being at an all-time high, attacks
are increasing with threat actors following the profit. End-users have
struggled with phishing attacks, infostealer and malware that swaps wallet
addresses in memory for quite a while. Besides these attacks, we expect to see
more of them against smart contracts directly, attacking the programs at the
heart of cryptocurrencies. We also expect attacks against Web 3.0 apps to be
happening more frequently in 2022. These new markets open new opportunities for
sophisticated attacks (e.g. flash loan attack), which may allow attackers to
drain millions of dollars from cryptocurrency liquidity pools.
4. Living of the land
chain in full swing
Attackers are going after the trusted connections that allow
them to get into company networks. Software supply chain attacks are one of
these methods, but even without full compromise of a vendor, there are similar
ways in. Attackers are going after the management tools used by the
administrators like professional services automation software (PSA) or remote
monitoring and management (RMM) tools. They are the key to the kingdom, and the
cybercriminals will use them against you. Service providers in particular will
be targeted more frequently, as they often have many automation tools in place
for efficient rollout of new software. Unfortunately, this is now being done by
the attackers to distribute malware.
5. Data breaches for
everyone
Despite the increase of data privacy regulations, the number
of reported data breaches will continue to increase. This is not just because
they have to be reported, but because of the complex interactions and IT
systems. Many companies have lost the overview of where all the data is and how
it can be accessed. Automated data exchange from IoT devices and M2M
communications increases the spread of data further. Unfortunately, we expect
to see many large-scale data breaches in 2022. These data leaks will enable
attackers to enrich their target profiles easily.
6. API attacks
Cloud services are booming and so are serverless computing,
edge computing and API services. In combination with container orchestrations
like Kubernetes, processes can be efficiently automated and dynamically adapted
to the circumstances. Attackers are trying to disrupt this hyper automation by
going after such APIs, which can seriously impact the business processes of a
company.
7. Return of the Web
attacks
Websites still make up an important part of the business
Internet. We expect to see a rebirth of attacks against webservers. Attacks
such as Formjacking, whereby a small JavaScript code is added to websites in
order to steal passwords and payment card details, may reemerge after many
companies have moved to cloud services. We will also see the occasional
ransomware attack trying to encrypt database content through webservices.
8. Undermining social
trust
We will see a continuation of distrust being generated by
fake content on social media. This will be a combination of fake news,
manipulated pictures and deep fake content, supported by an elaborate network
of disinformation groups. But the undermining of the public trust will also
enter consumer lives with fake followers and fake customer reviews, making it
difficult for users to trust any testimonials and content on the Internet. This
may lead to more restrictions and control on some social networks.
9. Adversarial
attacks in AI
As AI is more frequently used to detect anomalies in IT
systems and automatically configure and protect any valuable assets in it, it
is understandable that attackers increasingly will try to attack the logic
within the AI model. Being successful and reversing the decisions inside the AI
model can allow an attacker to remain undetected or generate a denial of
service attack with an undesired state. It may also allow them to identify
timing issues, whereas slow changes are not seen as anomalies and thus not
blocked.
Staying safe in 2022
Cybercriminals are profit-driven and will
try to maximize their gains by automating their business and attacking
companies where they are most exposed. They go after each opportunity that they
can find. It is therefore key to have strong authentication with MFA, timely
patching of vulnerabilities and visibility across the whole infrastructure.
Unfortunately, businesses are still struggling
to effectively protect their entire workloads across the complex ecosystem of
cloud, office and home office. Doing so requires efficient solutions that
integrate cybersecurity with data protection, as well as management and monitoring
of endpoints. This holistic approach of cyber protection allows for an
automated response against the flood of cyberthreats.
##
ABOUT THE AUTHOR
Candid Wüest is the VP of Cyber Protection Research at
Acronis, the Swiss-Singaporean cyber protection company, where he researches on
new threat trends and comprehensive protection methods.
Previously he worked for more than sixteen years as the
tech lead for Symantec's global security response team. Wüest has published a
book, various whitepapers and has been featured as a security expert in
top-tier media outlets. He is a frequent speaker at security-related
conferences including RSAC and AREA41. Wüest is an advisor for the Swiss
federal government on cyber risks.
He learned coding and the English language on a Commodore
64. He holds a master of computer science from the ETH Zurich and various
certifications and patents.