Virtualization Technology News and Information
Acronis 2022 Predictions: Cryptocurrency, API attacks, AI and more

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Cyber Threat Predictions for 2022: Cryptocurrency, API attacks, AI and more

By Candid Wüest, VP of cyber protection research, Acronis

As the COVID-19 pandemic spread, everyone had to adapt to a very different routine full of challenges that few were prepared for. This completely changed the security landscape in 2021. Here are nine trends that are likely to define the cybersecurity landscape in 2022.

1. Ransomware affecting your daily lives

Ransomware is one of the most profitable cyberattacks at the moment. Despite some recent arrests, there is no end in sight. Ransomware will expand further to MacOS and Linux, as well as new environments such as virtual systems, cloud and OT/IoT. Anything that is connected to a reachable network is a potential target. This will increasingly lead to consequences and impacts in the real world, and thus also to more demand for official regulations and sanctions. Stealing data for double extortion as well as disabling security tools will be the norm, but it will also become more personal with insider threats and personal data. The chaos will continue as groups keep rebranding to defy investigations and ransomware-as-a-service will get smaller tier groups allowing for overlapping usage of different families.

2. Phishing in a growing ocean

Malicious emails and phishing in all variations are still at an all-time high. Despite constant awareness campaigns, users still fall for them and enable the attacker to compromise their organization. We don't expect AI to fully take over phishing emails in 2022, but expect increased automation and personalized information from the various data breaches, making them more effective. New tricks against OAuth and MFA will continue to generate profit for attackers, allowing them to takeover accounts, despite plans from companies such as Google to auto-enroll 150 million users to 2FA. In order to bypass common anti-phishing tools, attacks such as business email compromise (BEC) will make use of alternative messaging services, like text messages, Slack or Teams chat.

3. Cryptocurrency - the attackers favorite

With the price of Bitcoin being at an all-time high, attacks are increasing with threat actors following the profit. End-users have struggled with phishing attacks, infostealer and malware that swaps wallet addresses in memory for quite a while. Besides these attacks, we expect to see more of them against smart contracts directly, attacking the programs at the heart of cryptocurrencies. We also expect attacks against Web 3.0 apps to be happening more frequently in 2022. These new markets open new opportunities for sophisticated attacks (e.g. flash loan attack), which may allow attackers to drain millions of dollars from cryptocurrency liquidity pools.

4. Living of the land chain in full swing

Attackers are going after the trusted connections that allow them to get into company networks. Software supply chain attacks are one of these methods, but even without full compromise of a vendor, there are similar ways in. Attackers are going after the management tools used by the administrators like professional services automation software (PSA) or remote monitoring and management (RMM) tools. They are the key to the kingdom, and the cybercriminals will use them against you. Service providers in particular will be targeted more frequently, as they often have many automation tools in place for efficient rollout of new software. Unfortunately, this is now being done by the attackers to distribute malware.

5. Data breaches for everyone

Despite the increase of data privacy regulations, the number of reported data breaches will continue to increase. This is not just because they have to be reported, but because of the complex interactions and IT systems. Many companies have lost the overview of where all the data is and how it can be accessed. Automated data exchange from IoT devices and M2M communications increases the spread of data further. Unfortunately, we expect to see many large-scale data breaches in 2022. These data leaks will enable attackers to enrich their target profiles easily.

6. API attacks

Cloud services are booming and so are serverless computing, edge computing and API services. In combination with container orchestrations like Kubernetes, processes can be efficiently automated and dynamically adapted to the circumstances. Attackers are trying to disrupt this hyper automation by going after such APIs, which can seriously impact the business processes of a company.

7. Return of the Web attacks

Websites still make up an important part of the business Internet. We expect to see a rebirth of attacks against webservers. Attacks such as Formjacking, whereby a small JavaScript code is added to websites in order to steal passwords and payment card details, may reemerge after many companies have moved to cloud services. We will also see the occasional ransomware attack trying to encrypt database content through webservices.

8. Undermining social trust

We will see a continuation of distrust being generated by fake content on social media. This will be a combination of fake news, manipulated pictures and deep fake content, supported by an elaborate network of disinformation groups. But the undermining of the public trust will also enter consumer lives with fake followers and fake customer reviews, making it difficult for users to trust any testimonials and content on the Internet. This may lead to more restrictions and control on some social networks.

9. Adversarial attacks in AI

As AI is more frequently used to detect anomalies in IT systems and automatically configure and protect any valuable assets in it, it is understandable that attackers increasingly will try to attack the logic within the AI model. Being successful and reversing the decisions inside the AI model can allow an attacker to remain undetected or generate a denial of service attack with an undesired state. It may also allow them to identify timing issues, whereas slow changes are not seen as anomalies and thus not blocked.

Staying safe in 2022

Cybercriminals are profit-driven and will try to maximize their gains by automating their business and attacking companies where they are most exposed. They go after each opportunity that they can find. It is therefore key to have strong authentication with MFA, timely patching of vulnerabilities and visibility across the whole infrastructure.

Unfortunately, businesses are still struggling to effectively protect their entire workloads across the complex ecosystem of cloud, office and home office. Doing so requires efficient solutions that integrate cybersecurity with data protection, as well as management and monitoring of endpoints. This holistic approach of cyber protection allows for an automated response against the flood of cyberthreats.



Candid Wuest 

Candid Wüest is the VP of Cyber Protection Research at Acronis, the Swiss-Singaporean cyber protection company, where he researches on new threat trends and comprehensive protection methods.

Previously he worked for more than sixteen years as the tech lead for Symantec's global security response team. Wüest has published a book, various whitepapers and has been featured as a security expert in top-tier media outlets. He is a frequent speaker at security-related conferences including RSAC and AREA41. Wüest is an advisor for the Swiss federal government on cyber risks.

He learned coding and the English language on a Commodore 64. He holds a master of computer science from the ETH Zurich and various certifications and patents.

Published Monday, November 15, 2021 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>