Virtualization Technology News and Information
Acronis 2022 Predictions: Cyber Threats to Avoid in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Cyber Threats to Avoid in 2022

By Topher Tebow, Senior Cybersecurity Researcher, Acronis

Everything changed in 2020. COVID-19 sent us all home, and with that came a slew of cybersecurity hurdles that most companies were not prepared for. In 2021, we saw a continuation of work-from-home, even if it was only part-time. Will 2022 be a return to normal, a continuation of uncertainty, or a new normal? The reality is that it looks like there is a new normal, that includes a more permanent remote or hybrid workforce. We have already seen threat actors responding to this status change, and can expect that they will be resilient instead of giving up.

Death of ransomware

No, ransomware isn't suddenly going to disappear, but ransomware operators have proven to be some of the most resilient and innovative threat actors out there. These gangs have become more organized and corporate in their structures, and are using any means at their disposal to extort money from their victims. It is not unreasonable to start calling these groups extortion gangs instead of ransomware gangs, as they have proven that encrypting and ransoming data is not their only goal.

A prime example of this shift in the ransomware industry is the Accellion FTA attack at the end of 2020. The Cl0p ransomware gang was attributed with responsibility for this attack, only there was no ransomware used in the attack. Instead, data was simply stolen from the vulnerable file transfer appliances, and later leaked online if victims did not pay the ransom demand.

Of course, other tactics are being used, such as DDoS attacks, reaching out to customers of victims to demand a ransom of their personal information, searching for data like cyber-insurance policies in stolen data to adjust the ransom demand, and even threating to release stolen data if the victim contacts law enforcement or a professional negotiator. Going forward, we can expect this resilience and flexibility to continue, and ransomware operations by the end of 2022 may be unrecognizable compared to what we see today.

Phishing legends

Phishing attacks have been the primary attack vector for malware and ransomware for many years now, and this trend will not be slowing down any time soon. As companies and individuals have become more vigilant in looking out for suspicious emails, attackers have begun using more legitimate looking templates. Add to that the fact that phishing attacks have a larger attack surface than ever before, with chat applications like Microsoft Teams or Slack being used more for regular business communication than in the past, only increases the number of phishing attacks we will see. This will lead to more stolen credentials and data, as well as further spread of malware and ransomware.

Into the breach

One thing both ransomware and phishing can lead to is a data breach. Your data is valuable, and the criminals know it. Now is the time to prepare your plan for how you will respond to a data breach, as well as look at your attack surface and begin plugging any holes. 2021 saw a number of high-profile data breaches, and if we are not prepared, 2022 will see even more.

Off the grid

A threat tactic that has been on the rise for a number of years is the concept of using trusted resources for evil. This is something that is likely to continue to rise over the next few years, as it has proven to be an effective method of avoiding detection. Once an attacker gains access to a system, they can use trusted tools, like Powershell or WMIC to run malicious commands in memory from a source that is generally considered benign. Malicious attacks don't always require malicious files, and the future of attacks is fileless.

Moment of glory

In 2021, we have seen a number of threat actors taken down and arrested by law enforcement. In some cases, the entire organization is dismantled, while other times only top leadership is arrested. There are even threat groups who have voluntarily shut down once they begin feeling the heat from law enforcement. No matter how it happens, one group shutting down only leaves room for others to step up and take over.

After the DarkSide attack on Colonial Pipeline, the ransomware gang shut down operations. Not long after the shutdown, a new group called BlackMatter showed up. This new group looks to be a successor of DarkSide, based on the code and tactics used by the organization. By November, the FBI began offering rewards for information leading to the arrest of key leadership in the DarkSide gang, as well as its successors. If this push to take down the leadership is successful, either new leadership will rise up, and possibly rebrand, or another gang will take their place. While we celebrate the victories, they do not mean that we can relax our security postures.

Know the law

An increasing number of governments are adding laws to protect the privacy of their citizens, or to regulate how organizations are required to prepare for and respond to certain types of attacks. This trend is going to continue, and it will be important to know the laws in all locations where your company operates. Be proactive in seeking out new laws, and be prepared to update your processes, software, and hardware to remain compliant as these laws are implemented.

Not my fault

2021 has shown us that attacking the supply chain is a great way for attackers to hit multiple targets at once. These attacks abuse the trust relationship between a software, hardware, or service provider to sneak vulnerabilities or malware onto your systems as part of a trusted update or installation. When this happens, it is not a benefit to simply blame the vendor. Each organization needs to be reviewing the security practices of their suppliers, as well as their own practices. Supply chain attacks rose throughout 2021, and are highly profitable for cybercriminals, so they will not be disappearing in the near future.

They are all fake

Attackers are continually improving the believability of their scams. CEO fraud, and other types of email scams are using language that makes sense to the recipient, and part of that is due to the development of machine learning and AI. Moving forward, we will need to be especially wary of unexpected requests for information, credentials, or financial resources. AI bots have become conversational, and with public figures like a CEO, the bots can be trained relatively quickly to mimic the writing patterns of that individual based on publicly available writing samples. This problem will only increase as the technology develops, making it more difficult to differentiate real messages from scams.

Focus on cyber protection

Cyber protection has become much more prominent - at least in conversation. More companies are beginning to at least consider their risks, and what it will take to eliminate them. The problem is that most companies are still unwilling to hire the necessary cybersecurity staff, or install proper tools to protect their systems, opting for a minimum acceptable level of security instead. This may reduce the chances of a cyberattack, but it will not eliminate the possibility of becoming the victim of a malicious actor.

Final thoughts

There may not be any new or novel types of attacks that we will have to account for in 2022, but that is probably a good thing. While many organizations have improved their security posture over the last two years, most are still far from being able to truly guarantee the safety of the data they manage or the services they provide. Access needs to be restricted to only those individuals who have a business need, and securing logins with stronger password security requirements and MFA will be critical steps toward keeping data safe in 2022.

While access control is a great start, each organization also needs improve their other security practices to ensure the attack surface is minimized. The office is everywhere now, and everywhere is a much bigger place to protect. In this changing world, we need to look at every aspect of our physical and digital offices, and simply ask the question, "How can I make this more secure?"



Topher Tebow 

Topher Tebow is a cybersecurity researcher, focusing on community collaboration and threat analysis. Topher has been working with malware and other cyberthreats for more than a decade, beginning with web-based malware before moving into endpoint protection. Topher has written technical content for several companies, covering topics from security trends and best practices, to the analysis of malware and vulnerabilities. In addition to being published in industry publications like Cyber Defense Magazine and Security Boulevard, Topher has contributed to articles by several leading publications, and spoken at international cybersecurity events.

Published Monday, November 22, 2021 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>