Virtualization Technology News and Information
Article
RSS
Illusive 2022 Predictions: Arrest Excitement, Ransomware Rebrands, Identity & Setbacks

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

Arrest Excitement, Ransomware Rebrands, Identity & Setbacks

By Wade Lance, Field CTO at Illusive

The past 12 months brought much of the same, as several experts predicted it would. However, in 2021 we saw more retaliatory action from the government and law enforcement than ever before, and of course, the pandemic continued shifting the way we have to think about security. Looking forward, we anticipate seeing more arrests, increased action from cybercriminals, changes to identity management and more. Here are our four predictions heading into 2022:

Cybercriminals and Ransomware Operators are Going to See Recent Arrests as Incentives

Law enforcement has been making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. While some of these efforts have been successful and may prevent more damage from being done, it is important to realize that headline news is a lightning rod for more attacks. Successful attacks breed copycats, and their arrests make room for replacements. Malicious actors are opportunistic. Of course they don't want to get busted and they don't want authorities taking down their infrastructure, but these arrests are an incentive to get into the ransomware market and a learning experience on how to adapt their tactics. I expect a new wave of ransomware operators that use tier 2-3 cryptocurrency to avoid tracking, remotely-located operations to avoid extradition and arrest, and the hardening of operational security to avoid infrastructure takedown.

Ransomware Groups aren't Retiring, They're Re-branding

Don't believe the hype. REvil and BlackMatter are not "shutting down" due to external pressure from the government and law enforcement agencies. We've seen these groups disappear and then pop back up a few months later, sometimes with a new name. Before BlackMatter it was DarkSide. It's like Soundgarden breaking up, only to come back with some adjustments as Audioslave, then going solo as Chris Cornell. These transformations for ransomware groups will become the source of new attacks. This isn't just re-branding, it's re-architecting. There will be new methods of initial attack and penetration, and enhanced approaches to move laterally in the network. There will be new methods of operation to avoid arrest and infrastructure takedown. And there will be loosely affiliated networks of solo operators that pick and choose who they work with through a robust cybercrime underground, just like rotating new drummers through a band.  In 2022 we expect to see more aggressive and complex ransomware efforts.

There is No Zero-Trust Without Identity

If 2021 was the year that Zero Trust security reached mainstream IT -- and it was -- then 2022 will become the realization that it cannot be done without identity first. At its core, Zero Trust is all about authenticating and authorizing access policies that have been designed to provide the least privilege, for the least amount of time, to the least number of assets. After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory system, and there are volumes of exploitable identity risks at every organization. The only companies that are going to successfully operate with a Zero Trust framework are those that start by sorting out their actual identity risks. And it is going to take more than Active Directory (AD), privileged access management (PAM), multi-factor authentication (MFA) and single sign-on (SSO) solutions to manage the risk.

Identity Management Transforms from the CIO to the CISO

Privileged access management (PAM), Active Directory (AD) and single sign-on (SSO) solutions have historically been the responsibility of the IT team. IT teams have a different perspective than security teams; they want to make sure that things go fast, so they try to remove any source of friction. But when AD and PAM are all about making things go fast, then security takes a back seat -- and identity has become too important to leave these risks up in the air. Organizations need to assign security teams to manage these identity solutions, and hire a director to manage the team (and they all report up to the CISO), or there will never be a change in that high-risk mindset, and there will never be Zero Trust because the identity is exploitable. In 2022 we expect to see organizations increasingly moving identity management systems into the CISO organization.

It's imperative that companies realize how adaptive attackers are as we head into 2022. Cyber adversaries are always thinking of new ways to improve and skirt around any obstacles thrown at them. We've seen the lengths these criminals are willing to go to in 2021...and they're just getting started.

##

ABOUT THE AUTHOR

Wade Lance 

Wade Lance is Field CTO at Illusive Networks. He has been productizing new technologies in education, healthcare, and information security for over 20 years. Wade has diverse experience in solution design for global 1000 cybersecurity teams, an extensive background in advanced cyber-attack detection, and a specialty in cyber deception methods and platforms. Prior to his career in information technology, Lance was a professional mountain guide. As Program Director at Appalachian Mountaineering he developed a new method for technical rock and ice climbing instruction that is still used today to teach advanced skills for the most dangerous environments.

Published Wednesday, December 08, 2021 7:33 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2021>
SuMoTuWeThFrSa
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678