Virtualization Technology News and Information
KnowBe4 2022 Predictions: Cybersecurity Threats in 2022: Go Big or Go Home

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Cybersecurity Threats in 2022: Go Big or Go Home

By Javvad Malik, Security Awareness Advocate, KnowBe4

It has been quite the year. And who really could have predicted that we would still be talking about lockdowns nearly two years since the start of the pandemic? When it comes to cybersecurity, the word on everyone's lips in 2021 was clearly ransomware and it is a trend we will likely see continue and evolve in 2022, along with a few other attack vectors. These may sound like complex Hollywood plots, but whether they emerge full-blown in 2022 or the foundations are merely laid - the probability of seeing these come to fruition is high.

First up on the list is nuclear ransomware 3.0, which sees ransomware gangs morph into "everything gangs". Instead of just performing ransomware and data exfiltration attacks, they are cryptomining, creating botnets, carrying out DDoS attacks and more. The attack gangs of the future will look at every new victim as a pot of gold and try to figure out what to do - and in which order - to maximize financial value extraction. For example, maybe they first do password exfiltration, then kick in a BEC compromise, next cryptomining, then data exfiltration/identity theft, experiment with spear phishing trusted partners, then and only then, ransomware encryption. While 2021 has seen the double-extortion tactics take off, 2022 could see multiple incursions. It will make us long for the good ol' days when they just locked up our data. 

Secondly, a new dangerous and persistent metamorphic malware family called "Tardigrade" is a recent strain of Windows malware. It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. This "metamorphic" ability prevents the malware from leaving a consistent signature behind, making it very hard for antivirus programs to spot. It contains the sneaky ability to spread both via phishing emails and USB devices. Similar to Stuxnet, Tardigrade was obviously developed by a highly sophisticated organization, probably a nation-state. However, now that it is in the wild, we can expect it to be unleashed by far less sophisticated threat actors, upping the stakes yet again.

Third, remember when Facebook changed its name to Meta? Well, the brand formerly known as Facebook will entice the masses to join the Metaverse. And where the people go, criminals will follow. We will likely see virtual attacks against both individuals and organizations using Meta as the host environment. This will include virtual looting, virtual theft, account takeovers and more creative criminal exploits. 

Fourth, disinformation powered by deep fakes will cause a political/financial circus. It can be argued that this has already happened to some extent, but the advancement of deep fake technology will bring about a coordinated disinformation campaign that will rely heavily on deep fakes and manipulated footage to cause a political/financial circus. A deep fake could be used to manipulate a certain political party's views by stating false opinions, promises or beliefs of a particular candidate. This could cause a chain reaction of certain organizations pulling funds from a political campaign based on statements made by the deep fake.  

And speaking of financial circuses, fifth on the predictions list is an attack against cryptocurrency will hit real-world economies. It will involve a major cryptocurrency being attacked, causing billions of dollars in lost value - either through direct theft or in value loss. Many individuals and organizations will be severely impacted and it could even be referred to as the Black Crypto Day.

A sixth prediction is the rise of dark economy with M&A. A lot of criminal gangs have become extremely wealthy. In fact, some shady organisations are large enough to be listed on a stock exchange. So, we will see a more formalised dark economy emerge with some M&A activity taking place as gangs look to cash-in by selling their organizations, while others look to grow in capability and reach.  

And finally, a bonus prediction: when AI goes wrong in 2022. We will likely see the first wave of intelligent attack bots. The future of this threat means that we will inevitably see a clash between good threat hunting bots versus bad bots - and the one with the best algorithm wins.

All in all, in many ways, it may appear as if things are getting worse for cybersecurity professionals who are trying their best to protect their organizations. However, we are starting to see more of a focus on the human element and human behavior of cybersecurity protection measures. This is a positive shift in direction because organizations can implement all of the technical tools and controls in the world, but if they do not focus their efforts on the human layer of security and improving security awareness, they are going to run into challenges. At the end of the day, a strong security culture is what truly matters and what we will see organizations focused on as we move into 2022.



Javvad Malik 

Javvad Malik is a security awareness advocate for EMEA at KnowBe4. A security professional of 20 years, Malik began his career as an IT security administrator. He has since worked as a consultant, an industry analyst, and a security advocate. Malik is well-known within the information security industry, having spoken at many events and conferences around the world in addition to being a YouTuber, podcaster, blogger, and researcher. With a distinctive style, he takes a fresh and often innovative look at even mundane topics and presents them in an entertaining and informative light. Tackling the most complex issues with ease in this witty style is Malik’s forte.

Published Thursday, January 06, 2022 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>