Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

How Operator-driven Ransomware and New Detection Strategies will Impact the Future of Cybersecurity

By Shay Nahari, CyberArk's VP of Red Team

2021 was filled with high-profile cyber attacks- from supply chain attacks like SolarWinds to ransomware attacks like Colonial Pipeline along with major vulnerabilities like Log4j. However, as we know too well, one of the biggest trends 2021 brought was the new world of consistent remote work. This new way of work often requires secure cloud environments for employees to engage on, but it also expanded organizations' attack surface and allowed attackers to evolve and develop new methods to target enterprise infrastructure. An employee can log on to work with any device from anywhere in the world, and while this may seem like an abundance of freedom for the average worker, cybersecurity professionals face major challenges to secure this shift.

As a result, many organizations continue to be unaware of the risks they face. Fortunately, by analyzing hacking strategies from the previous year, we can try and forecast some of the challenges facing the cybersecurity industry in 2022 and innovative approaches attackers are using to stay undetected in virtual environments:

Operator-driven Ransomware

The evolution of ransomware as a service (RaaS) has only just begun. In 2022, the provision of ransomware will continue to evolve. We will see operator-driven ransomware expand, with a clear distinction between off-the-shelf ransomware payloads and delivery methods, and skilled actors moving through networks while maintaining operational security until they deploy the actual ransomware code and make their presence known.

Ransomware detection cat and mouse

In addition, most current ransomware families share multiple technical behaviors, tactics, techniques and procedures (e.g. the way they delete backup encryption functions and shadow volumes, which encryption API's they used, and how they perform initial execution), of which security tools typically find common indicators of compromise to detect and block. The widespread adoption of security tools designed to combat ransomware is forcing ransomware authors to innovate and find different methods to avoid common detections being deployed today.

Proactive Steps: Multi-Factor Authentication

There are steps an organization can take to protect themselves against these evolving tactics. Multi-factor authentication (MFA) is one of them and has become increasingly critical throughout all industries. Identity has become the prerogative and a first line of defense for most organizations. We've seen changes in the threat landscape as many previously used security practices become obsolete, and in the post-pandemic world, there has been a huge shift to the welcome home model. As many people work from home on untrusted sources and networks, MFA can play a critical role in ensuring that whoever is logging on is who they say they are, regardless of where they may be. MFA expands trust as access is tied to multiple verification points rather than a single credential, which in turn increases the operational cost and detection threshold of attacking these controls.

Even Further: Adversary Simulations

In real-world breaches, adversaries are always evolving and operating with a goal in mind, whether it be to steal intellectual property, obtain personal information or benefit monetarily. Therefore, organizations need to be proactive and operate with an assumption that a breach has already occurred. They can take their security posture to the next level by testing without risking a real breach. The CyberArk Adversary simulation team helps organizations do this by testing their ability to detect and respond to targeted attacks on their infrastructure. By coordinating with cybersecurity professionals who perform these simulations, leaders can ensure that their systems are protected on a higher tier. Thinking and acting like real attackers can help organizations find flaws or vulnerabilities in their security network and patch them before a real incident occurs.

2022 and Beyond

If last year was any indication, 2022 will be filled with new challenges surrounding ransomware as industry leaders develop new ways to secure networks. Even though attackers are getting savvier with their techniques and tactics, there are still ways to keep your organization safe from these types of attacks, such as employing MFA and adversary simulations. By forecasting what trends may come in the future, we can take proactive steps to prepare for these possibilities today.

##

ABOUT THE AUTHOR

Shay Nahari is the Vice President of Red Team Services at CyberArk, the leader in Identity Security. The Red Team specializes in adversary simulations to anticipate weaknesses and develop tactics, techniques, and procedures to patch vulnerabilities within networks. Before joining CyberArk, Shay was a commander in the Israel Defense Forces communications unit, and he has more than 15 years of experience in cybersecurity and telecommunications. Shay brings a unique perspective to cybersecurity with his ability to think like a hacker.