Supply chain attacks, ransomware will again make headlines in 2022

2022 may see supply chain attacks and ransomware causing even more problems for organizations, along with the shift to hybrid work and more cyber risks for employees.
23 November 2021

(Photo by GEORGE FREY / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

  • Attacks on the supply chain and ransomware threats are expected to rise in 2022, according to HP Wolf Security
  • The lack of visibility and control over firmware security may lead to more weaponization of firmware
  • Shift to hybrid work also expected to cause more security incidents next year

Supply chain attacks and ransomware made headlines around the world in 2021. While businesses continue to find ways to deal with these problems, the reality is, supply chain attacks and ransomware will most likely only continue in 2022, and maybe even beyond that.

In fact, the European Union Agency for Cybersecurity (ENISA) predicted supply chain attacks to quadruple in 2021 compared to last year. ENISA’s report – Threat Landscape for Supply Chain Attacks, analyzed 24 recent attacks and found that strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers.

There is no denying that the threat landscape is set to evolve at a worrying pace in the year ahead. As 2021 draws to a close, HP Wolf’s security experts and advisors have been reflecting on what the year ahead has in store, identifying four key trends to look out for in 2022.

The four trends are:

  • Increasing commoditization of software supply chain attacks could result in more high-profile victims targeted
  • Ransomware gangs could put lives at risk and engage in ‘pile-ons’
  • Weaponization of firmware attacks will lower the bar for entry
  • Hybrid work and sporting events will create more opportunities to attack users

Supply chain attacks

According to Michael Heywood, supply chain security lead at HP Wolf, the attacks will continue to rise over the next year as threat actors search for weak links in software supply chains, targeting software being used widely and globally, or used by a specific company.

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Wolf added that both SMBs and high-profile victims may be targeted. One example of this is the Kaseya ransomware breach earlier this year.

“Kaseya demonstrated a pathway to monetization for independent software vendor (ISV) breaches. This should be a wake-up call to all ISVs that even if their customer base doesn’t consist of enterprise and government customers, they can still be caught in the crosshairs of attackers looking to exploit their customers. Now that this blueprint is in place, we could see these types of attack become more widespread in the year ahead, targeting both SMBs and high-profile names.”

For Patrick Schläpfer, a malware analyst at HP Wolf, there will also be an increase in open-source software packages containing malicious code. Attackers will proactively inject new threats into open-source libraries that feed into software supply chains. He believes this could lead to more companies being compromised, regardless of whether they have a secure perimeter or good overall posture.

(Photo by SPENCER PLATT / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

Ransomware gangs

 While supply chain attacks can disrupt organizations, ransomware attacks can be more damaging. 2021 already saw major companies falling victim to ransomware attacks and security experts believe the same victims may be potentially targeted again.

“What we’ll see will be akin to ‘social media pile-ons’, with ransomware victims repeatedly targeted by threat actors. Once an organization is ‘soft’, others will pile on to get their share of the action. In some instances, threat actors will hit a company multiple times in double or even triple-dip extortion rackets,” said Joanne Burkey, CISO at HP Wolf.

For Alex Holland, senior malware analyst, extortion methods could also extend beyond the victim as ransomware gangs apply the pressure. He pointed out that ransomware operators will almost certainly intensify the ways they pressure victims into paying their demands. Beyond data leak websites, attackers are using increasingly varied extortion methods, such as cold calling, and contacting customers and business associates of victim organizations.

Weaponization of firmware

The lack of visibility and control over firmware security will exacerbate the security issue. Certain industries where these attacks could be more probable should start thinking about the risks posed by the weaponization of hardware-level malware and exploits. They are very difficult to detect even in the best-case scenario.

With that said, they believe rogue processes and memory mapping bypasses will be hot topics in 2022, with threat actors targeting CPUs, the BIOS, and microcode as part of a revised kill-chain for ransomware attacks.

“The weaponization of hardware-level exploits means that policymakers must step in to develop standards that can help to improve firmware security. By working with industry through a bottom-up approach, policymakers can drive meaningful change in an area that has largely been overlooked,” added Julia Voo, the global lead of Cybersecurity and Tech Policy at HP Wolf.

Hybrid work

The shift to hybrid work will also continue to create problems for organizational security, says Michael Howard, Head of Security and Analytics Practice. “Every single employee remains a target for attackers, with the volume of unmanaged and unsecured devices creating a huge attack surface to defend.”

As such, threat actors could begin targeting the homes and personal networks of top executives, even government officials, as these networks are easier to compromise than traditional enterprise environments. Meanwhile, phishing attacks will remain an ever-present threat in the era of hybrid work, targeting both corporate and personal email accounts. Organizations need to educate the workforce on the risks of their behavior and enforce technical controls to prevent compromise.

High-profile sporting events will also present new opportunities for attackers to target users, according to Schläpfer. He said, “The Winter Olympics in Beijing and FIFA World Cup in Qatar give threat actors plenty of scope for exploitation. Such large events attract opportunistic attackers, be it a direct attack on organizers, sponsors, participants, and fans, or as phishing lures for malware and ransomware campaigns targeted at users. Organizations and individuals alike need to be aware of the risks.”

A new approach to security is needed

Be it supply chain attacks, ransomware, hybrid work problems, or weaponizing firmware, the threat landscape in 2022 will only get more complicated as cybercriminals continue to find ways to wreak havoc on organizations.

The security experts believe that a zero-trust approach may be one way to deal with the issues. However, the reality is, cybercriminals will only continue to be a problem in 2022 and the years to come. The only thing companies can do is to mitigate these risks and be capable of dealing with the cyberattacks should they fall victim.