Breaking down the biggest cybersecurity threats incoming in 2022
Cybercriminals’ tactics and the cybersecurity threats they present are constantly evolving, and it is fair to say the last twelve months have seen quite the number – and variety – of attacks. With cyber-attacks at a record high, we have witnessed incidents impacting anything from fuel deliveries to Covid-19 vaccine production.
Coupled with the challenges of securing a remote workforce, it’s become more challenging than ever for organizations to protect data and ensure the uptime of services.
The threat landscape is set to evolve and expand at pace in the year ahead. We should expect to see ransomware gangs continue putting lives at risk, the weaponization of firmware exploits, and much more. Here are four key cybersecurity trends organizations need to be prepared for in 2022.
Hybrid work trend exploited by cybersecurity threats
As hybrid working becomes a permanent reality for many businesses, problems for organizational security will continue to arise. With huge numbers of unmanaged and unsecured devices, the attack surface has dramatically widened.
In the new year, threat actors will go on targeting tools essential to the distributed workforce. We could start to see attackers targeting the homes and personal networks of top executives, or even government officials, as these are easier to compromise than traditional corporate networks.
Phishing will remain an ever-present threat in the era of hybrid work. The line between personal and professional has been blurred, with employees using home devices for work, or corporate devices for personal tasks. Concerningly, we are starting to see attackers using individuals’ own data to develop email lures that are even more difficult to spot. Without a colleague at the next desk or IT team on-site to turn to, it’s likely the increase in successful phishing attacks targeting both corporate and personal email accounts will continue.
The Winter Olympics in Beijing, FIFA World Cup in Qatar, and other global sporting events give threat actors plenty of scope for exploitation. Such high-profile events attract opportunistic attackers, be it a direct attack on organizers, sponsors, and fans — or even hackers targeting the athletes themselves. Organizations need to educate their workforce on the risks and enforce technical controls to prevent compromise.
More sophisticated supply chain attacks
Cybersecurity threats are not evenly distributed. This was emphasized by the Kaseya breach last year – which saw over 1,500 companies impacted by ransomware compromise.
Yet prior to this, Independent Software Vendors (ISVs) without enterprise or government customers had not properly considered the implications of supply chain vulnerabilities. Due to this neglected area of security, it is likely we will see threat actors searching for weak links in software supply chains and targeting widely used software. Thereby, supply chain threats will rise over the next year, with both SMBs and high-profile victims potentially targeted.
Now that this blueprint for monetizing supply chain attacks is in place, we could see this become a more widespread issue in the year ahead as cybercriminals continue to commoditize these Tactics, Techniques, and Procedures (TTPs).
Ransomware gangs pile on pressure to make victims pay up
Given this year has been a record high for ransomware attacks, it is likely this will remain a major risk in 2022. Instead of isolated attacks, we can expect to see victims hit in quick succession by multiple groups. Similar to ‘social media pile-ons’, if an organization is known to have poor security or to have paid a ransom, other threat actors will ‘pile on’ further attacks. This trend where ransomware groups rapidly exfiltrate information from each other prior to demanding a ransom, allows other groups to hit a company multiple times – doubling or even tripling demands.
Ransomware groups won’t stop searching for ways to extort organizations for ransom, this means we will see them intensifying pressure on victims in the coming year. We’ll likely see ransomware attacks hitting a business, and then attempting to extort its business partners and customers.
This year, we saw a large number of cyber incidents within the healthcare sector and Covid-19 vaccine-related organizations. Targeting high-risk technology, such as medical devices, creates a higher chance of causing significant harm. Thereby, cybercriminal groups will continue to target industries such as Healthcare, Energy or Resources next year, as the payout is likely to come fast.
Low-level cybersecurity threats weaponize Nation-State firmware attacks
There is a huge lack of visibility into firmware security, and it is difficult to see when an endpoint has been compromised – a weak point those looking to exploit cybersecurity threats have noticed.
Firmware is where sensitive information like credentials and encryption keys are stored, providing a fertile opportunity for cybercriminals looking to gain long-term persistence or perform destructive attacks. In the last year, we’ve seen attackers performing reconnaissance of firmware configurations, so we can expect to see this exploited further in the future.
Previously, firmware attacks were only used by Nation-State actors. But, in 2022 we can anticipate TTPs being used to target firmware trickle down to the lower-level attackers. This will make firmware attacks more accessible to sophisticated cybercrime groups, which can weaponize threats and monetize attacks.
If that’s not enough, the implications of this are even wider considering this is an area of security often neglected by organizations, with much lower levels of patching observed. Certain industries, such as healthcare, where these attacks could be more probable, should start thinking about the risks posed by low-level malware and exploits.
A new approach to security is crucial
With hybrid work here to stay and rapid advancements made by threat actors, a fresh approach is needed to secure the future of work. A new approach to strengthening organizations’ security measures is critical as cybercrime poses an unprecedented risk. Regardless of industry, firms should prioritize protecting the devices that need it most: the endpoint. Organizations must embrace principles such as Zero Trust – which encompasses least privilege access, isolation, mandatory access control, and strong identity management.
This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralizing cyber-threats. For example, disposable virtual machines can be transparently created whenever the user performs a potentially risky activity, like clicking on an email attachment or link.
This means any malware lurking inside is rendered harmless, allowing organizations to drastically reduce their attack surface. The threat landscape is constantly evolving, with cybercriminals continually employing new tactics to bypass defenses. A layered approach to security starting at the endpoint is crucial in keeping systems safe.
Article contributed by Dave Prezzano, Managing Director, United Kingdom & Ireland at HP Wolf Security
25 June 2022
21 June 2022