Security forecast for 2022 from Acronis
As the COVID-19 pandemic spread, everyone had to adapt to a very different routine full of challenges that few were prepared for. This completely changed the security landscape in 2021. Here are key trends that are likely to define the cybersecurity landscape going into 2022.?
1. Ransomware continues to grow and evolve despite U.S. and Interpol/Europol efforts.
Ransomware is one of the most profitable cyberattacks at the moment. Despite some recent arrests, there is no end in sight. Ransomware will expand further to macOS and Linux, as well as to new environments such as virtual systems, cloud, and OT/IoT. Anything that is connected to a reachable network is a potential target. This will increasingly lead to consequences and impacts in the real world, and thus also to more demand for official regulations and sanctions. Stealing data for double extortion as well as disabling security tools will be the norm; but it will also become more personal with insider threats and personal data.
2. Cryptocurrency will become the attackers’ favorite.
With the price of Bitcoin at an all-time high, attacks are increasing with threat actors following profits. End users have struggled with phishing attacks, infostealers and malware that swap wallet addresses in memory for quite some time. We expect to see more of these attacks waged directly against smart contracts —attacking the programs at the heart of cryptocurrencies. We also expect attacks against Web 3.0 apps to occur more frequently in 2022. These new markets open new opportunities for sophisticated attacks (e.g., flash loan attack), which may allow attackers to drain millions of dollars from cryptocurrency liquidity pools.?
3. Phishing will continue to be the main infection vector.
Malicious emails and phishing in all variations are still at an all-time high. Despite constant awareness campaigns, users still fall for them and enable the attacker to compromise their organization. We don’t expect AI to fully take over phishing emails in 2022, but instead expect increased automation and personalized information with these various data breaches, making them more effective. New tricks against OAuth and MFA will continue to generate profit for attackers, allowing them to take over accounts, despite plans from companies such as Google to auto-enroll 150 million users to 2FA. In order to bypass common anti-phishing tools, attacks such as business email compromise (BEC) will make use of alternative messaging services, such as text messages, Slack, or Teams chat. This goes hand-in-hand with the hijacking of legitimate email distribution services, as for example in November, when the FBI’s own email service was compromised and started sending spam emails.
4. MSPs will be targeted via the tools they use.
Attackers are going after the trusted connections that allow them to gain access to company networks. Software supply chain attacks are one of these methods, but even without full compromise of a vendor, there are similar ways to get in. Attackers are going after management tools used by the administrators, like professional services automation software (PSA), or remote monitoring and management (RMM) tools. They are the keys to the kingdom, and cybercriminals will use them against you. Service providers in particular will be targeted more frequently, as they often have many automation tools in place for the efficient rollout of new software. Unfortunately, this is now being done by the attackers in order to distribute malware. This can go together or in parallel with supply-chain attacks on a source code level. We expect more and more attacks when the source code of used apps or libraries are modified with malicious intent.?
5. Trust will be compromised on a cloud level: API attacks
Cloud services are booming and so are serverless computing, edge computing, and API services. In combination with container orchestrations like Kubernetes, processes can be efficiently automated and dynamically adapted to various circumstances. Attackers are trying to disrupt this hyper-automation by going after such APIs, which can seriously impact the business processes of a company.?
6. Data breaches for everyone
Despite the increase in data privacy regulations, the number of reported data breaches will also continue to increase. This is not just because they have to be reported, but because of the complex interactions and IT systems. Many companies have lost the overview of where all their data is and how it can be accessed. And automated data exchange from IoT devices and M2M communications increases the spread of data further. Unfortunately, we expect to see many large-scale data breaches in 2022. These data leaks will enable attackers to enrich their target profiles easily.?
7. Adversarial attacks in AI
As AI is more frequently used to detect anomalies in IT systems and automatically configure and protect any valuable assets in them, it is understandable that attackers increasingly will try to attack the logic within the AI model. Being successful at reversing the decisions inside the AI model can allow an attacker to remain undetected or generate a denial of service attack with an undesired state. It may also allow them to identify timing issues, whereas slow changes are not seen as anomalies and thus are not blocked.
8. Security products unification: One vendor paradigm
To be better prepared for all these threats mentioned above, businesses must favor security vendors who provide wider security coverage under one product or umbrella of products. This helps to minimize supply-chain attacks, and allows faster reaction and recovery, which are crucial for keeping businesses up and running. Cybercriminals are profit-driven and will try to maximize their gains by automating their business and attacking companies where they are most exposed. They aggressively pursue each opportunity that they can find, and so it is therefore key to have strong authentication with MFA, timely patching of vulnerabilities, and visibility in place across the whole infrastructure.?
Staying safe in 2022
Unfortunately, businesses are still struggling to effectively protect their entire workloads across the complex ecosystem of cloud, office, and home office. Doing so requires efficient solutions that integrate cybersecurity with data protection, as well as management and monitoring of endpoints. This holistic approach to cyber protection allows for an automated response against the flood of cyberthreats.?
Related articles: