2022 Informed: Ten cyber security predictions for the year ahead

Software Supply chain attacks-as service; ransomware’s migration to the cloud and AI’s ability to create hyper-realistic identity scams are among the key threats to enterprises in 2022 according to a range of security experts and advisors that we spoke with – and also expect cybersecurity premiums to skyrocket.

1: New dawn for supply chain attacks-as-a-service

“After the attacks against SolarWinds and Microsoft Office 365 proved fruitful, the commoditisation of software supply chain vulnerabilities has become extremely attractive to attackers. Using the ransomware-as-a-service model, specialized threat actors who are capable of infiltrating software build pipelines – which requires a high level of targeted skill in technologies like Jenkins, GitLab, GitHub, and Kubernetes – will ‘productize’ their expertise to sell to dark web buyers.”

Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi

“Healthcare firms, as well as those in Energy and Resources, that use lots of different hardware and software from various vendors will be the main targets for software supply chain attacks.”

Robert Masse – HP Wolf Security Experts

2: Ransomware moves to the cloud

“2022 will likely see an increase in cloud compromise and service outages. Hastily configured cloud instances will likely be easy pickings for cyber criminals and will see more customers struggling with breaches.”

Adam Seamons, systems & security engineer GRC International Group

“As the proliferation of cloud and digital transformation continues, we will see even more exploitation of the cloud. This could be in the form of lateral movement from the cloud, or from on-prem to the cloud, or from cloud to lateral movement via the cloud.”

Vinay Pidathala – director of security Research, Menlo Security

“Ransomware will shift to exfiltrating and encrypting cloud data. While this has sometimes happened by attacking third-party processors of data – see recent example of Labour Party member data being ransomed in the UK – 2022 will be the year where data which is on the customer’s side of the “shared responsibility” model undergoes direct attack by one or more ransomware gangs.”

Steve Cottrell, EMEA CTO at Vectra AI

Others warn that enterprising cyber criminals are busy making notes of key dates in the 2022 calendar…

“Expect to see a growth in seasonal ransomware. Every organisation has seasonal weak points whether it’s confectionary companies before the holidays, the vacation market in Spring or a global enterprise that holds a large annual event. You are going to be attacked when you’re at your most vulnerable,”

Mark Guntrip, senior director, Cybersecurity Strategy, Menlo Security

“High-profile sporting events will present new opportunities for attackers to target users. The Winter Olympics in Beijing and FIFA World Cup in Qatar give threat actors plenty of scope for exploitation. Such large events attract opportunistic attackers, either a direct attack on organizers, sponsors, participants and fans, or as phishing lures for malware and ransomware campaigns targeted at users.”

Patrick Schläpfe, HP Wolf Security Experts

Our experts point out that, as more devices become connected machine identity management also needs to be a top priority for enterprise this year …

“Expect to see ransomware holding enterprise IoT devices hostage. Their campaigns will attempt to take over everything from security cameras to diabetes monitors to point of sale devices, often by stealing machine identities. And because IoT depends on machine identity, individual things don’t need to be targeted, just the service providing software updates and command-and-control.”

Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi.

And rather than executing a short, sharp shock, we can expect many of these attacks to be silent and to make their impact slowly…

“Cyber criminals are looking to infiltrate organisations without being noticed for longer periods. This way, data can be exfiltrated from servers and endpoints at a slow and steady pace without drawing attention. With the increase in hybrid working, it’s information on remote computers that is typically less well protected, which is most at risk. By the time these quiet attacks are detected, it’s often too late.”

Nigel Thorpe, technical director at SecureAge

3: Governments push back on ransomware attacks

“There needs to more direction from government on regulation and a tightening of existing practices. We should expect to see clearer processes and mandatory reporting procedures on ransomware.”

Mark Guntrip, senior director, Cybersecurity Strategy, Melno Security

“One proposal in the US is a legislative ban on paying ransoms to threat actors, which, it is hoped, will limit revenue for ransomware gangs and consequently reduce their capabilities.  

“Sanctions are also proving effective: several ransomware groups and their associated cryptocurrency wallets are listed as sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC) and we expect more to be added to this list over the coming year.”

Jamie Smith, head of cyber security, S-RM.

4: Rise of the hyper-realistic scam

“Phishing scams will become lifelike in 2022. Scammers will scour social media to mimic language used by the person they intend to impersonate, find their location, time zone and which employees report into them. Context, timing and writing ability will be precise and accurate, resulting in highly personalised and extremely convincing messages that even the best trained employee could be duped by.”

Armen Najarian, chief identity officer, Outseer

“Throughout the pandemic the use of video comms for both personal and work use increased. This opened up new opportunities for fraudsters who already have voice channels as one of their preferred means of attack. 

“Deepfakes are not just image and video related, voice synthesis (making a machine sound like somebody) and voice conversion (making a human talker sound like someone else) are growing trends and fraudsters are increasingly taking advantage of innovative audio tools.”

Dr. Nikolay Gaubitch, director of research at Pindrop

5: Passwords as user verification will be phased out

“The number of credentials each user has is exploding. Poorly managed and weak passwords are a prime target for hackers and organisations are responding by going password-less to remove this weakness all together.”

Greg Day, VP & CSO, EMEA at Palo Alto Networks

“Expect to see more device-agnostic biometric authentication solutions deployed that enable employees, contractors and suppliers to work more easily and securely across multiple devices. This frees workers and employers from the vulnerabilities and complexity of password management, while simplifying login to enterprise applications across environments.

Dominic Forrest, chief technical officer UK facial verification leader, iProov,

6: Criminals increase their trade in breached data

“There will be a surge in data extraction and extortion following ransomware attacks. The stress of a cyber breach very rarely stops once the organisation has or has not paid up. In addition to sensitive company data ending up on a public data leak site, criminals have been known to sell files to each other or even to a competitor in a foreign market.”

Mike Sentonas, CTO, of the major cybersecurity brand CrowdStrike

“More data breaches in 2022 will originate from API security mistakes as the ecosystem continues to grow and organisations rely on them to connect mobile applications, IoT devices, microservices, containers and serverless functions to the underlying data layer.”

Peter Klimek, director of technology, Office of the CTO, Imperva

7: ‘Hacktivism’ reaches a new level of global influence

“For groups like [Iranian human rights-motivated hackers] Edalat-e, hacking has become a form of protest. Hacker activists, or ‘hacktivists’, apply their craft to achieve political outcomes. These groups will continue to be prevalent in 2022, even reaching a new level of influence both online and IRL.”

Steve Wilson, UK & Ireland director at Norton

8: The rise of the malicious QR code

“From track-and-trace to ordering from menus, we’ve seen an increase in easy-to-use QR codes across multiple industries since the start of the pandemic. However, threat actors are now exploiting the increased familiarity of this technology by sending out targeted phishing emails containing malicious QR codes. Cyber criminals like the fact that QR codes negate the need to include URLs or attachments that might get intercepted when scanned by an email gateway, meaning attackers are less likely to be detected.”

Magni  Reynir Sigurðsson, senior manager of detection technologies at Cyren

9: Criminals exploit weaknesses in digital wallets

“Hijacking wire transfers has become increasingly difficult for cybercriminals as financial institutions encrypt transactions and require multi-factor authentication (MFA). Digital wallets, on the other hand, can sometimes be less secure. While individual wallets may not have as big a payoff, this could change in 2022 as businesses begin to rely on digital wallets as currency for online transactions.”

Derek Manky, chief security insights & global threat alliances at Fortinet’s FortiGuard Labs division

10: Cyber Insurers become less willing to underwrite risk

“The market will make it clear that cyber threats can no longer be managed by simply ‘transferring’ risk to an insurer. Throughout 2019 and 2020, most organisations were able to obtain cyber insurance with relative ease and, at relatively low cost, as the insurance market saw intense competition for customers. As cyber incidents have increased and insurers have experienced significant losses this dynamic has changed. Cyber Insurance premiums will rise and will become harder to obtain.”

S-RM cyber and risk consultants – head of cyber security, Jamie Smith