This year is coming to an end, and the cybersecurity community is working hard on technologies and solutions that will protect consumers and business users in 2022 and beyond. Bitdefender Labs and its Managed Detection and Response team are renowned for their keen insights of the rapidly evolving threat landscape.
Here are the top five cybersecurity predictions for 2022 from our experts:
1. Ransomware will continue to dominate the threat landscape
Unfortunately, our prediction for increased ransomware activity in 2021 came true. 2021 was extremely active for ransomware. Solar Winds, The Colonial Pipeline, Kaseya, and Brenntag are just some of the big names involved in ransomware attacks that the US Treasury tied to $5.2 billion worth of payments during 2021 alone.
“Ransomware will continue to be the most lucrative type of cyber-crime in 2022. We expect to see an increase in Ransomware-as-a-Service (RaaS) attacks that will focus on data exfiltration for blackmailing purposes,” said Dragos Gavrilut, director of the Cyber Threat Intelligence Lab at Bitdefender. “Just like any mature business, ransomware will have to constantly keep up with both competition and cyber-security vendors alike.”
Bitdefender also expects a boost in ransomware for Linux environments that target ESXi storage or templates. ‘silent ransomware’ – malware that stays dormant for periods of time before encrypting data will likely be used in more attacks. The Java Log4j vulnerability that recently shook up the cybersecurity community because of its pervasiveness and ease of exploit, created a perfect storm for ransomware. We expect to see fallout from Log4j in the coming months and for potentially years to come. Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), called it "the most serious flaw" she has seen in her decades-long career.
Overall, ransomware as a service will undergo reorganization to focus on becoming more resilient, going into the realm of zero-day exploits for maximized reach.
2. State-sponsored attacks will leave communities in the dark
Political tensions will likely have a great impact on the cyber-realm as nation-states race for digital supremacy. 2022 will likely be the year of cyber-attacks against critical infrastructure. Killware could be the weapon of choice since it can be deployed using similar tactics as classic APTs and is effective against power grids, water and sewage plants or public transportation with immediate impact on communities and societies. “It’s not just public utilities, but also chunks of the Internet that attackers might want to disrupt in 2022,” confirms Alex “Jay” Balan, director of security research at Bitdefender.
DDoS attacks and hijacking of the Border Gateway Protocol (BGP) will soar, causing massive disruption to digital economies and telecommunication. “We will potentially see hack-back initiatives around the world, especially against nation-states that provide cyber-criminals safe harbor for digital crimes targeting US or European institutions,” added Catalin Coșoi chief security strategist at Bitdefender.
3. Supply chain attacks and zero-day markets will rise
Among the lessons learned in 2021, supply chain attacks targeting Managed Service Providers (MSPs) were the hardest to mitigate. In contrast to other threats, supply chain attacks are more silent, more difficult to stop and propagate at a faster pace. Professional cyber-crime groups will focus more on breaching MSPs to deliver ransomware to larger pools of potential victims. “As cyber-security vendors started to address the documented MiTRE techniques, cyber-criminals will focus their research on the discovery and implementation of new techniques for implementing MiTRE/Kill-chain tactics. We expect to see new attack avenues leveraging COM/WMI, as these are insufficiently monitored by existing EDR technologies,” predicts Dan-Horea Lutas, senior manager at Bitdefender who oversees behavior-based malware detection and anti-exploit technologies.
Public open-source code repositories such as Pypi or NPM will also gain unwanted attention from cyber-criminal groups looking to sneak malicious code into products or infrastructure for supply chain attack purposes.
On top of supply chain attacks, Bitdefender also expects to see an increase in usage of zero-day exploits in certain targeted attacks. In 2021, Bitdefender saw an increase in zero-day vulnerabilities in all major technology stacks (Chrome, Exchange, Office, Windows 10, iOS), and the future does not look any better. Tianfu Cup, the Chinese version of Pwn2Own was a clear display of the capabilities available to other non-English speaking countries.
But there is more than zero-day vulnerabilities that will allow cyber-criminals to cause widespread damage to businesses. Tools such as CobaltStrike will become increasingly adopted by malware operators. “Cyber-criminals find inspiration inside the community – if one cyber-crime group rises to fame by employing existing tools, the rest of the community will follow suit,” says Radu Portase, principal technical lead at Bitdefender. “Emotet malware is a prime example of such behavior, as it is on the rise again and successfully uses CobaltStrike beacons to expedite the installation of ransomware in corporate networks.”
4. Data breaches will fuel a dumpster fire of business attacks
As personal information stolen in data breaches becomes more widely available to cyber-criminals, spam campaigns will become much more targeted. From full names and phone number, other exposed information such as passwords, physical addresses, payment logs or sexual orientation will be used to create tailored and convincing phishing or extortion campaigns.
While the spear phishing – whether it’s whaling, business email compromise (BEC), email account compromise (EAC) - becomes more sophisticated, it will continue to be a main attack vector for businesses and work from home environments, predicts Adrian Miron, manager of the Content Filtering Lab at Bitdefender.
The scams of 2022 will likely capitalize on the busy and exclusively online recruitment processes imposed by the Coronavirus pandemic. Cyber-criminals will start impersonating companies to dupe potential candidates into infecting their devices via popular document attachments. Additionally, cyber-crime operators will likely use this remote onboarding opportunity to recruit unwary people looking for jobs into illegal activities such as money-muling.
5. IoT, Web infrastructure and Dark Markets
2022 will likely bring a major increase in attacks on cloud infrastructures, including those hosted by top-tier providers . Misconfiguration and a shortage of skilled cyber-security workforce will play a significant role in data breaches and infrastructure compromise, thinks Catalin Cosoi, chief security strategist at Bitdefender.
As the world is gradually preparing for a permanent work-from-anywhere scenario, companies are making constant effort into moving legacy services to the cloud. Cloud attacks will intensify, with a particular focus on Azure AD and Office365, where we expect to see a spike in tools development, especially on Office365 and Azure AD.
With the crypto-currency ecosystem in full swing, we expect to see mounting cyber-criminal interest to attack exchange services, miners, wallet stealers, and launch crypto-currency scams.
The increased interconnectivity in smart cars will also create new opportunities for cyber-criminals. Vehicle telematics has become a cause for concern in the past few years as manufacturers attempt to build services or monetize information sent out by vehicles on the road. But data theft is just part of the cause for concern, says Alexandru “Jay” Balan, as cyber-criminals can leverage internet-connected vehicles to facilitate theft, obtain unauthorized access or even take remote control of the car causing potentially deadly consequences.
Dark markets acted chaotically in 2020-2021, but as consecrated ones get dismantled in coordinated law enforcement actions, we believe that we’ll see new contenders rising in 2022, that will rake up to 50 percent of the illegal substance deals over the dark net, believes Coșoi.
Preparing for 2022 and beyond
As we’re laying these pieces in writing, the cyber-security industry is hard at work designing security solutions of tomorrow. Built for resilience, the Bitdefender GravityZone Ultra safeguards your organization from a full spectrum of sophisticated cyber threats. With more than 30 machine learning-driven security technologies, GravityZone provides multiple layers of defense that consistently outperforms conventional endpoint security, as proven in independent tests. A single-agent, single-console solution for physical, virtual, mobile, and cloud-based endpoints and email, GravityZone adds the human element to your security ecosystem, minimizing management overhead while giving you ubiquitous visibility and control.