[German]The year 2021 has already hit some administrators with security incidents. The log4j issue may not be off the table yet, and 2022 started with violent tremors for administrators (key words are the year 2022 bug in Exchange, as well as the January 11, 2022 patchday issues with Microsoft Windows). Jen Easterly, head of the U.S. federal government's Cybersecurity and Infrastructure Security Agency (CISA), called the log4j vulnerability the most serious bug she has seen in her decade-long career. The effects of log4j will be felt by IT, business and society in the coming months and possibly years. So security will continue to be an issue in 2022.
Advertising
Bitdefender Labs sees five major trends coming to IT security leaders in 2022. I'll share the information here on the blog.
1. Ransomware attacks will evolve
Ransomware was the most lucrative form of cybercrime in 2021 – and it will remain so in the coming year. Bitdefender Labs expects an increase in Ransomware-as-a-Service (RaaS) attacks , which will focus on exfiltrating data for extortion purposes. RaaS continues to evolve into a mature industry. As a result, those behind it have not only IT security vendors as their adversary, but also criminal competitors.
In addition, Bitdefender Labs expects to see an increase in ransomware for Linux environments targeting ESXi storage or templates. Silent ransomware, malware that remains inactive for a period of time before encrypting data, is also likely to increase.
2. State-sponsored attacks on utility structures
Political tensions are likely to have a major impact on the cyber space. Many nation-states have entered the race for digital dominance. Critical infrastructure is very likely to come into the crosshairs of the groups involved. It is possible that "hackback" initiatives will occur around the world, particularly against nation-states, providing safe havens for cyber criminals to commit digital crimes on U.S. and European institutions.
The weapon of choice will likely be killware resembling classic advanced persistent threat (APT) attacks targeting power grids, water and sewage treatment plants, or public transportation with immediate consequences for communities and societies (the early 2022 hacking attack on Ukraine government sites was just the beginning). In addition, parts of the Internet will also be attacked to disrupt it. DDoS attacks and hijacking of the Border Gateway Protocol (BGP) will also increase sharply and lead to massive outages of telecommunications and thus the digital economy.
Advertising
3. Supply chain attacks and zero-day markets will increase
2021 has shown that supply chain attacks against managed service providers (MSPs) are the most difficult to mitigate. Unlike other attacks, they are more inconspicuous, harder to stop, and spread more rapidly. Professional cyber criminals will increasingly focus on penetrating MSPs to distribute ransomware to a larger number of potential victims.
Hackers will leverage the Component Object Model-API (COM) of a Windows Management Instrumentation (WMI) because EDR technologies monitor it poorly. Cybercriminals will also attack public open source code repositories such as the Python Package Index (Pypi) or NPM as a way to inject malicious code into products or infrastructure and launch supply chain attacks.
In addition, Bitdefender also expects increasing use of zero-day exploits in targeted attacks. As early as 2021, security experts already recorded an increase in zero-day vulnerabilities in all major technology stacks (Chrome, Exchange, Office, Windows 10, iOS). The Tianfu Cup, the Chinese version of Pwn2Own, highlighted the capabilities of non-English speaking countries.
Hackers will also abuse tools such as CobaltStrike, which is actually only supposed to simulate industrial espionage in one's own network, for their own purposes. In the process, the community of cyber criminals inspires each other. The Emotet malware is a prime example of such an exchange. It is on the rise again and successfully uses CobaltStrike beacons to deploy ransomware in corporate networks more quickly.
4. Data breaches will further encourage attacks on companies
Cybercriminals have increasing access to personal information. This allows them to target spam campaigns much more effectively. In addition to full names and phone numbers, other exposed information such as passwords, addresses, payment records, or sexual orientation is being used to create tailored and compelling phishing or extortion campaigns. Spear phishing – whether via whaling, business email compromise (BEC) or via email account compromise (EAC) – is becoming more sophisticated and thus continues to be a major attack vector for businesses and home offices.
Scams in 2022 are likely to exploit recruitment processes that are increasingly online-only in the wake of the Corona pandemic. Cyber criminals will begin impersonating businesses to lure potential candidates into infecting their devices via popular document attachments. In addition, they are likely to use remote personnel searches to recruit unsuspecting job seekers for illegal activities such as money laundering.
5. IoT, web infrastructure and cryptocurrency
As the world gradually prepares for a permanent work-from-anywhere scenario, enterprises are constantly striving to move existing services to the cloud. In 2022, attacks on cloud infrastructures are likely to increase. And this will also hit the major providers, with a particular focus on Azure AD and Office365. Misconfigurations, as well as a lack of skilled cybersecurity staff, will play a major role in data breaches and infrastructure compromise.
With the cryptocurrency ecosystem in full swing, we expect to see increased interest from cybercriminals in attacking exchange services, miners, as well as wallet stealers. Cryptocurrency will give rise to cyber fraud.
More connected and intelligent cars will create new opportunities for cyber criminals. Vehicle telematics and automakers' efforts to develop IoT-based business models based on vehicle data also create risks. Potential data theft is only one aspect of the security problem. Cybercriminals can exploit Internet-connected vehicles to facilitate theft, gain unauthorized access or even take control of the vehicle.
Illegal markets will also continue to move forward. Here, Bitdefender observed chaotic activity among criminal market participants from 2020 to 2021. New providers in the illegal drug trade, for example, will lead to up to 50 percent of these transactions being conducted via the darknet.
Conclusion: Focus on new defense technologies
Looking at the numerous areas where cyber criminals can do harm, the security situation is unlikely to improve further in 2022. The cybersecurity industry is therefore focusing on machine learning-based security technologies that offer multiple layers of defense and are expected to outperform conventional endpoint security solutions.
