McAfee Enterprise and FireEye released its 2022 Threat Predictions, examining the top cybersecurity threats they predict enterprises will face in 2022. Bad actors have taken note of successful tactics from 2021, including those making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce. We expect them to pivot those into next years’ campaigns and grow in sophistication, wielding the potential to wreak more havoc across the globe. Skilled engineers and security architects from the recently combined entity offer a preview of how the threat landscape might look in 2022 and how these new or evolving threats could potentially impact enterprises, countries, and civilians.
“Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes – from ransomware to nation states – and we don’t anticipate that changing in 2022,” said Raj Samani, fellow and chief scientist of the combined company. “With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information.
McAfee Enterprise & FireEye 2022 Predictions:
- Use of social media for targeted attacks. While this approach is not new, it is relatively uncommon. After all, it does demand a level of research to “hook” the target into interactions and establishing fake profiles are more work than simply finding an open relay somewhere on the internet. That being said, the targeting of individuals has proven a very successful channel, and we predict the use of this vector could grow not only through espionage groups, but other threat actors looking to infiltrate organizations for their own criminal gain.
- Nation states turn to hackers for hire. In 2022, we will see an increase in the blending of cybercrime and nation-state operations. In many cases, a start-up company is formed, and a web of front companies or existing “technology” companies are involved in operations that are directed and controlled by the countries’ intelligence ministries. The initial breach with tactics and tools could be similar as “regular” cybercrime operations, however it is important to monitor what is happening next and act fast — companies should audit their visibility and learn from tactics and operations conducted by actors targeting their sector.
- Rise of smaller affiliates. The Ransomware-as-a-Service (RaaS) eco system has evolved with the use of affiliates, the middlemen and women that work with the developers for a share of the profits. However, for a long time, RaaS admins and developers were prioritized as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, will create an atmosphere where those lesser-skilled affiliates can thrive and grow into very competent cybercriminals, eventually with a mind of their own.
- Game of ransomware thrones. In 2022, these self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom from those who control the ransomware to those who control the victim’s networks. Ransomware has generated billions of dollars in recent years and it’s only a matter of time before some individuals who believe they aren’t getting their fair share become unhappy.
- Keep A Close Eye on API. Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. 5G and IoT traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information. The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks. In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.
- Hijackers Will Target Your Application Containers. Containers have become the de facto platform of modern cloud applications. In a recent IBM survey, 64% of adopters expected to containerize over 50% of existing and new business applications over the next two years. However, the accelerated use of containers increases the attack surface for an organization. And while attacks against containers are not new, in 2022, we anticipate expanded exploitation on the orchestration layers, increasing use of malicious or backdoored images through insufficient vulnerability checks and increasing attacks targeting vulnerable applications.
Zero Cares About Zero-Days. 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. The scope of these exploitations, the diversity of targeted applications, and ultimately the consequences to organizations were all notable. As we look to 2022, we expect these factors to drive an increase in the speed at which organizations respond. As a consequence, we can also expect renewed diligence around asset and patch management. From identifying public facing assets to quickly deploying patches despite potential business disruption, companies will have a renewed focus on reducing their “time to patch.”