Vishnu Taimni, Vice-President & Managing Director at HP Middle East and Turkey highlights four major cybersecurity threats that organizations should prepare for in 2022
The year 2021 saw an increase in the quantity and range of cyber-attacks, from HAFNIUM’s attack on Microsoft Exchange servers to the Colonial Pipeline ransomware attack, which delayed petroleum supply. When you add in the hurdles of protecting a remote workforce, it’s become more difficult than ever for businesses to protect data and assure service availability.
In the coming year, the threat landscape will continue to grow and spread at a rapid pace. We can expect ransomware gangs to continue putting people’s lives in danger, as well as the weaponization of firmware exploits and much more. In 2022, there are four major cybersecurity trends that businesses should be aware of.
- As software supply chain hacks become more commoditized, more high-profile victims may be targeted
The Kaseya breach, which affected over 1,500 businesses, showed how supply chain attacks can be profitable. As a result, supply chain threats are projected to increase over the coming year, with the tactics, methods, and procedures (TTPs) used to carry out such assaults continuing to commoditize.
Threat actors will look for weak spots in software supply chains and will attack commonly used software. SMBs as well as high-profile victims could be targeted. Even if their client base does not include enterprise or government customers, the Kaseya attack should serve as a reminder to all ISVs that they can be targeted by attackers attempting to abuse their customers. Now that this template is in place, these types of attacks may become more common in the coming year.
- Ransomware gangs may endanger lives by engaging in ‘pile-ons.’
In 2022, ransomware will remain a big threat, with victims potentially being targeted many times. The method will be similar to ‘social media pile-ons,’ in which once an organization has been exposed as being ‘soft’ or having paid a ransom, others will pile-on to grab a piece of the action. Threat actors may target a corporation many times, doubling or even tripling extortion rackets in some cases.
Ransomware creators will almost probably increase the amount of pressure they put on victims to pay ransoms. Aside from data leak websites, attackers will increasingly use a variety of extortion approaches, such as contacting victim firms’ consumers and business connections.
Threat actors may also concentrate their efforts on industries with a larger possibility of payment. Companies in the healthcare industry, as well as those in the energy and resources industries, are examples. Attackers may choose high-risk equipment, such as essential medical support systems and their accompanying infrastructure, where the danger of serious harm is greatest, and a speedy payment is expected.
- The weaponization of firmware attacks lowers the entry barrier
For attackers aiming to gain long-term persistence or carry out devastating operations, firmware presents a fertile ground. Firmware security is routinely overlooked by companies, with substantially lower levels of patching being observed.
We’ve seen attackers reconnaissance firmware configurations in the recent year, most likely as a prelude to exploiting them in future assaults. Previously, only nation-state actors were capable of carrying out such attacks. We should expect the TTPs for targeting firmware to trickle down over the next 12 months, allowing sophisticated cybercriminal groups to weaponize threats and build a template for monetizing assaults.
This problem will be exacerbated by a lack of visibility and control over firmware security. Certain businesses, like as healthcare, should begin to consider the threats posed by low-level malware and exploits.
- More opportunities to attack consumers will arise as a result of hybrid work
Organizational security will continue to be hampered by the trend to hybrid work. Because to the large number of unmanaged and unprotected devices, the attack surface has grown. Threat actors may begin to target senior executives’ homes and personal networks, as well as government leaders’, because these networks are easier to hack than typical workplace systems.
In the age of mixed work, phishing will remain a constant menace. Employees are using personal gadgets for work and corporate devices for personal chores, blurring the barrier between personal and professional. This trend will undoubtedly continue, with a spike in phishing assaults targeting both corporate and personal email accounts, thus doubling the chances of a successful attack for attackers.
New opportunities to entice consumers to click on malicious content will arise as a result of high-profile sporting events. The Winter Olympics in Beijing and the FIFA World Cup in Qatar, for example, both provide significant opportunities for threat actors to exploit. Such major events attract opportunistic attackers, who exploit them as phishing baits for malware and ransomware operations aimed at users, or as direct attacks on organizers, sponsors, participants, and fans. To avoid compromise, businesses must educate their employees about the risks and implement technical measures.
There is a need for a new approach to security.
Because of the increase of hybrid working and threat actors’ continuing creativity, 2022 will be full of unpleasant shocks. As a result, a new approach is needed to ensure the future of labor.
We advise companies to provide protection where it is most needed: at the endpoint. Organizations should adopt a new security architectural approach that helps to limit risk. The principles of Zero Trust — least privilege access, isolation, obligatory access control, and robust identity management – are used in this process.
This strategy necessitates durable, self-healing hardware that can withstand attacks and recover fast when necessary, as well as contain and neutralize cyber-threats. Disposable virtual machines, for example, can be launched invisibly anytime a user engages in potentially harmful behavior, such as opening an email attachment or clicking on a link. This renders any malware that may be there harmless, allowing enterprises to significantly minimize their attack surface.