2021 will probably be remembered negatively in many ways in terms of cyber security. Unsurprisingly, the year ended with a thunderclap for the IT security industry: the Java Log4j vulnerability created the perfect framework for hackers. Log4j, ransomware, supply chain attacks – all of these are coming in 2022 as well.
Jen Easterly, head of the US federal government's Cybersecurity and Infrastructure Security Agency (CISA), called the Log4j vulnerability the most serious flaw she has seen in her decades-long career. The effects of Log4j will be felt for IT, business and society in the coming months and possibly also in the coming years.
Bitdefender Labs also sees five major trends for IT security managers in the coming year.
1. Ransomware attacks will evolve
Ransomware was the most lucrative form of cybercrime in 2021 - and it will remain so in the coming year. However, how ransomware will develop in detail is of great interest. Bitdefender Labs expects an increase in ransomware-as-a-service (RaaS) attacks, which will focus on exfiltration of data for extortion purposes. RaaS continues to evolve into a mature industry. The backers are therefore not only opposed by the providers of IT security, but also by their criminal competitors.
Also, Bitdefender Labs expects an increase in ransomware for Linux environments targeting ESXi storage or templates. Silent ransomware, which is malware that remains dormant for a period of time before encrypting data, is also likely to see increased use.
2. State-sponsored attacks on supply structures
Political tensions are likely to have a major impact on cyberspace. Many nation states have entered the race for digital supremacy. Critical infrastructures are very likely to come into the crosshairs of the groups involved. There may be “hackback” initiatives worldwide, especially against nation states that offer cyber criminals a safe haven for digital crimes against US and European institutions.
The weapon of choice will likely be killware similar to classic Advanced Persistent Threat (APT) attacks, targeting power grids, water and sewage treatment plants or public transport with immediate consequences for communities and societies. In addition, parts of the Internet will also be attacked in order to disrupt it. DDoS attacks and the hijacking of the Border Gateway Protocol (BGP) will also increase sharply and lead to massive failures in telecommunications and thus in the digital economy.
3. Attacks on the supply chain and zero-day markets will increase
2021 has shown that supply chain attacks on managed service providers (MSP) are the most difficult to mitigate. Unlike other attacks, they are more subtle, harder to stop, and spread faster. Professional cyber criminals will increasingly focus on breaking into MSPs to distribute ransomware to a larger number of potential victims. Hackers will use the Component Object Model (COM) API of a Windows Management Instrumentation (WMI) due to poor monitoring of EDR technologies. Cyber criminals will also target open source public code repositories such as the Python Package Index (Pypi) or NPM to inject malicious code into products or infrastructure and launch supply chain attacks.
In addition, Bitdefender also expects an increasing use of zero-day exploits in targeted attacks. As early as 2021, security experts have already recorded an increase in zero-day vulnerabilities in all major technology stacks (Chrome, Exchange, Office, Windows 10, iOS). The Tianfu Cup, the Chinese version of Pwn2Own, highlighted the opportunities available to non-English speaking countries.
Hackers will also misuse tools such as CobaltStrike, which is actually only intended to simulate industrial espionage in their own network, for their own purposes. The community of cybercriminals inspire each other. The Emotet malware is a prime example of such an exchange. It's back on the rise, successfully using CobaltStrike beacons to speed up the delivery of ransomware to corporate networks.
4. Data breaches will fuel attacks on businesses
Cyber criminals have increasing access to personal information. This allows them to be much more targeted with spam campaigns. In addition to full names and phone numbers, other disclosed information such as passwords, addresses, payment history, or sexual orientation is also used to create tailored and compelling phishing or extortion campaigns. Spear phishing — whether via whaling, business email compromise (BEC), or email account compromise (EAC) — is becoming more sophisticated and continues to be a key attack vector for businesses and home offices.
In 2022, scams will probably take advantage of recruitment processes that are increasingly taking place online as a result of the corona pandemic. Cyber criminals will start impersonating companies to trick potential candidates into infecting their devices via popular document attachments. Additionally, they will likely use remote hiring to recruit unsuspecting job seekers for illegal activities such as money laundering.
5. IoT, web infrastructure and cryptocurrency
As the world gradually prepares for a permanent work-from-anywhere scenario, companies are constantly scrambling to move existing services to the cloud. Attacks on cloud infrastructures are likely to increase in 2022. And that will also affect the big providers, with a special focus on Azure AD and Office365. Misconfigurations and a lack of qualified cybersecurity personnel play a major role in data breaches and infrastructure compromises.
As the cryptocurrency ecosystem flourishes, we anticipate increased interest from cybercriminals in attacks against exchange services, miners, and wallet stealers. Cryptocurrency will give rise to cyber fraud.
At Risk: Smart Cars & Vehicle Telematics
Bogdan Botezatu, director of threat research and reporting at Bitdefender (Image: Bitdefender).
More connected and intelligent cars will create new opportunities for cybercriminals. Vehicle telematics and car manufacturers' efforts to develop IoT-based business models based on vehicle data also create risks. The possible data theft is only one aspect of the security problem. Cyber criminals can exploit internet-connected vehicles to facilitate theft, gain unauthorized entry, or even take control of the vehicle.
Illegal markets will also continue to move. Bitdefender observed chaotic behavior by criminal market participants from 2020 to 2021. New providers, for example in the illegal drug trade, will result in up to 50 percent of these transactions being transacted via the dark web
Conclusion: Focus on new defense technologies
If you look at the numerous areas in which cyber criminals can cause damage, you might think that the risk situation will continue to worsen in 2022. But there is a silver lining: the cybersecurity industry is hard at work on tomorrow's security technologies that protect against a wide range of sophisticated cyberthreats. Machine learning-based security technologies provide multiple layers of defenses that consistently outperform conventional endpoint security solutions. Businesses should adopt such advanced techniques early on to minimize the likelihood of becoming a victim of cybercriminals.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de