2021 was a year in which the events unfolded. The pandemic led to more division, more isolation and a general feeling of insecurity in many areas of life. In cybersecurity, there has been a sharp increase in the number of threat actors who are increasingly discovering the lucrative “ransomware business” for themselves. Governments are using cyberspace to influence their states’ policies, and there are more software vulnerabilities than ever before. The interaction of all these factors has made the occurrence of security breaches easier and maintaining security more difficult.
So where will the year 2022 lead us? It will undoubtedly be another year in the trenches of cybersecurity. What could be ahead of us in concrete terms will be explained in the following on the basis of three relevant forecasts.
The zenith of the ransomware threat is yet to come
Developers of ransomware have also demonstrated their absolute unscrupulousness in the past year. Numerous sensational attacks in 2021 have shown that these actors use every opportunity to profit from their victims. In 2022, the proliferation of highly critical vulnerabilities such as log4j, which has endangered countless environments and at the same time significantly increased the toolset of attackers, will repeatedly make headlines.
Over the past year, the spread of malware written in the Rust and Go programming languages has also accelerated. One of the main advantages of this practice is cross-platform compatibility. Some recent examples include BlackCat/AlphaVM ransomware, RansomEXX ransomware, and ElectroRAT. The trend is that most of these threats are cross-platform from the outset. In the course of 2022, a larger number of new, cross-platform malware families can be expected.
The identity of the actors will also be even more difficult to determine in the future than before, as various groups continue to skillfully hide and try to circumvent new penalties or sanctions by frequently renaming their operations.
Securing the complex problem of cloud Dependency
Organizations need to adopt cloud-native security faster and be at the forefront of responding to these threats as the protection of customer data on cloud-native servers is put to the test. The ongoing theft of cloud credentials will continue, and ransomware is increasingly being deployed from the cloud through the misuse of inadequately protected access rights and stolen Azure and AWS API credentials.
On-premise Active Directory is becoming less and less important, while Azure Active Directory is being used more and more. As companies like Okta and JumpCloud gain more and more popularity, they will encounter increasing interest from hackers of all kinds who want to gain access to a large number of victims at the same time.
From the point of view of defenders, API security solutions are becoming a necessity. The proliferation of XDR by MSSPs will increase, forcing threat hunters in security departments to introduce more automation. This will cover the new data sources and enable the defenders to successfully face the new combat conditions.
Software dependencies are a big danger for companies
From the end of last year with SolarWinds to the end of this year with Log4j2, the alarm bells have rung loud and clear: software dependencies are a massive weak point and an important vector for attacks on the supply chain.
The probability that widely used software components will be safe immediately after installation is low at best. Even with the best intentions, the mindset of those who create and distribute useful modules, plug-ins, packages and other program code is rarely security-oriented. Moreover, in most cases, the possibilities of a company to test and evaluate any software that enters its network are limited – this applies to both private companies and public authorities and state organizations.
The year 2022 represents both an opportunity and an imminent danger: either you tackle the problem with technology and visibility in the entire cyberspace, or you continue as before and wait for the next sophisticated large-scale attack à la Sunburst or the next “universal vulnerability” like Log4j2. Overloaded SOC teams and administrators may vote on this decision by their (wavering) loyalty and (lack of) willingness to stay in poorly prepared companies.
While governments around the world have made some courageous efforts this year to address the long–standing cybersecurity challenges, it is above all the companies that are the first and last line of defense and are forced to focus on growth and commercial expansion – if possible without risking that they could lose resources and the trust of their customers due to security breaches.
Whatever the challenges of 2022, we all need to make sure that we take care of the basics of cybersecurity: strong preventive measures, clear planning for incident response and recovery in the event of a successful attack.