2021 is over, while the cybersecurity community is working hard for solutions to protect consumers and business users in 2022.
Bitdefender Lab and its Managed Detection and Response Team are known for their keen insight into finding out how the threat landscape can evolve rapidly. Here are the top 5 cybersecurity predictions from experts for 2022.
1. Ransomware Will Continue To Dominate The Threat Landscape
00:00 / 00:00
Bitdefender's prediction for increased ransomware activity in 2021 has come true. Ransomware in 2021 is very active.
Solar Winds, The Colonial Pipeline, Kaseya and Brenntag are just a few of the big names implicated in a ransomware attack on the US Treasury with a payout of US$5.2 billion over 2021.
"Ransomware will likely continue to be the most lucrative type of cybercrime in 2022. We are also seeing an increase in Ransomware-as-a-Service (RaaS) attacks that focus on exfiltrating data for extortion purposes," said Director of Cyber Threat Intelligence Lab. at Bitdefender, Dragos Gavrilut in a written statement, Monday (31/1/2022).
"Just like any other big business, ransomware also continues to keep up with competition and cybersecurity vendors," he added.
Bitdefender also sees how much ransomware increases for Linux environments targeting ESXi storage or templates, a 'silent ransomware' malware that stays dormant for some time before encrypting data likely to be used in more attacks.
The Java Log4j vulnerability that recently rocked the cybersecurity community and its ease of exploitation created the perfect shock to ransomware.
Bitdefender is seeing the impact of Log4j in the coming months and this could potentially be for years to come.
Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), called it the "most serious weakness" she has seen in her decades-long career.
Overall, Ransomware-as-a-Service will undergo a reorganization and a stronger focus, going into the realm of zero-day exploits for maximum reach.
2. State Sponsored Attacks
Political tensions are likely to have a major impact on cyberspace as countries/nations compete for digital supremacy. It is likely that 2022 will be the year of cyberattacks against critical corporate infrastructure.
Killware can be the attacker's weapon of choice. Why? Because this is the same tactic as classic APT, but effective against power lines, water and sewage plants or public transport with direct impact on communities and society.
"It is not only public utilities, but also the Internet that attackers might be able to compromise in 2022," said Alex 'Jay' Balan, director of security research at Bitdefender.
DDoS attacks and Border Gateway Protocol (BGP) hijacking will surge, causing massive disruption to the digital and telecommunications economies.
"We also see potential for hacking initiatives around the world, particularly against countries that provide cybercriminals with a safe haven for digital crimes targeting US or European institutions," added Catalin Coșoi, Head of Security Strategy at Bitdefender.
3. Supply Chain Attacks and Zero-day Market Will Increase
Among the lessons learned in 2021, supply chain attacks targeting Managed Service Providers (MSP) are the most difficult to mitigate. Unlike other threats, supply chain attacks are quieter, but more difficult to stop.
Professional cybercrime groups will focus more on MSP breaches to deliver ransomware to a larger pool of potential victims.
"As cybersecurity vendors start discussing documented partner techniques, cybercriminals will focus their research on discovering and implementing new techniques for implementing MiTRE/Kill-chain-tactics.
We're seeing a new attack tactic, this tactic leverages COM/WMI, because it's not enough to be monitored by existing EDR technology," said Dan-Horea Lutas, Senior Manager at Bitdefender who oversees behavior-based malware detection and anti-exploitation technology.
Public open source code repositories, such as Pypi or NPM will also get unwanted attention from cybercriminal groups, who want to smuggle malicious code into products or infrastructure for the purpose of supply chain attacks.
In addition to supply chain attacks, Bitdefender is also seeing increased use of zero-day exploits in certain targeted attacks.
Last year 2021, zero-day vulnerabilities increased across all major technology stacks (Chrome, Exchange, Office, Windows 10, iOS) and the future doesn't look all right. Tianfu Cup, the Chinese version of Pwn2Own is a display that provides capabilities for other non-English speaking countries.
Behind that, there will be more than zero-day vulnerabilities and the possibility that cybercriminals can cause heavy damage to businesses. The tools it uses, such as CobaltStrike, are likely to be adopted by malware operators.
"Cybercriminals find inspiration within the community. If one cybercrime group becomes famous using existing tools, the rest of the community will follow suit," said Radu Portase, Lead Technical Lead at Bitdefender.
"Emotet malware is a prime example of such behavior, as it is on the rise again and successfully using CobaltStrike beacons to speed up ransomware installations on corporate networks," he continued.
Photo: Pixabay
4. Data Breach Will Trigger Business Attacks
As personal information stolen in data breaches becomes more widely available to cybercriminals, spam campaigns will become much more targeted.
From full names and phone numbers, other exposed information such as passwords, physical addresses, payment records or sexual orientation can be used by attackers to create phishing or extortion campaigns.
Meanwhile, spear phishing, Business Email Compromise (BEC), Email Account Compromise (EAC) will become more sophisticated and continue to be the main attack vectors for businesses that work at home, predicts Adrian Miron, Content Filtering Lab Manager at Bitdefender.
The 2022 scam is likely to take advantage of the busy and exclusive online recruitment process. Cybercriminals have started impersonating companies to deceive potential recruits by infecting their devices via popular document attachments.
In addition, cybercrime operators are likely to use this remote orientation opportunity to recruit unsuspecting people looking for work into illegal activities, such as embezzlement.
5. IoT, Web Infrastructure and Black Market
It is likely that 2022 will bring a major increase in cloud infrastructure attacks, including those hosted by top-tier providers.
“Misconfiguration and shortage of skilled cybersecurity workforce will play a critical role in data breaches, as well as infrastructure compromises,” said Catalin Cosoi, Head of Security Strategy at Bitdefender.
As the world gradually prepares for a permanent anywhere from work scenario, companies are continuously working to move legacy services to the cloud.
Cloud attacks will increase, with a particular focus on Azure AD and Office365, where Bitdefender expects a spike in tool development, particularly in Office365 and Azure AD.
With the cryptocurrency ecosystem, Bitdefender predicts that cybercriminal interest will increase and attack exchange services, miners, wallet thieves and launch cryptocurrency scams.
Improved interconnectivity in smart cars will also create new opportunities for cybercriminals. Vehicle telematics has become a concern in recent years, as manufacturers seek to build on the services or financial information that vehicles send on the road.
But data theft is only part of the concern, says Alexandru 'Jay' Balan. This is because cybercriminals can take advantage of internet-connected vehicles to facilitate theft, gain unauthorized access or even take remote control of cars leading to potentially lethal consequences.
Black market acts chaotic in 2020-2021. However, if the black market is dismantled in a coordinated law enforcement action, Bitdefender believes that there will be a new competitor rising up in 2022 and will profit up to 50% of illegal goods transactions through the dark network.
Preparations for 2022 and Beyond
As Bitdefender puts these pieces in writing, the cybersecurity industry is hard at work designing future security solutions.
Bitdefender GravityZone Ultra, which will change its name in April to Business Security Enterprise, is built for resilience to protect enterprises from a spectrum full of increasingly sophisticated cyber threats.
With more than 30 machine learning-based security technologies, Bitdefender GravityZone provides layers of defense that consistently outperform conventional endpoint security, as proven in independent testing.
Bitdefender GravityZone also has a single console for cloud-based physical, virtual, mobile endpoints and email. GravityZone adds a human element to the security ecosystem to minimize management overhead while providing visibility and control everywhere.
Not only that, Bitdefender also often gets the best results in the AV Comparatives Test. Below is a report of the results of the AV Comparatives Test on January 20, 2022 which was included in the Bitdefender Highlights.
Named 'Strategic Leader'
This is because Bitdefender has outstanding technical capabilities combined with reasonable fees. Bitdefender has outstanding enterprise-class prevention, detection, response and reporting capabilities combined with optimized operational and analytical workflow features.
Meanwhile, the Strategic Leader in question is that Bitdefender is able to show others how to move forward by setting ambitious targets and meeting them. Bitdefender continues to develop innovative ideas and implement them into its products. The full report on AV Comparatives can be found here.
Have the Best Detection and Prevention
Bitdefender GravityZone Ultra scores 99.5% for its combined deterrence and response capabilities, 100% for its speed at deterring threats, and 98% for stopping attacks from moving in the first phase.
Lowest Total Cost of Ownership
Bitdefender GravityZone Ultra has the lowest total cost of ownership and high ROI, in part due to its high operational accuracy and low number of false positives. In addition, Bitdefender also achieved the highest number of detections during the MITER Engenuity ATT&CK Evaluations 2021
Highest number of detections. Out of 10 detection results are higher than the next closest solution and almost 50% greater than the average number of detections from all evaluated vendors.
100% visibility and context for the main attack steps, also providing analytic context for 96% of detected sub-steps.
Detected 100% attack techniques on Linux systems.