McAfee Enterprise and FireEye have released their 2022 Threat Predictions, examining the top cybersecurity threats they predict enterprises will face in 2022.
Ransomware, nation states, social media and the shifting reliance on a remote workforce made headlines in 2021. Bad actors will learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns wielding the potential to wreak more havoc in all our lives, the company said.
“Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes from ransomware to nation states and we don’t anticipate that changing in 2022. With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information,” said Raj Samani, fellow and chief scientist of the combined company.
He further explained that the threat actors know our appetite toward accepting connections from people we have never met are all part of our relentless pursuit of the next 1,000 followers.
A result of this has seen the targeting of executives with promises of job offers from specific threat groups, it is the most efficient method to bypass traditional security controls and directly communicate with targets at companies that are of interest to threat groups. Equally, direct messages have been used by groups to take control over influencer accounts to promote messaging of their own.
While this approach is not new, it is nearly as ubiquitous as alternate channels. After all, it does demand a level of research to “hook” the target into interactions and establishing fake profiles is more work than simply finding an open relay somewhere on the internet.
In 2022 it is expected that more self-reliant cybercrime groups will rise and shift the balance of power within the RaaS eco-climate from those who control the ransomware to those who control the victim’s networks.
Targeting individuals has proven a very successful channel, and we predict the use of this vector could grow not only through espionage groups, but other threat actors looking to infiltrate organisations for their own criminal gain. For several years, ransomware attacks have dominated the headlines as arguably the most impactful cyber threats. The Ransomware-as-a-Service (RaaS) model at the time opened the cybercrime career path to lesser skilled criminals which eventually led to more breaches and higher criminal profits, the company added.
For a long time, RaaS admins and developers were prioritised as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.
In a response to the Colonial Pipeline attack, the popular cybercrime forums have banned ransomware actors from advertising. Now, the RaaS groups no longer have a third-party platform on which to actively recruit, show their seniority, offer escrow, have their binaries tested by moderators, or settle disputes. The lack of visibility has made it harder for RaaS groups to establish or maintain credibility and will make it harder for RaaS developers to maintain their current top tier position in the underground. Ransomware has generated billions of dollars in recent years.
5G and IoT traffic between API services a vulnerable target
Threat actors pay attention to enterprise statistics and trends, identifying services and applications offering increased risk potential. Cloud applications, irrespective of their flavour (SaaS, PaaS, or IaaS), have transformed how APIs are designed, consumed, and leveraged by software developers, be it a B2B scenario or B2C scenario.
The reach and popularity of some of these cloud applications, as well as, the treasure trove of business-critical data and capabilities that typically lie behind these APIs, make them a lucrative target for threat actors. The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks.
There are some key risks that are seen evolving in the future, misconfiguration of APIs, exploitation of modern authentication mechanisms, evolution of traditional malware attacks to use more of the cloud APIs, potential misuse of the APIs to launch attacks on enterprise data, the usage of APIs for software-defined infrastructure also means potential misuse.
The company further explained that for developers, developing an effective threat model for their APIs and having a Zero Trust access control mechanism should be a priority alongside effective security logging and telemetry for better incident response and detection of malicious misuse.
The accelerated use of containers increases the attack surface for an organisation. Expanded exploitation of the containers and vulnerable applications could lead to endpoint resource hijacking through crypto-mining malware, spinning up other resources, data theft, attacker persistence, and container-escape to host systems.