You’ve heard it before: the pandemic accelerated digital transformation. And there doesn’t seem to be any signs of slowing down. But what does an increasingly agile and hyper-connected world mean for an organization’s security? Trend Micro Research predicts the biggest threat and security challenges for the new year, enabling a more resilient, forward-thinking security strategy.
Cybercriminals in the cloud
Although cybercriminals will continue to use tried and true methods, such as phishing emails, unsecured secrets, and exploiting known flaws, they will also explore new technologies like Java, Adobe Flash, and WebLogic to gain access.
Cybercriminals will also mimic the DevSecOps “shift left” approach by going to the source of an enterprise’s infrastructure. We’ll see more malicious actors compromising DevOps tools and pipelines to target supply chains, Kubernetes environments, and infrastructure as code (IaC) deployments.
Since developers’ tokens and passwords hold the key to an organization’s operations, using their credentials helps attackers stay under the radar while penetrating multiple layers of an enterprise’s network.
Surge in supply chain attacks
Supply chain attacks will be especially prevalent, as ongoing economic shortages and disruptions will create opportunities for malicious actors to strong-arm targets for big payouts. Particularly, we predict access-as-a-service (AaaS) brokers will take special interest in gaining residence and selling it to the highest bidder.
Next, look out for the rise of quadruple extortion model: holding the victim’s critical data, threatening to leak and publicize the breach, threatening to target their customers, and attack the victim’s supply chain or partner vendors.
Beware of modern ransomware
Perhaps one of the most covered security issues of 2021, ransomware wreaked havoc across businesses of all sizes. Enterprises were targeted for lucrative payouts, while small and medium-sized businesses (SMBs) were exploited by ransomware as a service (RaaS) groups.
Unfortunately, ransomware will continue to evolve and remain prevalent. We predict two trends emerging: (1) modern ransomware will become increasingly targeted and prominent and (2) ransomware operators will use more complex extortion tactics such as exfiltrating data to weaponize it.
Commonly used attack vectors like VPNs, spear-phishing emails, and exposed RDP ports will remain in play, but we predict the cloud will become a bigger target as more companies continue to migrate their data. Specifically, cloud and data center workloads will be the main playground for ransomware actors, due to an increased attack surface from less-secure homeworking environments.
Compromising the connected car
The automotive industry will also see an uptick in targeted attacks, as cybercriminals move beyond hijacking IoT gadgets and cash-in on the goldmine of data delivered by connected cars via cameras, lasers, and other sensors. Forbes predicted the demand for smart car information will be valued around US$450 to US$750 billion by 2030; evidently, malicious actors are poised to turn a hefty profit from the booming connected car industry.
Zero day and known vulnerabilities
Increased media attention and big payouts will motivate cybercriminals to launch an unprecedented number of zero-day exploits, surpassing the record-setting number in 2021.
However, security leaders still need to look out for older, known vulnerabilities. As we previously mentioned, old vulnerabilities are still traded and purchased in underground markets, as enterprises often struggle with complex patch management. In 2022, we’ll see malicious actors continuing to take advantage of the growing “patch gap” within enterprises.
Future-proofing your security strategy
Here are a few recommendations to bolster your security strategy against emerging threat tactics and techniques (TTPs):
- Back to basics: Just like you don’t need the newest iPhone to make a call, security efforts don’t have to become overwhelming complex to keep up. Adhering to best practices and industry frameworks from NIST, CIS, and others will help you stay on top of patch management, compliance requirements, and the shared responsibility model. Utilize a security solution with automated compliance and misconfiguration scans—no need to burden teams with time-consuming, manual checks.
- Zero Trust: Never trust, always verify. Applying a Zero Trust approach will ensure any device or user that attempts to connect with your applications and systems is vetted. But Zero Trust doesn’t stop at scanning at the entrance; ensuring that devices and users are continually scanned for suspicious activity and behavior is important to maintaining a secure environment.
- Harden cloud and data center workload security and employ access control: Use automated security solutions with access management and control to make sure credentials are only given when necessary.
- Prioritize comprehensive visibility: Work from home is here to stay, in some shape or form. As employees continue to access cloud applications, services, systems, and more remotely in the coming year, visibility is critical. Security teams can leverage a solution with automation and customizable APIs to continually scan for misconfigurations across all cloud providers, accounts, and services.
For additional insights into our 2022 threat predictions, and recommended mitigation strategies, check out our report If you’d like to look even further into the future of cybercrime, explore our Project 2030 report or watch our video series.