By Oliver Rochford, Security Evangelist, Securonix
It’s that time of year again for organizations to evaluate their security posture and look for effective ways to remain resilient to new and changing threats. Planning for resilience requires assumptions about the future. For 2022 we have identified several trends from across the cybersecurity landscape straddling categories as diverse as insider risk, nation-state threat actors and the Executive Orders to improve the nation’s cybersecurity.
We also took an opportunity to look back on how we fared in our predictions from last year. We said “Hindsight is 2020”, a security approach that is even more relevant as we see how important it is to derive insights from data. Here are some key predictions and trends that will help organizations prepare for a successful year. You can also view our video here.
Malicious insider activity, especially IP theft, will become the top risk for businesses.
With the #greatresignation ongoing, there will be a great reshuffle of where employees are working. For organizations, the attack surface will continue to increase as Covid drives workforce redistribution with employees moving to benefit from WFH and hybrid work. Or in some cases these changes will cause employees to leave to seek new opportunities creating a situation where they may exfiltrate data to their new organization. The ongoing discovery of new variants may further signal a new Covid wave and tightening lockdowns.
25% of ransomware attacks in 2022 will be deployed by insiders, compared to less than 2% in 2021.
Ransomware continues to be a significant attack for several reasons. Mandatory vaccination programs, resentment from employees not being able to work from home any more, and increasing living costs in combination with financial incentives from criminals will lead to an uptick in insiders being tempted to collaborate with criminal operators.
Ransomware remains the easiest threat for less technical insiders to monetize as all that is often required are their credentials. Ransomware operators will offer large incentives to gain access, driven by decreasing success compromising larger enterprises due to companies increasing investment in security, and the growing adoption of behavioral detection technologies.
On the other hand, the increase in scrutiny and action by lawmakers make it more difficult for cybercriminals to conduct ransomware attacks. To counteract improved security controls, ransomware operators will leverage new attack vectors and modes to extort victims. For example they may use digital platforms and environments such as APIs, cloud, mobile, supply chains, and others.
Yet the adoption of new defenses may not be happening fast enough, which may allow attackers to continue using some of the old methods for some time.
Threat Actors and Cybercrime
We may see Bitcoin replaced as the reserve currency for cybercrime, falling to less than 50% of all ransomware transactions from 98% in 2021.
The decline of Bitcoin as the currency of choice for cybercriminals will be the result of increased scrutiny by law enforcement on ransomware operators, including active takedowns and raids. Improved cryptocurrency transaction tracking and attribution combined with expanding global financial sanctions that target money laundering and terrorist financing, will force cybercriminals to use a larger basket of digital currencies to evade scrutiny.
However, as rogue nation-states continue to provide a safe harbor, the increasing adoption of Bitcoin by some states as legitimate currency coupled with the lack of enforcement of sanctions could extend the benefits of using Bitcoin for ransom demands.
Ransomware will continue to be a viable cybercriminal endeavor given the uncoordinated response by cybersecurity teams to recent high-profile ransomware attacks. This will likely result in attackers adopting new and creative ways to extort victims, including triple/quadruple-extortion and expanded selling of victim data on specialized underground markets.
2022 will see the first direct nation-state versus nation-state cyber battle, taking place over a series of days, with multiple targets including telecommunications, transport, media, and utilities.
We saw evidence in 2021 of nation-states posturing and taking offensive positions, but the real risk lies in two non-superpower nation-states squaring off openly. Many countries have or are in the process of building out offensive “hack back” cyber operations and will be keen to demonstrate the effectiveness of the investment.
The deterrents to the rise of nation-state attacks and escalations depend on the quick international response pressuring the combatants to pull back and resolve their issues through diplomatic means.
U.S. Federal and Government
Less than 40% of federal agencies will achieve the first OMB milestone for Event Logging by August 27, 2022
The Executive Order has mandated a number of different parallel projects, each of which is considerable in scope, including EDR, Zero-Trust, UEBA, SOAR and SIEM. Given the state of cybersecurity in many agencies, the friction in solution and data source integration will slow down implementation for many. Few off-the-shelf solution architectures can deliver all requirements in an integrated manner. The initial solution selection for many will likely stall and result in failed deployments.
Yet strong interagency coordination can lead to convergent solution selections and drive vendors to increase efforts for interoperability to address solution-integration gaps within the 1-year timeframe. With an eye to external threats, such as destructive nation-state attacks, the focus will be even more to drive action.