Top 7 Cybersecurity Trends for 2022
My Cybersecurity Predictions for 2022
2020 and 2021 have been some truly revolutionary years and now that 2022 is only a few months away, you might wonder what’s going to happen next. In terms of cybersecurity trends, I can surely think of several probabilities, based on the cyber market tendencies we’ve seen so far.
In one of my previous articles, you’ll see that the most important tendencies in 2021 are: the increased necessity for ransomware encryption protection, for EPDR and XDR, the huge demand for unification and unified endpoint management, and the increased focus on PAM and IAM due to the amazing proliferation of the WorkFromHome and WorkFromAnywhere models.
What should you expect in 2022, then?
My Top Cybersecurity Predictions for 2022
1. Supply Chain Attacks – Ransomware Especially – Will Keep Their Title as the Biggest Threat for Any Company on the Globe
There are two aspects that truly bother me about ransomware’s evolution in 2022: the delivery mode and the mechanism through which encryption is made.
The so-called Ransomware-at-the-Source and Brute Force Attacks with ransomware as end goal have gained massive popularity amongst cybercriminals in the last year and are definitely a trend that’s going to evolve in 2022.
- Both Windows and Linux operating systems are vulnerable, to some degree, to this Ransomware-at-the-Source trend. Only a few months ago a security researcher revealed a zero-day vulnerability in Windows 10 that can easily grant admin rights – and therefore complete control over the endpoint – to anyone who plugs in a Razer mouse or the dongle it uses.
- The Fantom ransomware operators’ MO was another alarming hacking approach in connection to the Windows OS: as part of a rising trend of infections that imitate well-known and trusted applications, Fantom showed a Windows Update-like screen to its victims, which was actually a virus that encrypted files in the background.
Based on Windows having a 76.13%* operating system market share, Microsoft is my bet for a Ransomware-at-the-Source / Supply-Chain-Attack in 2022. If Windows Update gets compromised in any way, the impacts would be absolutely mind-boggling and I am sure a couple of highly advanced hacker groups are already trying to supply-chain their way into Microsoft, and then supply-chain from there into customers using the Windows Update systems.
Would you know how to quickly cut of Windows 10 from updating your systems?
- As to Linux, repositories injections represent a serious threat. A Linux repository represents a storage location that hosts the OS updates and applications that the system retrieves and installs. The collections of software from a repository are kept on remote servers and should be highly secure, since they are meticulously tested and designed to be compatible with particular versions only. However, they can still be vulnerable to injections attacks – one of the oldest and most dangerous cyber threats, which implies the addition of untrusted input to a legit program. Although the addition will be interpreted as a natural query or command, it will further perturb the software’s execution, leaving the device it’s installed on vulnerable to ransomware.
- Similarly, device manufacturers also need to pay attention not to become accessories to criminal operators by releasing compromised endpoints on the market.
Brute Force Attacks
Brute force attacks have lately become hackers’ favorite mode to deliver ransomware, and I’m sure that this trend won’t be gone anytime soon.
A brute force attack’s methodology is simple but very effective: it entails playing a guessing game to determine the target device’s username and password and then using cryptographic functions to obtain the authentication credentials.
To get around authentication processes, attackers may employ scripted apps and bots that test popular or even real credentials from data breaches lists available on the dark web. In 2022 we might also see brute force attacks that make use of APIs and SSH to gain access into the targeted devices, as well as an alarming evolution of the tools hackers use to uncover complex passwords that follow the classic (I hope!) formula of letters, special characters, and numbers.
By successfully brute-forcing their way into your endpoints, hackers will gain access to everything you also have access to and they will, unfortunately, be in complete control. This will, with no doubt, make you lose important data, a lot of time, maybe even clients and business partners, and, of course, massive amounts of money that you could otherwise invest in your company’s journey forward.
When talking about prevention strategies, implementing multi-factor authentication and installing a versatile privileged access management solution, that can strictly control the granting of access rights and also de-escalate rights upon threat detection are surely amazing ways to mitigate this terrific cybersecurity market challenge.
Classic ransomware strains work by encrypting files using asymmetric encryption techniques. After this, the malware will show a message with a few details about what happened and how the victims should pay the ransom to get the decryption key for recovering their files.
However, cybercriminals are innovators too, and they keep coming up with new methods to reach their unlawful purposes.
- This is and will surely be the case of ransomware development in the following years. We have already seen an evolution towards the encryption of disk drivers on the server by using otherwise legitimate third-party disk encryption tools in a new ransomware strain we’ve found at the beginning of August, DeepBlueMagic Ransomware.
- Another recent example of how cybercriminals can take advantage of Windows components or processes is related to the hijacking of Microsoft Windows Encrypting Filesystem, which allows users to encrypt specific folders and files. This critical approach will require cybersecurity vendors to find the best prevention or mitigation method as soon as possible, by going, of course, beyond the classic signature-based tools on the market.
- Moving forward, we should also pay attention to another innovative ransomware encryption mechanism – the “intermittent encryption” of the LockFile threat recently discovered by Sophos. LockFile ransomware works by encrypting every 16 bytes of a file, which makes the damaged file very similar to the unencrypted original and very hard to detect.
As ThreatPost notes,
The ransomware first exploits unpatched ProxyShell flaws and then uses what’s called a PetitPotam NTLM relay attack to seize control of a victim’s domain, researchers explained. In this type of attack, a threat actor uses Microsoft’s Encrypting File System Remote Protocol (MS-EFSRPC) to connect to a server, hijack the authentication session, and manipulate the results such that the server then believes the attacker has a legitimate right to access it […].
When it comes to the techniques in which cybercriminals carry out ransomware attacks, the double extortion ransomware is also something worth mentioning, since it makes this monumental cyberthreat even more crippling. In a double extortion ransomware attack, the data is first exfiltrated, then encrypted, so if the victims refuse to pay the ransom, it will be leaked online or even sold to the highest bidder. Maze, Egregor, Sodinokibi and Nefilim are just a few examples of ransomware whose operators use(d) this tactic.
A very strong bet for ransomware in 2022 is that we’ll see double extortion with data corruption instead of traditional encryption, because it’s faster to corrupt a disk than it is to encrypt it.
Irrespective of how ransomware is delivered and disregarding the encryption mechanism it uses, it’s clear that ransomware is now a global issue and that we need international strategies to fight against it. I’m looking forward to seeing business leaders and government representatives and institutions working together, because paying the ransom and thus encouraging cyber criminals should not even be an option for the victims.
2. Remote Work Challenges Will Keep Accelerating at a Whirling Rate
I think the most pressing remote work challenges that the next year will bring will be related to aspects like IoT, BYOD and cloud security, but also email threats like phishing, and, clearly, PAM and Zero-Trust issues.
- I greatly appreciate all the benefits technology has created for us, but I’m aware that many try to take advantage and make a profit despite other people’s distress. Such is the case with IoT devices, which will continue to be valuable targets for hackers, whether we talk about routers or baby cameras.
- Remote work is here to stay, and so is the trend of BYOD. Nonetheless, however tempting it might be for companies to let employees use their own devices and reduce some costs, mobile devices are, unfortunately, breeding grounds for threats like cross-contamination of data and data leakage, outsourced security and device infection.
- Online storage services and software-as-a-service solutions are all examples of cloud usage. Not all of them are as secure as they should be, which leaves their customers and their data exposed and vulnerable to intruders. In the following year, I expect the most common cloud security threats to be credential theft and the exploitation of cloud applications vulnerabilities.
- As simple as they may seem, phishing schemes are still very effective and I believe they will keep expanding in 2022 and will become even more personalized, even geo-targeted. We will witness more and more business email compromise attacks, as well as severe CEO frauds and whaling attacks.
- The main goal of Privileged Access Management and the Zero-Trust concept is to ensure that only the right people can see and work with the data and systems of a company. As you can imagine, cybercriminals that try to get illegitimate access and insider threat won’t disappear anytime soon, so access management must become the norm as the WorkFromHome and WorkFromAnywhere models will remain a constant in the work field. Setting up a Zero-Trust framework will – if it isn’t already – be mandatory for any company.
3. Data Protection Will Have a Massive Impact on Authentication Evolution
Authentication is, obviously, an essential component of keeping data safe. I’m certain that in 2022 we’ll move, however, beyond the classical strong, complex password that needs to be changed after a certain period of time. As I have already said in an interview for CYBER Protection Magazine, my guess is that passwords will be combined with other authentication methods like smart cards, three-factor authentication, and biometrics in order to improve security, but also user experience. We should also expect to see dynamically generated passwords.
4. Machine-Learning and Artificial Intelligence Will Be Real Game Changers in the Evolution towards Prevention Instead of Mitigation
I’m certain that, by now, everyone has understood the benefits of machine learning (ML) and artificial intelligence (AI) for cybersecurity. Another aspect that it’s crystal clear to me is that mitigation and reactive solutions that still prevail on the market are simply not the standard anymore: they imply that a threat has already reached a system.
Heimdal’s ultimate goal is prevention, and prevention from multiple angles, within a unique suite in which the products communicate for extra efficiency. I’m happy to say that more and more vendors will follow our lead.
By anticipating and actually responding to threats in real-time, machine learning will greatly help cybersecurity solutions become more powerful and, at the same time, more convenient.
5. Real-Time Data Visibility Will Be Elementary for Any Cybersecurity Software
As unfortunate as it may be, many company owners do not have basic information about their business, like a full IT asset inventory with all the hardware and software they use or a list of all their third-party suppliers, never mind a complete overview of the possible cyber threats that they might face or have faced.
This definitely has to change if they want to avoid all the unpleasant consequences of a cybersecurity incident – money loss, time loss, brand damage, and so on, so automation and real-time data visibility must be positioned as key aspects of any top cybersecurity solution moving forward.
6. Extended Detection and Response and Unification Will Be Front-Page Aspects of Any Cybersecurity Strategy
When it comes to cybersecurity trends, the shift towards extended detection and response and unified endpoint management might be the most important. XDR brings a cross-layered detection and response approach, improving security by looking at endpoints, servers, clouds, networks, and email agents, and enhances productivity while substantially reducing costs.
Unified endpoint management will also be crucial for an effective cybersecurity strategy, enhanced productivity and reduced costs, offering the much-needed real-time data visibility that all company owners must have at any time.
7. Cybersecurity Awareness Will Have a Fantastic Growth among Both Home Users and Professionals
Having an idea about what could go wrong in terms of cybersecurity and being curious about what can be done to avoid problems are the first steps of prevention. If, at the office, there are, in general, regulations that force people to take cybersecurity seriously and cybersecurity training programs that offer basic knowledge to employees, many home users have had the tendency to be somehow neglectful when it comes to their online security.
Fortunately, I believe that this is already changing, and in 2022 we’ll see a massive increase in cybersecurity awareness, as more and more people will finally understand that a cybersecurity incident can happen at any time, to anyone (I can’t fail to mention the recent brute force attack on my home Synology server here as an example) and that it really is everyone’s responsibility to prevent it.
Final Thoughts on 2022 Top Cybersecurity Trends
The most important cybersecurity trends that I expect to see in 2022 are: a massive increase in supply chain attacks (ransomware especially), potentially through globally reaching supply chains like Microsoft Update, huge remote work challenges, data protection and authentication transformations, machine learning and AI favoring the evolution towards prevention instead of mitigation, an increased necessity for real-time data visibility, extended detection and response and unified endpoint management, as well as a long-awaited increase in user awareness.
Heimdal™ Security is already uniquely positioned against what we believe to be the upcoming market challenges and red hot problems, offering our customers:
- An outstanding Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile);
- Market-leading Threat Prevention for both network and endpoint, that will discover and prevent threats at DNS, HTTP, and HTTPS level, helping you keep away much more of today’s and tomorrow’s cyber threats than any antivirus;
- A truly unique, highly automated patching solution, that allows you to deploy secure Microsoft, 3rd party and custom updates whenever you choose, anywhere in the world.
- A Privileged Access Management solution that completely simplifies the process of granting admin rights and also de-escalates privileges upon threat detection when used in conjunction with our Threat Prevention and Endpoint Detection solutions.
- Two fantastic Email Security modules, that will help you avoid email-deployed malware and ransomware, business email compromise, phishing, CEO fraud, botnet attacks.
We will, of course, keep shaping our suite into one that maximizes protection and prevention according to the cybersecurity market’s most pressing needs and the cyberthreat landscape’s evolution.