This is a contributed article by Raj Samani, McAfee Fellow and Chief Scientist at McAfee Enterprise
2020 was the year that threw the world into chaos. And quite frankly, 2021 wasn’t much better – at least from a cybersecurity perspective. With our research telling us that during the pandemic, 81% of global organisations experienced increased cyber threats.
While the threat landscape is dynamic and ever-changing by its very nature, the evolution we’ve witnessed over the past 18 months has been dramatic and unexpected. One of the most significant factors in the disruption was the rapid shift to remote working. This shift brought with it the adoption of a whole host of new technologies as companies scrambled to move their processes online. So naturally, cybercriminals have taken full advantage of the additional attack surfaces these new technologies have provided.
At this point, there are no surprises when it comes to the increasingly sophisticated nature of the attacks we’ve seen. Hackers are learning at a (seemingly) astronomical rate, but luckily, it’s not all doom and gloom. The organisations which acknowledge the threat and subsequently implement the necessary training, technology and services are much more likely to stay safe.
Luckily, many businesses are aware of this, with our research finding that 31% of UK organisations are planning to invest more than $1 million into security strategies next year. With businesses prioritising the likes of Cloud Security (59%), Endpoint security (50%), Advanced threat protection (38%) and the Security Operations Centre (37%).
The key thing for these businesses to consider, however, is the transition from reactive to proactive behaviour regarding cybersecurity. Unsurprisingly, pre-empting the threats organisations might expect to be exposed to plays a huge part in this. From threats on social media to nation-state actors, we’ve pulled together our predictions for the top cybersecurity threats of 2022 to help organisations stay safe into the New Year.
Lazarus wants to add you as a friend
We love our social media. From catching up with our friends to keeping tabs on the best jobs in the industry. Our appetite for accepting friend requests and connections from strangers is all part of our relentless pursuit of the next 1,000 followers.
But guess what? The threat actors know this. And as a result, we’ve seen cybercriminals targeting executives with promises of job offers. It’s one of the most efficient methods to bypass traditional security controls and directly communicate with targets at companies that are of interest to threat groups. Equally, groups have used direct messages to take control over influencer accounts to promote messaging of their own.
While this approach is laborious, demanding a level of research to “hook” the target into interactions and establishing fake profiles, it has proven to be a very successful channel for cyber criminals. We predict the use of this vector could grow not only through espionage groups but other threat actors looking to infiltrate organisations for their own criminal gain.
Help wanted: bad guys with benefits
Our team’s monitoring of threat activities around the globe saw an increase in the blending of cybercrime and nation-state operations. In many cases, a start-up company is formed, and a web of front companies or existing “technology” companies are involved in processes directed and controlled by the countries’ intelligence ministries.
In May 2021, for example, the US government charged four Chinese nationals working for state-owned front companies. The front companies facilitated hackers to create malware, attack targets of interest to gain business intelligence, trade secrets, and information about sensitive technologies.
Not only China but other nations such as Russia, North Korea, and Iran have applied these tactics. Hire hackers for operations, do not ask questions about their other operations if they do not harm the interests of their own country. Where in the past, specific malware families were tied to nation-state groups, the blurring starts when hackers are hired to write code and conduct these operations.
The initial breach with tactics and tools could be similar to “regular” cybercrime operations. However, it’s essential to monitor what’s happening next and act fast. In 2022, we predict that these types of attacks will increase. To protect against such attacks, companies should audit their visibility and learn from tactics and operations conducted by actors targeting their sector.
Game of ransomware thrones
For several years, ransomware attacks have dominated the headlines as one of the most impactful cyber threats. Unfortunately, the Ransomware-as-a-Service (RaaS) model opened the cybercrime career path to lesser-skilled criminals, leading to more breaches and higher criminal profits.
RaaS admins and developers were prioritised for a long time as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.
In response to the Colonial Pipeline attack, the popular cybercrime forums have banned ransomware actors from advertising. Now, the RaaS groups no longer have a third-party platform to actively recruit, show their seniority, offer escrow, have their binaries tested by moderators, or settle disputes. The lack of visibility has made it harder for RaaS groups to establish or maintain credibility. It will also make it harder for RaaS developers to retain their current top-tier position underground.
Therefore, in 2022, we should expect more self-reliant cybercrime groups to rise and shift the balance of power within the RaaS eco-climate from those who control the ransomware to those who control the victim’s networks.
The year ahead
Over the past year, we’ve seen cybercriminals get more intelligent and quicker at retooling their tactics – and we don’t anticipate that changing in 2022. However, with the evolving threat landscape and the continued impact of the global pandemic, enterprises must stay aware of the cybersecurity trends to be proactive and actionable in protecting their information.
Raj Samani is Chief Scientist and Fellow for the McAfee Entreprise . He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognised for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He is the co-author of the book "Applied Cyber Security and the Smart Grid" and the "CSA Guide to Cloud Computing," as well as technical editor for numerous other publications.