Bad actors have taken note of successful tactics from 2021, including those making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce. We expect them to pivot those into next years’ campaigns and grow in sophistication, wielding the potential to wreak more havoc across the globe.
#1 Use of social media for targeted attacks
While this approach is not new, it is relatively uncommon. After all, it does demand a level of research to hook the target into interactions and establishing fake profiles are more work than simply finding an open relay somewhere on the internet. That being said, the targeting of individuals has proven a very successful channel, and we predict the use of this vector could grow not only through espionage groups, but other threat actors looking to infiltrate organisations for their own criminal gain.
#2 Nation states turn to hackers for hire
In 2022, we will see an increase in the blending of cybercrime and nation-state operations. In many cases, a start-up company is formed, and a web of front companies or existing technology companies are involved in operations that are directed and controlled by the countries’ intelligence ministries. The initial breach with tactics and tools could be similar as regular cybercrime operations, however it is important to monitor what is happening next and act fast — companies should audit their visibility and learn from tactics and operations conducted by actors targeting their sector.
In 2022, we will see an increase in the blending of cybercrime and nation-state operations
#3 Rise of smaller affiliates
The Ransomware-as-a-Service eco system has evolved with the use of affiliates, the middlemen and women that work with the developers for a share of the profits. However, for a long time, RaaS admins and developers were prioritised as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, will create an atmosphere where those lesser-skilled affiliates can thrive and grow into very competent cybercriminals, eventually with a mind of their own.
#4 Game of ransomware thrones
In 2022, these self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom from those who control the ransomware to those who control the victim’s networks. Ransomware has generated billions of dollars in recent years, and it is only a matter of time before some individuals who believe they are not getting their fair share become unhappy.
Lesser-skilled affiliates will thrive and grow into competent cybercriminals, eventually with a mind of their own
#5 Close eye on API
Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. 5G and IoT traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information. The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks. In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.
#6 Hijackers will target application containers
Containers have become the de facto platform of modern cloud applications. In a recent IBM survey, 64% of adopters expected to containerise over 50% of existing and new business applications over the next two years. However, the accelerated use of containers increases the attack surface for an organisation.
Attacks targeting APIs go undetected as they are generally considered as trusted paths
And while attacks against containers are not new, in 2022, we anticipate expanded exploitation on the orchestration layers, increasing use of malicious or backdoored images through insufficient vulnerability checks and increasing attacks targeting vulnerable applications.
Ransomware has generated billions of dollars and it is only a matter of time before those who believe they are not getting their fair share become unhappy.