In the world of cybersecurity in particular, the end of the year brings an avalanche of predictions for what the threat landscape will look like in the year ahead. It’s a fun end-of-year tradition, but it can also provide valuable insight into coming trends to help defenders be prepared for what’s on the horizon.
Beyond the Buzzwords
As I review predictions from previous years and look at some of the 2022 predictions that are already hitting the internet, I have noticed that a lot of them are not really “predictions” — things like AI / ML, cloud computing, the cybersecurity skills gap, and ransomware, are blatantly obvious. Of course, those things will continue to get attention and are important to keep in mind but looking ahead to what Cybereason and our customers need to be aware of for 2022, let us consider the broader threat landscape — and what we are seeing in terms of emerging attacks and current threat research — to identify key risks that defenders need to prepare for.
RansomOps — The New Kill Chain
When it comes to ransomware, what we see today is not that simple. We now have ransomware cartels — like REvil, Conti, DarkSide, and others — and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain.
There is too much focus on the ransomware executable, or how to recover once an organization’s servers and data are already encrypted. That’s like fighting terrorism by focusing only on the explosive device or waiting to hear the “boom” to know where to focus resources.
RansomOps take a low and slow approach — infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in the network for days, or even weeks. It’s important to understand how RansomOps work and be able to recognise Indicators of Behavior (IOBs) that enable you to detect and stop the threat actor before the point of “detonation” when the data is actually encrypted, and a ransom demand is made.
Supply Chain — Amplifying Reach of Attacks
This also doesn’t feel like much of a “prediction” at face value. IT professionals are very familiar with the concept of a supply chain attack thanks to the SolarWinds attacks. You need to have a broader perspective on the concept of supply chain, though.
There is a growing trend of threat actors realising the value of targeting a supplier or provider up the chain in order to compromise exponentially more targets downstream. Rather than attacking 100 or 1,000 separate organisations, they can successfully exploit one company that unlocks the door to all the rest. It is the path of least resistance.
The attacks we have seen have been part of cyber espionage campaigns from nation-state adversaries. Those attacks will likely continue, and we will see a rise in cybercriminals adopting the strategy as well. Companies that act as suppliers or providers need to be more vigilant, and all organizations need to be aware of the potential risk posed from the companies they trust.
Microsoft — Living with the Microsoft Risk
The simple truth is that one way or another, Microsoft products are directly involved in the vast majority of cyber attacks. Threat actors invest their time and effort identifying vulnerabilities and developing exploits for the platforms and applications their potential victims are using. Microsoft has a dominant role across operating systems, cloud platforms, and applications that make it fairly ubiquitous.
As such, Microsoft will continue to be the primary focus for cyber attacks in 2022. That isn’t really a revelation. Defenders need to understand the risk of relying on Microsoft to protect them when they can’t even protect themselves. Organisations that depend on Microsoft for security will find themselves making headlines for the wrong reasons.
I’m not suggesting that organisations not use Microsoft products or services, but it is important to understand the risks and have a layered approach to defending those products and services against attacks.
Cybersecurity Is National Security
The line no longer exists between national security and cybersecurity. Sometimes a nation-state adversary attacks a private company as part of a broader campaign and sometimes cybercriminals launch attacks (think Colonial Pipeline) with national security implications.
What we need to be aware of as we go into 2022 is the increasing cooperation and collaboration between these threat actors. Nation-state adversaries are not directly controlling many of these operations, but a combination of state-sanctioned, state-condoned, and state-ignored attacks create an environment where failure to act is equivalent to tacit approval and indicates that even if they are not actively working together, their objectives are often aligned.
XDR — Improving Protection with AI
With the shift to work-from-home or hybrid work models, the rollout of 5G wireless, and the explosion of IoT (Internet-of-Things) devices, virtually everything is connected today. This connectivity provides a variety of benefits in terms of productivity and convenience, but it also exposes organisations to significant risk which makes Extended Detection and Response (XDR) crucial.
The question is, “What is XDR?”. Many vendors have an offering they are calling XDR, but not all XDR is created equally. There is almost universal agreement that XDR is the next thing, but the definition of what XDR is and the best way to achieve it is still being debated.
The industry will reach some consensus in 2022 and leaders will emerge as the dust settles in the XDR market. Regardless of how we define XDR, the scope and volume of threats demands that artificial intelligence (AI) play a central role in making it effective.
Get Ready for 2022
As you take time to gather with family and friends for the holidays, or just disconnect from work and recharge, hopefully these insights will help you prepare more effectively for the cybersecurity challenges you will face in 2022. The threat landscape is constantly shifting, but understanding how threat actors think and having insight into emerging trends enables you to stay ahead of the curve and defend more effectively.
Discussion about this post