In his 1930 letter to his son Eduard, Albert Einstein wrote, “It is the same with people as it is with riding a bike. Only when moving can one comfortably maintain one’s balance.” As we all move into 2022, the great physicist’s words still ring true, but we mustn’t also forget that sharks must keep moving in over to stay alive. And like sharks, cybercriminals must keep moving and innovating faster than the good guys in order to stay alive. The threat intelligence experts at Secureworks have analyzed 1,400 incident response engagements, trillions of event logs, and monitored over 300 threat groups so that we might all prepare now to stay safe in the coming years. These are their top threat predictions…
Cybercriminals will continue to leverage common security issues such as lack of MFA, compromised credentials, and services such as RDP exposed to the internet. Ransomware will get all the headlines, but phishing attacks on business email will lead to large single-loss events that are both easier and faster to conduct. Speed will take precedence over stealth. Criminals count upon large organizations moving slowly so time domain will become more important for defenders.
Cloud-based attacks will increase due to the assumed security of these platforms. Organizations will deploy new applications and infrastructure to the cloud where possible without necessarily understanding the particulars of their environment. Expect more attacks due to misconfigurations and a lack of adequate controls on these platforms. As hybrid cloud strategies continue to grow, we can also expect network intrusions to also have an on-premises component to them.
There will be more demands but less ransomware encryption of that data. It is faster and cheaper for criminals to simply steal data and threaten to release rather than give a cut to the ransomware operators. Additionally, DDoS attacks will augment these ransomware attacks by crippling an organization’s ability to fight back. Law enforcement will adopt increasingly aggressive stances against ransomware ecosystems including the cryptocurrency it relies on. Some ransomware criminals will avoid targeting critical infrastructure altogether for fear of retribution from intelligence agencies while other, less established criminals may deliberately focus on these targets as a way of growing their own brand. Ransomware criminals will also make the decision of ‘to pay or not to pay’ and easier question to answer for victims by targeting their data’s integrity and creating a value proposition to simply pay rather than tying up valuable resources in assessing, remediating and recovering that data.
State actors will continue to focus primarily on espionage rather than on disruption and destruction. China, Russia, and Iran, will concentrate on harvesting bulk data to support future campaigns against the U.S. and Western but this will only bolster covert deterrence operations.
Coverage for ransomware will become prohibitively expensive as cyber insurers will become more stringent about the conditions under which a policy will pay out. Preparation and incident response plans by both insured and non-insured organizations will increase in value due to the change in this risk calculation.
I encourage everyone to digest these insightful predictions and look to the new year with hope and confidence . We can maintain our balance if we continue to move forward and make progress together. Since there is no winning in the war of cybersecurity, it is more important that we simply survive and prevent them from thriving.
This blog was sponsored by Secureworks.