{"id":44328,"date":"2021-12-08T00:00:00","date_gmt":"2021-12-08T00:00:00","guid":{"rendered":"urn:uuid:954dd031-4885-5012-b2ca-5fefd9b1a5d6"},"modified":"2021-12-08T00:00:00","modified_gmt":"2021-12-08T00:00:00","slug":"cybersecurity-trends-for-2022","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cybersecurity-trends-for-2022\/","title":{"rendered":"Cybersecurity Trends for 2022"},"content":{"rendered":"

<\/p>\n

<\/div>\n

You\u2019ve heard it before: the pandemic accelerated digital transformation. And there doesn\u2019t seem to be any signs of slowing down. But what does an increasingly agile and hyper-connected world mean for an organization\u2019s security? Trend Micro Research<\/span><\/a> predicts the biggest threat and security challenges for the new year, enabling a more resilient, forward-thinking security strategy.<\/p>\n

Cybercriminals in the cloud
<\/span>Although cybercriminals will continue to use tried and true methods, such as phishing emails, unsecured secrets, and exploiting known flaws, they will also explore new technologies like Java, Adobe Flash, and WebLogic to gain access.<\/p>\n

Cybercriminals will also mimic the DevSecOps \u201cshift left\u201d approach by going to the source of an enterprise\u2019s infrastructure. We\u2019ll see more malicious actors compromising DevOps tools and pipelines to target supply chains, Kubernetes environments, and infrastructure as code (IaC) deployments.<\/p>\n

Since developers\u2019 tokens and passwords hold the key to an organization\u2019s operations, using their credentials helps attackers stay under the radar while penetrating multiple layers of an enterprise\u2019s network.<\/p>\n

Surge in supply chain attacks<\/span><\/b><\/p>\n

Supply chain attacks will be especially prevalent, as ongoing economic shortages and disruptions will create opportunities for malicious actors to strong-arm targets for big payouts. Particularly, we predict access-as-a-service (AaaS) brokers will take special interest in gaining residence and selling it to the highest bidder.<\/p>\n

Next, look out for the rise of quadruple extortion model: holding the victim\u2019s critical data, threatening to leak and publicize the breach, threatening to target their customers, and attack the victim\u2019s supply chain or partner vendors.<\/p>\n

Beware of modern ransomware<\/span><\/b><\/p>\n

Perhaps one of the most covered security issues of 2021, ransomware wreaked havoc across businesses of all sizes. Enterprises were targeted for lucrative payouts, while small and medium-sized businesses (SMBs) were exploited by ransomware as a service (RaaS) groups.<\/a><\/p>\n

Unfortunately, ransomware will continue to evolve and remain prevalent. We predict two trends emerging: (1) modern ransomware will become increasingly targeted and prominent and (2) ransomware operators will use more complex extortion tactics such as exfiltrating data to weaponize it.<\/p>\n

Commonly used attack vectors like VPNs, spear-phishing emails, and exposed RDP ports will remain in play, but we predict the cloud will become a bigger target as more companies continue to migrate their data. Specifically, cloud and data center workloads will be the main playground for ransomware actors, due to an increased attack surface from less-secure homeworking environments.<\/p>\n

Compromising the connected car<\/span><\/b><\/p>\n

The automotive industry will also see an uptick in targeted attacks, as cybercriminals move beyond hijacking IoT gadgets and cash-in on the goldmine of data delivered by connected cars via cameras, lasers, and other sensors. Forbes predicted the demand for smart car information will be valued around US$450 to US$750 billion by 2030; evidently, malicious actors are poised to turn a hefty profit from the booming connected car industry.<\/p>\n

Zero day and known vulnerabilities<\/span><\/b><\/p>\n

Increased media attention and big payouts will motivate cybercriminals to launch an unprecedented number of zero-day exploits, surpassing the record-setting number in 2021.<\/p>\n

However, security leaders still need to look out for older, known vulnerabilities. As we previously mentioned<\/a>, old vulnerabilities are still traded and purchased in underground markets, as enterprises often struggle with complex patch management. In 2022, we\u2019ll see malicious actors continuing to take advantage of the growing \u201cpatch gap\u201d within enterprises.<\/p>\n

Future-proofing your security strategy<\/span><\/b><\/p>\n

Here are a few recommendations to bolster your security strategy against emerging threat tactics and techniques (TTPs):<\/p>\n