Cybersecurity professionals be warned: 2022 offers no respite from the wave of cybercrime that’s tormented enterprises these past couple of years. Cybersecurity was already a fast-moving sector prior to Covid-19. But the emergence of remote work, supply chain challenges, and the accelerated shift to the cloud have exacerbated an already precarious situation for IT and security professionals. The cyber threat landscape is becoming more automated, sophisticated, and dangerous.
Morphisec has been analyzing this ever-evolving threat landscape as well as the emergence of new ransomware strains, evasive RAT loaders, and threatening crypters. We’ve seen first-hand how the cyber threat landscape of today is more varied and dangerous than ever, and no organization or industry is immune from its wrath.
Morphisec is committed to making breach prevention easy for every organization, no matter their size. So we spoke to insightful industry leaders to better understand what we can expect from cybercriminals this year. They are: Brad LaPorte, partner at HighTide Advisors, veteran of US Cyber Intelligence, and former Gartner Senior Director Analyst. Freda Kreitzer, Head of IT at Bolt and former Enterprise Support Engineer at Facebook. And Morphisec’s own Michael Gorelik, CTO and Head of Threat Intelligence.
Here’s what they said.
Ransomware Attacks Will Increase
The impacts of double extortion and crimeware-as-a-service will continue to plague businesses worldwide, according to cybersecurity advisor Brad LaPorte. Cybercriminals will use more aggressive tactics including destroying data, leaking sensitive information, targeting high-value victims, and disrupting business operations to force enterprises to pay.
“This will evolve into triple and quadruple extortion as cybercriminals combine multiple attacks at once,” LaPorte says. “Defenders will implement more system hardening and attack surface reduction to mitigate these aggressive attacks.”
Meanwhile, Morphisec’s Michael Gorelik says hackers are increasingly modifying their encryption techniques to become harder to detect. This is a trend that began in 2021 but is becoming more mainstream this year.
“Most recently, we've identified a significant shift in attackers’ encryption strategies. They’re moving from file encryption to disk/volume encryption,” added Michael. “It’s likely that more groups will fully adopt this approach or utilize it in a hybrid fashion. This means they could apply volume encryption on servers and regular file encryption on endpoints through BitLocker, DiskCryptor, BestCrypt, or other known open source tools.”
Gorelik also believes there’s a high probability more ransomware attacks will avoid encryption and focus on file exfiltration instead. This tactic will be used to target companies with the most sensitive data, as they’re the ones who have the most to lose.
Everything is Moving to the Cloud, Including Cybercriminals
Attacks on cloud infrastructure will be one of the leading attack vectors this year, LaPorte predicts. According to Gartner, by 2023, 70 percent of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40 percent in 2020. The cloud grants businesses greater agility and flexibility. But it also opens up new vulnerabilities and opportunities for cybercriminals to target businesses.
“Through 2025, 99 percent of cloud breaches will have a root cause in preventable misconfigurations or mistakes by end-users,” LaPorte predicts. “In addition, 96 percent of third-party container applications deployed in cloud infrastructure contain known vulnerabilities. And 63 percent of third-party code templates used in building cloud infrastructure contained insecure configurations. Defenders will double down on defending their cloud infrastructure from attackers.”
Freda Kreitzer, Head of IT at Bolt, agrees with LaPorte about the threat of human error: “We humans are so easily manipulated!” She calls human error the biggest enterprise breach risk this year. “Supply chain attacks will also increase. Ransomware attacks will increase through the pandemic, and attacking and hacking will become even easier.”
Third-Party and Supply Chain Attacks Will Continue to Increase
Supply chain attacks have risen over 430 percent since 2019. These types of attacks will increase to be the number one global attack vector in 2022, predicts Brad LaPorte.
He says, “As more enterprises invest in cybersecurity defenses, cybercriminals are moving upstream to implement much more impactful one-to-many attack methods. By the end of the year, most enterprises will need to continuously contend with multiple supply chain attacks at once. Defenders will invest in having additional visibility, control, and protection in business relationships that increase their exposure to risk through partnerships and extended ecosystems.”
The damage caused by these types of cyberattacks is rising exponentially. Kreitzer says she hopes organizations reevaluate their basic security hygiene practices. She hopes for an uptick in password managers, identity access managers (IAMs), and multifactor authentication (MFA).
“I’m appalled at the amount of privacy and ‘tech’ people who store their passwords in a text file locally on their machine,” she admits. “MFA is better than SMS for 2FA, but any sort of 2FA is a plus. Identity Access Managers are certainly useful—get all your apps behind one ‘gate.’”
Threat Actors Will use AI to Scale Operations and Exploit the Remote Work Movement
The shift to remote and hybrid work during the pandemic began as a temporary measure to help curb the spread of the virus. It’s now become a permanent change. This situation has reshaped the cyber threat landscape and created new opportunities for attackers to change their approach. According to Michael Gorelik, expect this to worsen this year.
He predicts, “With more attackers entering the market with malware-as-a-service campaigns, bad actors will continue to target the essential tools every distributed workforce is using. These include VPNs and their providers, which have a weak self-security posture, exposed servers, and exchange email services and web applications. Attackers will continue to exploit these servers and services or brute force them due to defenders’ inefficient hardening practices.”
Additionally, Brad LaPorte believes we’ll see cybercriminals use AI more frequently as they seek to scale their operations.
“Automated tools like artificial intelligence and machine learning are now free and more readily available than ever before,” he says. “This is great for defenders but even more so for cybercriminals. This is multiplied by their motivation and financial incentives to use them. Cybercriminals will use automated tools to implement automated attacks at a mass scale. Defenders will prioritize and invest in automated protection technologies to mitigate this evolving threat.”
There Will be an increase in Backdoor Beacons for Human-Operated Attacks
We’ll see a substantial jump in the number of beacons deployed for human-operated attacks in 2022, predicts Gorelik. These attacks may not end with the attacker distributing ransomware either. “In addition, we'll likely see an increase in attackers deploying miners, and resource or bot utilization to make a quick profit,” he explains.
“Further, as the business model of human-operated attacks continues to prove itself, we’ll see attackers leverage backdoors like CobaltStrike and Meterpreter much more, even delivering them automatically. Finally, with the revival of Emotet and the resurgence of exploit kits and malware droppers, we need to watch out for more groups becoming involved in malware-as-a-service campaigns, leading to the effective utilization of these backdoors, and a rise in the number of organizations compromised.”
Attackers Will Use Infostealers and RATs to Re-Enter Corporate Networks
Attackers’ use of infostealers and remote access trojans (RATs) will grow in 2022. Remote and hybrid employees are using their personal devices more. So companies’ network gateway protections, intrusion detection, and prevention systems struggle to protect them.
According to Michael Gorelik, this dynamic means threat actors will continue to find it easy to deploy infostealers and RATs on employee computers in 2022. “The fact that attackers are also shifting to higher languages such as Golang and Delphi means enterprises are finding it incredibly difficult to signature or detect them without an increased number of false positives. The goal of these infostealers and RATs is to provide surveillance.”
How to Navigate The Cyber Threat Landscape
Cybersecurity teams who rely solely on next-gen antivirus and endpoint detection and response solutions will find themselves in a lot more trouble. These signature and pattern- or behavior-based detection solutions don’t stop the sophisticated, polymorphic attacks that target memory rather than disc-drives and files.
It’s critical to adopt a zero-trust model that requires you to treat anything inside or outside your network as a potential intruder. Attackers are in full-on war mode. A reactive, defensive strategy no longer works against their advanced attacks.
Instead, organizations should adopt a preventative approach that proactively stops breaches before they can infiltrate. You can do this with Morphisec’s Moving Target Defense technology (MTD). It uses polymorphism against attackers to hide vulnerabilities from threat actors while reducing your attack surface. To learn more, read Morphisec’s white paper: Zero Trust + Moving Target Defense: Stopping Ransomware, Zero-Day, and Other Advanced Threats Where NGAV and EDR Are Failing.