Bitdefender Labs and its Managed Detection and Response team, dedicated to threat detection and neutralization, are renowned for their deep understanding of the rapidly evolving threat landscape and forecast the following trends for 2022:
1. Ransomware will continue to dominate the threat landscape
Unfortunately, our prediction of an increase in ransomware in 2021 has come true. The year just ended has been extremely productive for those who have launched ransomware attacks. SolarWinds, The Colonial Pipeline, Kaseya, and Brenntag are just a few of the big names involved in ransomware attacks that, according to the US Treasury Department, led to $ 5.2 billion in payments in 2021 alone.
“Ransomware will continue to be the most profitable cybercrime in 2022. We expect to see an increase in Ransomware-as-a-Service (RaaS) attacks that will focus on data exfiltration for ransom purposes,” he said. Dragos Gavrilut, director of Bitdefender’s Cyber Threat Intelligence Lab. “Just like any established company, ransomware will have to constantly keep up with both the competition and the cybersecurity solution providers.”
Bitdefender also expects an increase in ransomware for Linux environments that target ESXi storage or models. “Silent ransomware” – malware that lies dormant for a certain amount of time before encrypting data – will likely be used in a greater number of attacks. The Java Log4j vulnerability, which recently alarmed cybersecurity experts due to its pervasiveness and ease of exploitation, created a perfect scenario for ransomware. We expect to see negative spillovers in the coming months and potentially years to come as well. Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), called this threat “the most serious flaw” she has encountered in her ten-year career.
Overall, Ransomware-as-a-Service will see a reorganization to become more resilient, entering the realm of zero-day exploits to maximize its reach.
2. Nation-state sponsored attacks will create disruption in all communities
Political tensions are likely to have a major impact in the cyber world as nation-states vie for digital supremacy. 2022 will likely be the year of cyber attacks on critical infrastructure. Killware (i.e. cyber attacks that can cause physical harm or even death) could be the weapon of choice as it can be deployed using tactics similar to classic APTs and is effective against power grids, water and sewage systems or transportation. public with an immediate impact on the community and society. “It is not only public services, but also a slice of the Internet world could be interrupted by cybercriminals in 2022”, confirms Alex “Jay” Balan, director of security research di Bitdefender.
DDoS attacks and Border Gateway Protocol (BGP) hijacking will grow exponentially, causing problems and disruption to digital economies and telecommunications. “We will potentially see hack-back initiatives around the world, especially against nation-states that provide cybercriminals with a safe haven for digital crimes against US or European institutions,” he says. Catalin Coșoi chief security strategist di Bitdefender.
In 2021, we learned that supply chain attacks targeting Managed Service Providers (MSPs) were the most difficult to mitigate. Unlike other threats, these attacks are quieter, harder to stop, and propagate faster. Professional cybercriminal groups will focus more on MSPs in order to distribute ransomware to larger groups of potential victims. “Just as cyber security solution providers have begun to address MiTRE’s documented techniques, cybercriminals will focus their research on discovering and implementing new techniques to leverage MiTRE / Kill-chain tactics. We expect to see new attack methodologies that leverage COM / WMI, as these are not sufficiently monitored by existing EDR technologies “, predicts Dan-Horea Lutas, senior manager at Bitdefender which oversees behavioral and technology-based malware detection.
Public open-source code repositories such as Pypi or NPM will also be targeted by cybercriminals seeking to inject malicious code into products or infrastructure to attack the supply chain.
In addition to supply chain attacks, Bitdefender also expects an increase in the use of zero-day exploits in some targeted attacks. In 2021, Bitdefender saw an increase in zero-day vulnerabilities across all major technology stacks (Chrome, Exchange, Office, Windows 10, iOS), and the future sadly doesn’t look any better. Tianfu Cup, the Chinese version of Pwn2Own was a clear demonstration of the features available in other non-English speaking countries.
But it’s only zero-day vulnerabilities that allow cybercriminals to cause widespread damage to businesses. Tools like CobaltStrike will be increasingly adopted by malware operators. “Cybercriminals find inspiration within the community – if a group of cybercriminals achieve fame using existing tools, the rest of the community will follow suit,” he says. Radu Portase, main technical lead at Bitdefender. “The Emotet malware is a prime example of this behavior, as it is on the rise again and successfully uses CobaltStrike beacons to accelerate the installation of ransomware on corporate networks.”
Spam campaigns will become much more targeted due to the increasing availability of personal information stolen in data breaches. Full names and phone numbers, passwords, physical addresses, payment records or sexual orientation information will be used to create bespoke and credible phishing or extortion campaigns.
As spear phishing – whether it be whaling, business email compromise (BEC), email account compromise (EAC) – becomes more sophisticated, it will continue to be a leading vector of attack against companies and remote work environments, he predicts. Adrian Miron, manager del Content Filtering Lab di Bitdefender.
The scams of 2022 are likely to take advantage of the online recruitment processes imposed by the Coronavirus pandemic. Cybercriminals will begin impersonating companies to trick potential candidates by infecting their devices via common document attachments. Additionally, cybercriminals will likely use this remote hiring opportunity to recruit unwary job seekers into illegal activities like money-muling.
2022 is likely to lead to a major increase in attacks on cloud infrastructures, including those hosted by top-tier providers. Second Catalin Cosoi, chief security strategist at Bitdefender “Configuration errors and a shortage of skilled cybersecurity workforce will play a significant role in data and infrastructure breaches.”
As the world is gradually preparing for a permanent hybrid business scenario, companies are moving legacy services to the cloud. Attacks on the cloud will intensify, with a particular focus on Azure AD and Office365, where a spike in tool development is expected, especially on Office365 and Azure AD.
With the cryptocurrency ecosystem in full swing, Bitdefender expects a growing interest from cybercriminals to launch attacks against foreign exchange services, miners, wallet stealers, and cryptocurrency-related scams.
Increased interconnectivity in smart cars will also create new opportunities for cybercriminals. Vehicle telematics has become a cause for concern in recent years as manufacturers seek to create services or monetize the information sent by vehicles on the road. But data theft is only part of those concerns, he says Alexandru “Jay” Balan “As cybercriminals can exploit Internet-connected vehicles to facilitate theft, gain unauthorized access or even take remote control of the car causing potentially lethal consequences.”
Dark markets have been characterized by chaotic actions in 2020-2021, but as those identified are being dismantled into coordinated law enforcement actions, we believe we will see new realities arise in 2022, which will capture 50% of illegal deals on the dark web. , says Coșoi.
The cyber security sector is hard at work to design security solutions for the near future. Built for resilience, Bitdefender GravityZone Ultra protects businesses from a full spectrum of sophisticated cyber threats. With more than 30 machine learning-based security technologies, GravityZone provides multiple layers of defense that consistently outperform traditional endpoint security solutions, as proven by independent testing. A single agent, single console solution for physical, virtual, mobile, cloud-based and email-based endpoints, GravityZone adds the human element to its security ecosystem, minimizing management costs and providing ubiquitous visibility and control.