Some cybersecurity experts say that complex cybersecurity challenges are coming in 2022, with new types of supply chain-related attacks and attacks aided by artificial intelligence.
Several cybersecurity experts offered their ideas about trends in cybersecurity and cyberattacks for 2022, with predictions all over the map. But supply chain attacks, where attackers infect third-party services used by many organizations, was one recurring theme.
So-called indirect attacks are likely to rise, including attackers replacing a library or file at a central repository used by an organization, supply-chain attacks, and attacks on “internet of things” devices, said David Ratner, CEO of cybersecurity vendor
HYAS
.
“All of these examples share one common characteristic: The entry point itself is incredibly difficult to monitor,” he told the Washington Examiner. “This is why a key theme for 2022 going forward will be ensuring that enterprises have the visibility and control they require, not just of what is coming in the front door but what communication is leaving the organization and what that says about overall service assurance, hygiene, and governance.”
Supply chain attacks will be prevalent because they allow attackers to “contaminate once and exploit many,” added Nasser Fattah, North America Steering Committee chairman of
Shared Assessments
, a risk management organization.
Several cybersecurity professionals said ransomware is here to stay, but attackers are also adapting their methods using artificial intelligence, machine learning, and other technologies.
Ransomware is “the gift that will keep on giving,” Fattah told the Washington Examiner. “However, expect bad actors to modernize, for example, leveraging AI and ML, to further sophisticate their attacks.”
A handful of cybersecurity professionals predicted that attackers would look to take advantage of organizations that shifted to remote working and cloud services during the COVID-19 pandemic.
“While nation-state-sponsored attacks are a serious threat, we often overlook the more abundant issues directly impacting businesses and individuals,” said Jori VanAntwerp, CEO and co-founder of
SynSaber
, a cybersecurity provider for industrial clients. “Employers continue to adjust to a largely remote workforce, adding layers of vulnerability and complexity. Bring-your-own-device [policies] or the use of home equipment will continue to introduce weak links to already weakened security postures.”
Many organizations rapidly adopted cloud technologies during the pandemic to enable remote working, noted Archie Agarwal, founder and CEO at
ThreatModeler
, a threat modeling service.
This rush to the cloud “will begin to unravel as it becomes apparent this year that security slipped through the cracks during the rushed migration,” Agarwal told the Washington Examiner. “As a result, we will witness the rise of huge breaches due to simple cloud security misconfigurations and permissions errors.”
He predicted that startups focused on the automation of cloud configurations and remediation of cloud misconfigurations would appear on the scene in response to this rapid adoption of cloud services.
In addition, many experts expect phishing schemes to be popular with cybercriminals, including whale phishing, which targets high-level executives at organizations.
Malicious actors are shifting away from email toward web and mobile applications as an ideal surface for phishing attacks, malicious redirects, and malware payloads, noted Chris Olson, CEO at
the Media Trust
, a digital safety platform. “Third-party code, in particular, has proven to be a potent attack vector, enabling hackers to sneak their code past reviewers into trusted apps and websites where it can exploit users in countless ways,” he said.
Phishing attacks will continue to target people with access to the money at an organization, added Michael Gray, CTO at
Thrive
, a managed services provider.
“If someone in accounts payable gets their email compromised, their emails will be downloaded and their address book copied,” he said. “Attackers will try to convince vendors to route the money to a new bank, oftentimes successfully.”
