2022 PREDICTIONS BY Mandiant

Home / News / 2022 PREDICTIONS BY Mandiant

2021 was a year when the emotions associated with forced digital transformation subsided somewhat and working in a distributed environment became the norm. Companies have improved or implemented security systems adapted to the new reality, and cybersecurity has returned to the position of a pressing (not a critical) problem. And so we enter the New Year – 2022.

We took the selected predictions from the Mandiant report. Their mission is something we share – “to make every organization secure against cyber threats and be sure of their preparedness”. They also have a solid background of information on threats, compiled by over 300 people researching hackers using incident analysis, reconstruction of the attacked infrastructure and processes used by malware.

Oh, besides, their expectations are in line with our gut feelings. See below:

1. There is no end in sight: more, more, more when it comes to digital attacks

Ransomware will continue its uptrend – this activity is just too lucrative. The only hope is that international governance and technological innovation can fundamentally change the cost-benefit calculation of an attacker. We expect an increase in ransomware-related incidents targeting smaller organizations in critical industries that must be urgently paid to avoid significant impacts on the health and well-being of the civilian population. Threat dealers involved in multi-faceted extortion will continue to find more ways to extort payments from their victims. The multi-faceted scam starts by blocking victims from accessing their own files by encrypting (classic ransomware) and then adding threats such as making sensitive data public. In 2022, expect actors to develop new tactics, such as trying to recruit people from within their victims or targets. We also expect more cyber criminals to punish victims who hire professional negotiation firms to help reduce the final amount of extortion payments. In 2022, we expect tactics to evolve as cybercriminals become more business savvy and learn what situations their victims most want to avoid.

2. No of honor among thieves: more disputes between the actors of the threat

Ransomware-as-a-Service operations are organized actions where different people perform a specific element of the attack for a fee or for a percentage of the proceeds. In 2022, conflicts of interest between these entities will intensify. Conflicts can arise when targets do not pay off or if law enforcement interferes with entities’ ability to obtain payment. Conflicts can also arise when victims’ organizations finally pay; the specific actor may feel that he has not received enough payment or that she doesn’t get a fair share. Over the next 12 months, we expect many situations where victims will pay one million dollars or more to prevent stolen data from being released. In some of these situations, some or all of the data may be published by one of the participants in the operation due to a conflict. The more this happens, the more it will affect the way organizations think about paying the ransom.

3. Organizations caught between the government and groups that distribute ransomware

The U.S. government is focused on ransomware and how to mitigate it, which can lead to negative consequences for the organization. For example, US organizations – and organizations that are not based in the US but do business in the US – must not pay sanctions-threateners or any group or person on the US Treasury Department’s non-paying list. We suspect that other countries will also establish ransomware incident handling guidelines in 2022. In the case of the EU, it may be, for example, an update of the NIS directive.

4. Systems increasingly threatened by “n00bs”

Hackers dealing with low-level threats (also known as script kiddies) have a big impact in the Operations Technology (OT) space – perhaps even more than they intended. These relatively low-skilled criminals will continue to explore the OT space in 2022 and will increasingly use ransomware in their attacks. Such targeting will take place due to the need to maintain full operational OT environments, especially when the systems are part of critical infrastructure. Attacks on critical OT environments can cause severe disruption and even threaten human lives, thus increasing pressure on organizations to pay the ransom. Moreover, many of these OT devices are not built to prioritize cybersecurity, and we are also seeing a huge increase in the number of vulnerabilities detected in OT environments.

5. The prevalence of deepfakes attacks

The effectiveness of deepfake in information operations has been debated in the security community, but state sponsored and financially motivated actors have shown a growing interest in the technology. Mandiant watched posts and ads on deepfake technology on underground Russian and English-speaking crime forums in 2020 and 2021. Users of these underground forums advertised personalized deepfake videos and images, as well as training for users to create their own manipulated media. Deepfake audio has facilitated fraudulent use of manipulated email account (BEC). Open sources highlight how cybercriminals have used manipulated media to bypass multi-factor authentication (MFA) security protocols and Know Your Customer (KYC) identity verification measures. We predict that as deepfake technology becomes more widely available in 2022 and beyond, criminals and spies will increasingly incorporate manipulated media into their activities to make social engineering more persuasive, easily tailor content to specific goals, and defeat some automated systems identity verification.

6. Attack outsourcing in the world of cybercrime increases the speed and variety of malicious activities

Outsourcing through mechanisms such as ransomware affiliate programs, exploit vendors, commercial contractors, malware producers and freelancers contribute to both the increasing frequency and complexity of cyber threats. Blurring differences between financial incentives, state-sponsored operations in both tools and talent, the maturing legal and illegal markets for third party tools and services, and the increasing commercialization of skills in tool making and attacking all contribute to increasing the level of cyber risk as the number, quality and value of and the adaptability of malignant operations.

7. Cloud adoption introduces new points of vulnerability in architecture

Organizations will increasingly rely on external cloud-hosted services for core business tasks, putting more pressure on these companies to maintain both availability and security. If any of these features are disrupted, organizations must: Be prepared to work around the interruptions and diagnose, resolve, and recover from an incident that were not the primary target and may not have access to a complete view of the attack lifecycle in internal logs. We predict cloud problems and abuse will increase with the adoption of the corporate cloud in 2022. We suspect that organizations using cloud services and cloud-hosted providers may become more vulnerable to threats as well as vulnerabilities, misconfigurations, or outages in cloud resources.

8. IoT – new vulnerabilities and increased attack surface

In the coming years, we expect a steady increase in the number of Internet of Things (IoT) devices, many of which will be inexpensive and built without really considering the security issue. Number of software and hardware vulnerabilities – makes it harder for vulnerability hunters to keep up with securing them. Unfortunately, the underlying design of IoT devices has not placed enough emphasis on security to address these issues, so things will only get worse in the coming years. Most users may never realize that an update is required, and if they do, they may not even care. There has been no coordinated security initiative for IoT devices. Technologies like Secure Boot are helping, but are yet to be implemented by larger organizations and newer products. It’s true that companies like Microsoft and Amazon are building platforms that will give smaller businesses the ability to build more secure IoT devices. These are steps in the right direction, but it will be several years before the cybersecurity IoT paradigm becomes a reality.

Mandiant presents expectations for the future based on the trends they have seen in activities such as malware research, investigations, and ex post analysis of cyber attack environments. And it’s not just about the attackers’ behavior; but everything else, from technology and workplace trends to changing laws and regulations. For two years now, ransomware has been playing first fiddle. Hackers are becoming more aggressive, turning these once relatively simple attacks into more sophisticated – and lucrative – multi-faceted extortion operations. But international anti-ransomware efforts have not affected the ransomware-as-a-service business model. Government efforts can cruelly lead to negative consequences for the organization.

Organizations have a lot to remember in 2022, but being vigilant will allow them to defend themselves against imminent threats – and respond to those that inevitably occur. We see increased commoditization of malware, which given increasing complexity of digital world – and still relatively poor user awareness – can be disastrous. Let’s face it – along with the progressive digitization, cybersecurity will be more and more often on the agenda of Management Board meetings.


Related articles

Risk management and security trends by Gartner in 2021
Don't want to be a victim of social engineering - learn 3 ways to defend yourself
Behavioral analysis - blocking an attack at an early stage
Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.
I accept More info