VIEWPOINT
2022 MAY SEE GAME OF RANSOMWARE THRONES
Ransomware has generated billions of dollars and it is only a matter of time before those who believe they are not getting their fair share become unhappy.
RAJ SAMANI,
B
ad actors have taken note of successful tactics from 2021, including those making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce. We expect them to pivot those into next years’ campaigns and grow in sophistication, wielding the potential to wreak more havoc across the globe.
#1 USE OF SOCIAL MEDIA FOR TARGETED ATTACKS While this approach is not new, it is relatively uncommon. After all, it does demand a level of research to hook the target into interactions and establishing fake profiles are more work than simply finding an open relay somewhere on the internet. That being said, the targeting of individuals has proven a very successful channel, and we predict the use of this vector could grow not only through espionage groups, but other threat actors looking to infiltrate organisations for their own criminal gain.
#2 NATION STATES TURN TO HACKERS FOR HIRE In 2022, we will see an increase in the blending of cybercrime and nationstate operations. In many cases, a start-up company is formed, and a web of front companies or existing technology companies are involved in operations that are directed and controlled by the countries’ intelligence ministries. The initial breach with tactics and tools could be similar as regular cybercrime operations, however it is important to monitor what is happening next and act fast — companies should audit their visibility and learn from tactics and operations conducted by actors targeting their sector.
#3 RISE OF SMALLER AFFILIATES The Ransomware-as-a-Service eco system has evolved with the use of affiliates, the middlemen and women that work with the developers for a share of the profits. However, for a long time, RaaS admins and developers were prioritised as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, will create an atmosphere where those lesserskilled affiliates can thrive and grow into very competent cybercriminals, eventually with a mind of their own.
08
MEA
N OV E M B E R 2 0 21
Fellow and Chief Scientist of the combined company, McAfee Enterprise and FireEye.
#4 GAME OF RANSOMWARE THRONES In 2022, these self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom from those who control the ransomware to those who control the victim’s networks. Ransomware has generated billions of dollars in recent years, and it is only a matter of time before some individuals who believe they are not getting their fair share become unhappy.
#5 CLOSE EYE ON API Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. 5G and IoT traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information. The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks. In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.
#6 HIJACKERS WILL TARGET APPLICATION CONTAINERS Containers have become the de facto platform of modern cloud applications. In a recent IBM survey, 64% of adopters expected to containerise over 50% of existing and new business applications over the next two years. However, the accelerated use of containers increases the attack surface for an organisation. And while attacks against containers are not new, in 2022, we anticipate expanded exploitation on the orchestration layers, increasing use of malicious or backdoored images through insufficient vulnerability checks and increasing attacks targeting vulnerable applications. ë