No one can accurately forecast what catastrophes may loom on the horizon, but by examining current events, one can plan to guard against what is most likely to occur. In that sense, 2022 will be like any other year: threat actors will try to get through, while their would-be victims will try to stop them using modern technology and the best threat analysis available.
Combating threats in the world of cybersecurity is akin to playing an endless game of multidimensional, hyper-advanced whack-A-Mole: new dangers emerge all the time, often from unexpected places, and keeping up can feel impossible.
Cyber-threats are always evolving, influenced by trends in cryptocurrency use, the pandemic, geopolitics, and a variety of other factors; as a result, having a thorough understanding of the landscape is critical.
Linux-Based cloud infrastructure will be a target
A simple calculus is at work for threat actors: which form of attack is a) easiest and b) most likely to provide the highest return? At the moment, the answer is Linux-based cloud infrastructure, which accounts for a significant share of total cloud infrastructure. With cloud adoption on the rise as a result of the pandemic, this might become a major issue.
Ransomware gangs like HelloKitty, BlackMatter, and REvil have been detected attacking Linux via ESXi servers using ELF encryptors in the last few months. The PYSA ransomware gang has recently added Linux support. Meanwhile, experts are discovering new and more complex Linux malware families, adding to the already-growing list of issues. Working ahead of time to counter these threats is more important than ever.
The security community will be the next target of nation-state attackers
Over the past year, nation-state hackers have been detected attempting to steal zero-days from vulnerability researchers. Although these attacks were luckily thwarted, there is little reason to rejoice. These attacks will almost certainly continue through 2022, and potential targets must stay watchful. Cybercriminals are increasingly interested in the information, tools, and threat intelligence collected by private security companies. As a result, offensive research products will be valued more, making them a more attractive target for attackers.
The use of initial access brokerage and cryptojacking techniques will continue
Although information is a valuable target, many cloud attacks are motivated mostly by financial gain. Cryptomining and initial access brokerage will continue to be the two key sources of revenue for hackers in 2022.
Each method has its own set of benefits and drawbacks. Profit can be made in real time using cryptojacking and cryptomining if an attacker can stay undetected in the cloud environment. Desired profit may take longer to achieve on the initial access brokerage (IAB) side. At the same time, IAB takes a more risk-averse approach: it makes no difference how long a customer stays in the cloud. Crypto attacks will continue as long as cryptomining is profitable, as will the initial access brokers who can facilitate these activities.
Insider threats will increase
Threat actors targeting individual employees have increased dramatically in the past year. These hackers frequently try to recruit these employees for insider operations. Internal defection is now more than ever a severe, growing issue, as seen by the record number of resignations in the technology sector in 2021, indicating high levels of employee unhappiness.
Hackers will keep attacking software supply chains
Although supply chain attacks are less common than the ones described above, they have the potential to wreak more damage. The possibility afforded by a successful supply chain breach makes it an appealing alternative, well worth an attacker’s time and effort. As a result, in 2022, there will be more software supply chain attacks by both criminal and nation-state actors.