With the new year upon us, that means an escalating severity and frequency of ransomware and cyberattacks, according to FortiGuard Labs, the global threat intelligence and research team of Fortinet. These latest prognostications come as cybercriminals continue to evolve their tactics and techniques, becoming more like traditional advanced persistent threat (APT) groups.
As we move into 2022, these targets and the severity of cyberattacks will continue to evolve. Advanced Persistent Cybercrime (APC) techniques will mean more destructive attacks, with supply chain networks and critical infrastructure making compelling and high-impact targets as well as work-from-anywhere workers and learners.
According to the report, we can expect the following trends to manifest in the coming year:
More of the same – but much, much more
As a result of the COVID-19 pandemic the frequency of attacks rose to new levels and will continue to do so as we move forward in 2022. We will see more zero-day attacks as cyber adversaries seek new areas to exploit as work-from-anywhere continues, expanding the attack surface.
It’s important that organizations prepare for cybercriminals to target new attack vectors, including previously ignored platforms such as Linux, which runs network back-end systems, has been relatively ignored by the hacker community but now is attracting unwanted attention. This has implications for operational technology (OT) devices such as control systems, logic controllers, machine tools, and more.
The threats could even move to space, as researchers anticipate satellite networks will become an attractive target for new exploits. FortiGuard Labs anticipates new proof-of-concept (POC) threats targeting satellite internet networks will emerge. Organizations that rely on satellite-based connectivity for low-latency activities or for delivering services to remote locations could be targeted, as well as field offices, pipelines, or cruises and airlines. Since these are likely to connect with other networks, ransomware attacks are likely to follow.
The ransomware threat continues unabated
Ransomware increased more than ten-fold in 2021, and FortiGuard Lab researchers don’t see any sign of this trend subsiding. If anything, attacks will continue and increase in severity by combining ransomware with distributed denial-of-service attacks (DDoS) designed to overwhelm IT teams and security systems.
Another destructive addition is wiper malware, which can erase the hard drive of the device it infects and potentially destroy systems and hardware. This is an added cause for concern for emerging edge environments, critical infrastructure, and supply chains.
AI helps cybercriminals get smarter
Artificial Intelligence (AI) is already used to detect unusual behaviour that may indicate an attack, usually by botnets. But now, cybercriminals are also enlisting AI to thwart security efforts and mimic human activities. Security professionals will now also need to keep a lookout for deep fakes as these advanced applications continue to be commercialized. This could potentially lead to real-time impersonations over voice and video applications that could pass biometric analysis and authentication. The use of AI especially at the endpoint is critical for work-from-anywhere (WFA) users.
According to FortiGuard Labs, 2022 is shaping up to be a banner year for cybercriminals, with ransomware on the rise and an unprecedented number of attackers lining up to find a victim. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack.
This will be incredibly challenging because the attack surface will simultaneously be expanding as organizations transition to more hybrid environments and workspaces, adopt more AI and ML-based technologies, develop new connectivity options, and deploy additional business-critical applications and devices into the cloud. By understanding what the future may hold in relation to cyber threats, we give ourselves the best possible chance of defeating them.
Preparing for the year ahead
The challenge for defenders will go beyond the number of attacks or new techniques and adversaries will be exploring an even broader attack surface looking for opportunities. And these opportunities will come as networks continue to expand, driven by work-from-anywhere (WFA), remote learning, and new cloud services.
In addition to detailing anticipated attacks, the FortiGuard Labs report also offers solutions and countermeasures for organizations to employ.
- Defenders need to avoid siloed teams and tools. A Security Fabric platform built on a cybersecurity mesh architecture is one way to limit siloes and create greater visibility across the entire distributed network.
- There are other ways defenders can stay ahead of cybercriminals. Leveraging AI and machine learning (ML) can accelerate threat prevention, detection and response, and deploying advanced endpoint detection and response (EDR) can help identify malicious or suspicious behaviours.
- By implementing zero-trust network access (ZTNA) (i.e: a simple, automatic secure remote access that verifies who and what is on your network and secures application access no matter where users are located), defenders can help secure application access and extend those protections to mobile uses, and by adding Secure SD-WAN they can protect the ever-expanding edge.
- Restricting lateral movement of cybercriminals that manage to access a network can be done through segmentation, which allows defenders to restrict an attack to only a portion of the network.
Most of the threats predicted for 2022 represent extensions of the threats we face today – just faster, harder to detect, and more aggressive. If organizations can implement security strategies today that establish a baseline of normal operations, it will become easier to detect and respond to unusual activity. Achieving this baseline state requires integrated, smart solutions that can access real-time threat intelligence, detect threat patterns and anomalies, and automatically initiate a coordinated response, all at the speed of business. Addressing tomorrow’s threats requires the implementation of an adaptive, automated, fast, and fully integrated security strategy today.