How many articles have you read that started with some variation of “the COVID-19 pandemic accelerated digital transformation?” This concept isn’t new, but you may be wondering how these sudden changes will impact security. We’ll explore Trend Micro Research’s predictions for 2022 and the impact on DevSecOps—the cultural approach that helps you build secure apps as quick as you can say “the COVID-19 pandemic accelerated digital transformation.”
Cybercrime in the cloud
Due to the sudden move to work-from-home (WFH), companies were forced to swiftly migrate to the cloud. Gartner predicts that global cloud services spending will reach over $482 billion in 2022, a 54% increase from 2020. With increased spend and usership, cybercriminals are sure to migrate their attacks to the cloud.
While cybercriminals will continue to target employees in phishing and BEC scams to gain credentials and access to the company’s servers, we expect more cybercriminals to bypass the human attack vector and target the infrastructure directly by exploiting known vulnerabilities that are traded and sold in underground markets. Patch management will be crucial, but no need to cringe, this doesn’t necessarily mean more work for you. Security teams can leverage automated virtual patching to keep systems protected—especially those which no longer receive updates.
We also predict that cybercriminal groups will target the cloud’s vast computing power to mine cryptocurrency as more digital currencies emerge. Keep an eye on your resources—if you are using a security service with a pay-for-use structure, big spikes in your bill could point to cryptojacking.
Lastly, expect malicious actors to continue targeting DevOps tools and pipelines. According to a ThycoticCentrify report, "57% of organisations suffered security incidents related to exposed secrets in DevOps.” As DevSecOps teams shift left, evidently cybercriminals are following suit by waging more campaigns on supply chains, Kubernetes environments, infrastructure-as-code (IaC) deployments, and pipelines. Since developers’ token and passwords hold the keys to a company’s operations, we expect to see developers and build systems serve as an initial entry point for attackers.
While malicious actors may be trying out new tricks, DevSecOps teams can rely on the fundamental security guidelines to secure their cloud environment. Here are some effective tried and true security practices:
- Stronger patch management via automation
- Adhering to the principle of least privilege
- Understanding the shared responsibility model
- Monitoring and managing open source code
- Continual configuration scans and system audits
- Tracking usage of cloud-based resources and services
Zero Day Exploits
2021 was a record year for zero-day exploits; 770 vulnerabilities were detected in the first six months—more than any other year on record. Some may be quick to point fingers at code quality, but it’s likely other factors are responsible, such as growing media interest in covering lucrative exploits “inspiring” more cybercriminals to get into the vulnerability hunting game.
Malicious actors have also pivoted their techniques from studying code for flaws to exploiting the patch gap. After they’ve identified potential unpatched holes in the system, cybercriminals can tailor their malware code. We also predict the rise of a dedicated “watchdog” on the lookout for any disclosed vulnerabilities and deployed patches within specific companies, helping cybercriminals expedite their attacks.
Although we don’t solely blame weak code for the anticipated rise in zero-day attacks, DevSecOps teams need to continue improving open source code management. Leveraging legitimate and trustworthy vulnerability databases in tandem with security tools with automated open source code scanning capabilities is the simplest way to keep your code clean.
Security teams can do their part by regular inventory checks and monitoring security updates from vendors so they can deploy virtual patches as quickly as possible.
Connected Cars
AUX cords are almost obsolete, with most new models providing wireless Apple CarPlay or Android Auto features. Hyperconnected cars will be a target for malicious actors in 2022, as they can ransom the large amounts of valuable data collected by cameras, lasers, and other sensors. The demand for smart car information is already a substantial business and the supply is keeping pace; Toyota forecasts that connected cars will produce 10 exabytes of data per month.
Further to turning a hefty profit, we predict an increase in demand for illegal data filters that can block the reporting of risk data, or hackers will be able to clear any bad driving behaviour collected by the smart car.
We’ve also seen enterprises transitioning more complex data-collecting tasks to the cloud. Many applications and system used by newer models are already hosted on back-end cloud servers. While this streamlines operations, it also exposes carmakers to other threats like denial-of-service (DoS) and man-in-the-middle (MitM) attacks.
A strong vendor partnership is vital to secure, and future-proof connected cars. Initiatives like Open EV Software Platform, spearheaded by the Mobility in Harmony (MIH) Consortium and its partners, Arm, Microsoft, and Trend Micro are the start to creating a strong foundation for the car industry to develop a dedicated operating system for smart vehicles.
If you’re in the automotive industry, developer and security teams should conduct a full inventory of applications and systems that could be compromised. Once everyone is on the same page about what needs to be protected, carefully choose a security vendor that has the tools capable of meeting security needs without slowing down developers or forcing them to start at square one. Integration into existing architectures and services is key for developers to continue building on pace with the evolving connected car industry.
Next steps
Here are our overarching cybersecurity strategy recommendations for DevSecOps teams going into 2022:
- Go back to security fundamentals: We’re talking about the shared responsibility model, AWS and Azure Well-Architected frameworks, open source code scanning, and automating configuration checks.
- Harden server security and access control: Surprisingly, the janitor does not need access to your most top-secret projects. Only give access to those who need it to do their job.
- Prioritize visibility: To help developers build secure apps, security teams need full visibility to make sure nothing malicious slipped in during the build process. Awareness of all cloud providers, accounts, and services minimises risks and misconfigurations.
Perhaps the most important recommendation is finding the right security tools and partners to consolidate and streamline security efforts as you continue to grow and evolve. Look into platforms with customisable APIs, robust third-party integrations, and automation. Just in case you don’t know where to start your search… take a look at our extensive Trend Micro Cloud One™ documentation.