Toward a New Momentum: Trend Micro Security Predictions for 2022

Enterprises will ensure that cloud security basics are employed to defend their environments against a slew of cloud security threats and achieve a managed level of risk

Cloud attackers will both pivot and stay put; they will shift left to follow technology trends and continue to use tried-and-true attacks to wreak havoc on cloud adopters

The cloud empowers organizations to innovate, expand, and operate efficiently. And as more companies migrate to the cloud, it becomes an even bigger and more profitable target in the eyes of malicious actors. In the coming year, malicious actors will stay ahead by continuing to carry out low-effort yet high-impact attacks and launching ones that will use new trends in technology.

More companies are poised to start relying on software-as-a-service (SaaS) applications and solutions in 2022 for their operations. And malicious actors will continue to use the same tactics, techniques, and procedures (TTPs) to target a new crop of SaaS adopters. They will continue to use phishing emails to steal credentials, illicitly mine cryptocurrency, and abuse misconfigurations in cloud environments. On top of these, they will use the principles of the shift-left movement in their attacks to target DevOps tools and cloud integrated development environments (IDEs).

To keep cloud environments secure, enterprises should enforce the basics of cloud security, which include understanding and applying the shared responsibility model, using a well-architected framework, and bringing in the right level of expertise.

To remain protected against evolving ransomware threats, enterprises will set their sights on protecting their servers with stringent server-hardening and application control policies

Servers will be the main ransomware playground

Ransomware remains a major cyberthreat because of its ability to evolve consistently. From endpoints as primary entry points, ransomware operators are now focusing on exposed services and service-side compromises. Soon, hybrid work will become the preferred work setup for organizations, allowing employees to work flexibly from home and in the office. The increased attack surface will make it harder for security teams to immediately spot and stop ransomware attacks.

Based on the security incidents we have observed this year, we expect to see two major movements in how ransomware attacks will be waged in the coming year. Ransomware operators will launch increasingly targeted and highly prominent attacks. The TTPs will likely stay the same, but they will be used to go after more complex targets, ones that will possibly be bigger than the major targets in previous years. At the same time, ransomware operators will launch attacks that will use more modern and sophisticated methods of extortion. In terms of the primary means of extortion, the focus will veer away from denial of access to critical data in favor of leaking and mining stolen data for weaponization.

To protect critical systems and environments against ransomware attacks, enterprises should employ best practices for keeping servers secure and adhere to server-hardening guidelines for all pertinent operating systems and applications.

Security teams will need to be well-equipped to contend with malicious actors intent on repurposing older vulnerabilities and exploiting newly found ones in a matter of days, if not hours.

Made more vigilant by dealing with the record high of zero-day exploits found in 2021, enterprises will be on high alert for potential patch gaps as more vulnerabilities are expected to be unearthed

We anticipate an uptick in the number of zero-day exploits that will be found in the wild in the coming year, surpassing that of 2021. Malicious actors will attempt to outpace security teams by being on the lookout for released patches in 2022, using these as a means of zeroing in on recently publicized vulnerabilities, instead of searching for weak spots in IT infrastructures themselves. This will enable them to take advantage of newly uncovered flaws more efficiently and speed up the deployment of their exploits, underscoring the need for enterprises to prioritize closing patch gaps.

Vulnerabilities that were disclosed in past years will not lose traction among cybercriminals, who will continue repurposing them. We expect to see malicious actors planning to launch more blended attacks that will combine privilege escalation vulnerabilities with other disclosed flaws.

To help curb these threats that are bound to emerge from an increase in known vulnerabilities, enterprises must see to it that their IT security teams are well-equipped to properly practice asset management, perform virtual patching, and act on any security updates from vendors. For their part, cloud adopters must ready themselves with cloud-native security that can better protect the libraries on which their cloud-based projects are built.

Malicious actors will continue to think of smaller businesses as easy prey, but cloud-heavy SMBs will come prepared with security measures that can fend off commodity attacks

While all eyes are on ransomware, traditional commodity attacks and attacks-as-a-service will have time to innovate more sophisticated tools

We expect to see in the underground scene more affordable and advanced malware tools moving downstream to the commodity malware market, which will become a means for ransomware-as-a-service (RaaS) affiliates and novice cybercriminals to upgrade their arsenals.

The modular nature of these commoditized tools is such that many malicious actors need only develop custom malware to manage their partners when staging their attacks. Among the increasingly sophisticated commodity malware that we expect to see in 2022 is a new botnet-as-a-service, similar to the ZeuS botnet, that will be capable of compromising and seizing control of cloud-based and internet-of-things (IoT) platforms.

More commodity attacks will also be leveled against small- and medium-sized businesses (SMBs), which malicious actors will be sizing up as less conspicuous and less defended targets. Their limited financial resources will lead SMBs to prioritize the protection of their endpoints and networks first. However, SMBs whose critical operations rely heavily on the cloud will likely be vigilant of the risks that commodity attacks pose to their business and take steps to strengthen their security posture.

Enterprises will strive for improved network monitoring and visibility to safeguard their IT environments against threats arising from IoT adoption

Information associated with the IoT will become a hot commodity in the cybercriminal underground, spurring enterprises on to mind security gaps that might lead to data leakage or tampering

As more organizations fast-track their digital transformations, we foresee the shift to hybrid work and the use of remote connection expanding the attack surfaces of enterprises whose employees will come to rely on connected devices in 2022. These companies will grapple with malicious actors seeking to take advantage of the computational limitations of devices connected to the IoT, driving them to employ security solutions that can help them keep track of their network activity, such as intrusion prevention and detection systems (IPSs/IDSs) and network detection and response (NDR) tools.

In 2022, the information associated with IoT-connected devices will be the next frontier for cybercriminals, who we expect will explore a number of ways to profit from the smart car data being sold by automakers to their commercial clientele. This is a business that is set to be worth as much as US$750 billion by 2030 — one we predict will create a demand in the underground for illegal data filters that can block risk data reporting or criminals for hire who can erase data from a smart car’s driving records.

To protect this data from being compromised, the automobile industry and security vendors will have to work together in 2022 to make inroads toward the development of an operating system that can become the industry standard for all connected cars, which, in turn, will help standardize their security features.

As they focus on making their supply chains more robust via diversification and regionalization, enterprises will implement zero trust principles to keep their environments more secure

Global supply chains will be in the crosshairs of fourfold extortion techniques as companies evolve their supply chain operations

The onset of the global pandemic demonstrated how vulnerable supply chains had been — and cybercriminals were quick to take notice of the global supply chain disruption and take advantage of the security gaps that ensued. This year, we have seen interconnected ransomware and supply chain attacks on high-profile victims, notably the IT management platform Kaseya.

In 2022, access-as-a-service (AaaS) brokers will shift their focus on vulnerable supply chains. Once companies’ environments are compromised, AaaS brokers can sell critical credentials to cybercriminals. There will also be a surge in the quadruple extortion model that will be used to strong-arm victims into paying up: holding a victim’s critical data for ransom, threatening to leak the data and publicize the breach, threatening to go after the victim’s customers, and attacking the victim’s supply chain or partner vendors.

As companies invest in their supply chain development processes via diversification, they might also be unwittingly opening their doors to security risks. These new vendors might offer cloud applications and services with security policies that might not be fully up to par or might not prioritize cloud security at all.

To keep companies secure as they move forward with their supply chain resiliency strategies, they should apply the zero trust approach in their security practices.