McAfee and FireEye Release 2022 Threat Predictions for Enterprises

McAfee Enterprise and FireEye have released their 2022 Threat Predictions, analyzing the threat vectors that continue to impact enterprises and will wreak even deeper havoc across the globe in 2022. As adversaries learn from the successful attacks of 2021, they will further their expertise on ransomware, social media trickery, and the continued dependence of organizations on a remote workforce.

“Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes – from ransomware to nation-states – and we don’t anticipate that changing in 2022,” said Raj Samani, fellow and chief scientist of the combined company. “With the evolving threat landscape and the continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information.”

 2022 Predictions:

1. Social media easy bait to mark targets: Social media will continue to be a platform of choice for hackers for infiltrating organizations for their criminal gain. Hackers are spending more time on target research and establishing fake profiles to ensure fruitful attacks. Targeting of individuals has proven to be a very successful channel, and the use of this vector could grow not only through espionage groups but also other threat actors.
2. Nation-states turn to hackers for hire: It has been noticed that states are hiring cybercriminals to initiate malware attacks. In many cases, a start-up company is formed, and a web of front companies or existing “technology” companies are involved in operations that are directed and controlled by the countries’ intelligence ministries. In May 2021, for example, the U.S. government charged four Chinese nationals who were working for state-owned front companies. The front companies facilitated hackers to create malware, attack targets of interest to gain business intelligence, trade secrets, and information about sensitive technologies.
3. Game of Ransomware Thrones: Self-reliant cybercrime groups will increase and shift the balance of power within the Ransomware-as-a-Service (RaaS) eco-kingdom from those who control the ransomware to those who control the victim’s networks. Ransomware has generated billions of dollars in recent years, and it’s only a matter of time before some individuals who believe they aren’t getting their fair share become unhappy.
4. The growth of smaller affiliates: For a long time, RaaS admins and developers were prioritized as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.
5. Keep A Close Eye on API: Onset of 5G network and IoT traffic between API services and apps are lucrative targets, causing unwanted exposure of information. The network, being relatively new, is open to exposure and vulnerabilities. In most cases, attacks targeting APIs go undetected as they are generally considered trusted paths and lack the same level of governance and security controls.
6. Hijackers Will Target Your Application Containers: Containers have become the de-facto platform of modern cloud applications. However, the accelerated use of containers increases the attack surface for an organization. The exploitation of public-facing applications (MITRE T1190) is a technique often used by APT and Ransomware groups. The Cloud Security Alliance (CSA) identified multiple container risk groups, including Image, Orchestrator, Registry, Container, Host OS, and Hardware.
7. Zero Cares About Zero-Days: 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. The scope of these exploitations, the diversity of targeted applications, and ultimately the consequences to organizations were all notable. As we look to 2022, we expect these factors to drive an increase in the speed at which organizations respond. The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch.

2020 and 2021 were witnesses to organizations falling prey to increased ransomware attacks through social engineering trickery, posing as cybersecurity firms for penetration testing and instigating malicious attacks on the network, ransomware attacks, vulnerable 5G networks, and IoT devices, cloud containers, and zero-day vulnerabilities. The report does provide a realistic peek into the looming threat landscape as we move towards 2022.

As reported, the rollout of 5G technologies has accelerated the proliferation of IoT and smart devices around the world, making unsuspecting recruits available for botnet armies to launch crushing attacks on a massive scale. Similarly, a survey “State of DevSecOps,” from Accurics revealed that misconfigured cloud storage services in 93% of cloud deployments led to over 200 breaches in the past two years, exposing more than 30 billion records.  It also stressed that cloud data breaches are expected to increase in both velocity and scale.

Organizations and essential services across the spectrum must proactively evaluate their security posture in the light of the past successful attacks and take a cue to fix the vulnerabilities, increase employee awareness and not let their guard down.