SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
2022 cybersecurity predictions from CrowdStrike
Fri, 24th Dec 2021
FYI, this story is more than a year old

With 2022 set to be another year full of cybersecurity threats, CrowdStrike global CTO, Mike Sentonas predicts the most significant threats for the coming year.

Ransomware double extortion gives rise to 'extortion economy'

"This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold," says Sentonas.

"However, in 2022, we expect to see the extortion or exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion."

He says we're seeing an entire underground economy built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that's being held for ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data.

"Even if the threat actors can't get their ransomware to execute past the encryption stage, they'll pivot and find other ways to gain access to the data to sell for a profit anyway," he says.

"In today's world, if you get hit by ransomware, you can expect to get hit by double extortion. And, ransomware actors will continue to innovate and evolve to find new ways to monetise their victims."

Contain your containers

Sentonas says in recent years, we've seen an explosion in containers and container-based solutions.

"With the exponential rise in containers, we've seen a similar up tick in container-targeted threats," he says. "However, security for this innovative technology hasn't entirely caught on yet, as we continue to see them being deployed without proper security measures.

"With that, the rapid speed of deployment that containers offer will become a double-edged sword. The lack of vulnerability checks and misconfiguration checks, along with disparate teams involved in container deployments all contribute to a lack of security across the board."

Attack surfaces are ever-changing, and the threats to container deployments are increasing exponentially. Therefore, Sentonas believes we will see containers become a potential attack vector for organisations that don't recognise security as a key component of container deployment.

Adversaries set sights on supply chains

As recent high-profile attacks have shown this past year, supply chains are very much on adversaries' radar as a low-hanging attack vector. According to the 2021 CrowdStrike Global Security Attitudes Survey, more than three out of four respondents (77%) have suffered a supply chain attack to date, and 84% of respondents are fearful of the supply chain becoming one of the biggest cybersecurity threats in the next three years.

"While supply chain attacks are not necessarily new themselves, the recent rise in these types of attacks has essentially brought the genie out of the bottle," says Sentonas.

"Supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. In 2022, we likely haven't nearly yet seen the end of these attacks, and the implications for each one are significant for not only the victims but the victims' customers and partners up and down the chain."

China ramps up cyber activity against the APJ region

"Geopolitical tensions continue to sour between China and other APJ countries, and these tensions have spilt heavily over to the cyber world," says Sentonas.

"China-based threat actors have remained consistently active, targeting healthcare, defence, and other industries in APJ countries to support their 14th Five-Year Plan, Belt and Road Initiative (BRI), Made In China 2025, and other economic strategies."

Sentonas says the 2022 Beijing Winter Olympics could very well be a powder keg of nation-state cyber activity. He says we'll likely even see hacktivists engage in disruption and misinformation campaigns.

"Nation-state leaders will need to catalyse their cooperation with private sector security to stay one step ahead of potential Olympics-derived threats and prevent any major breaches to kick-off 2022."

Zero-day vulnerabilities cause 'patch panic' 

This year has been incredibly challenging for customer trust in legacy vendors. "This past year, we've seen vulnerability after vulnerability exposed, resulting in devastating attacks with no signs of stopping in 2022," says Sentonas.

"For example, 63% of 2021 CrowdStrike Global Security Attitude Survey respondents admitted their organisation is losing trust in Microsoft due to increasing attacks on trusted supply chain vendors.

"Zero-day vulnerabilities, in particular, will continue to drive legacy vendor security teams into "patch panic" mode as they frantically try to react and respond to these threats. This will inevitably drive a larger wedge between legacy vendors and their customers, as the latter will look elsewhere for solutions that can keep them on the front foot in proactively defending against the latest threats."