As the new year approaches, get ready for grim forecasts extrapolated from the past two cyber-tumultuous years.

After a cyber-eventful year, as we approach the next 12 months, it is time for cyber predictions again.

McAfee Enterprise and FireEye—recently acquired by Symphony Technology Group—have released their forecasts, examining the top cybersecurity threats they predict enterprises will face in 2022.

Bad actors have taken note of successful tactics from 2021, including those making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce. We expect them to pivot those into next years’ campaigns and grow in sophistication, wielding the potential to wreak more havoc across the globe. Skilled engineers and security architects from the recently combined entity offer a preview of how the threat landscape might look in 2022 and how these new or evolving threats could potentially impact enterprises, countries, and civilians.

According to Raj Samani, fellow and chief scientist of the combined company: “Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new schemes from ransomware to nation states—and we don’t anticipate that changing in 2022. With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information.”

Mandiant, the only brand left of the original FireEye stable, has also supplied its 2022 forecasts here…

McAfee Enterprise / FireEye 2022 predictions

  1. Nation state threats #1: Thesepowerful agencies will weaponize social media to target more enterprise professionals, looking to infiltrate organizations for criminal and political gain.
  2. Nation state threats #2: Toincrease their offensive operations, these resource-rich agencies will increase leverage of cybercriminals, and will prompt organizations to audit network and user visibility and learn from every incident linked to affected sectors.
  3. Ransomware landscape trend #1: Self-reliant cybercrime groups (i.e., those not controlled by external parties) will shift the balance of power within the RaaS eco-kingdom from those who control the ransomware to those who control the victims’ networks.
  4. Ransomware landscape trend #1: Less-skilled ransomware operators will not have to bend their knees in the RaaS-model power shift, as they leverage the expertise encoded by more skilled ransomware developers.
  5. Connectivity technology threat: 5G and IoT traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information.
  6. Container technology threat: Hijackers will target application containers—expanded exploitation of containers and vulnerable applications will lead to endpoint resource takeovers.
  7. Vulnerability patching trend: The time for cybercriminals to repurpose vulnerabilities into working exploits will be measured in hours… not days. Organizations will have to shorten their time-to-patch cycles or be targeted.

2020 cyber landscape predictions from Mandiant

  1. Expect more mal-creativity: Threat actors will continue to find more ways to extort ransom payments  from victims and ramp up new tactics.
  2. Stolen data will still be published: Ransomware victims will still continue to pay millions of dollars to keep stolen data from being published, but this will increasingly not stop the publication of sensitive data. Furthermore, governmental intervention to stop ransom payments may backfire or increase negative outcomes for ransomware victims.
  3. Critical infrastructure continue to be targeted: Threat actors will continue to explore the Operational Technology space in 2022 and increasingly use ransomware in their attacks. 
  4. Political cyber incident trend #1: With the assertion of Taliban control and departure of US forces from Afghanistan, further cyber espionage and information operations can be expected 
  5. Political cyber incident trend #2: North Korea is expected to flex its already strong cyber capabilities to make up for its lack of other instruments of power.
  6. Deepfakes will go deeper: Criminals will have greater access to this technologyand beyond, and will increasingly integrate manipulated media into their operations to boost social engineering prowess.
  7. IoT vulnerability-overload expected: The number of vulnerabilities IoT devices will introduce in software and hardware will make it hard for bug hunters to keep up.
  8. More breaches will be made public: Historically,databreaches in the Asia Pacific and Japan region have been kept out of the public eye through various private means, but this coming year, an expected surge in multifaceted extortion may defy historical trends.

Watch out for the Big Four cyber states

Russia: Its bad actors will continue their aggressive posture on targeting NATO, Eastern Europe, Ukraine, Afghanistan and the energy sector. The US government attributed the infamous SolarWinds supply chain compromise incident) to Russia, which demonstrates Russia has the ability to achieve widespread impact. Supply chain and software supply chain environments will continue to be targeted by Russia next year. Additionally, the SolarWinds attack involving manipulation of authentication methods in hybrid cloud/on-premises environments highlights innovative tactics show that the level of sophistication and scope of Russian operations will expand.

Iran: Iran will use its cyber tools in a much more aggressive manner to promote regional interests.

Information operations attributed by the US to Iran in 2020 and 2021 have demonstrated more aggressive tactics than previously seen. Iran will also continue to target Israel and others in the Middle East. They have shown their capability and willingness to use destructive malware, so they will take advantage of any opportunities that are presented. Ultimately, expect to see Iran trying to create more of a power balance shifted to its own interests in nearby regions throughout next year.

China: China will continue to be very aggressive, supporting the Belt and Road Initiative using cyber espionage. Now that the Ministry of State Security (MSS) and the People’s Liberation Army (PLA) have completed most of their reorganization, their operations are going to become much more focused. China has shown a willingness to scale their operations and take steps that they were previously unwilling to take. As geopolitical tensions continue to rise, the big question is “When are we going to see China flex some of her known but as-yet-unused destructive capabilities?”

North Korea: With its geographical, international and financial challenges, the country is willing to take a lot of risks. In 2022, expect to see the Kim regime flex its cyber capabilities to make up for its lack of other instruments of national power.

CybersecAsia thanks the cybersecurity firms above for their insights.