From HAFNIUM’s attack on Microsoft Exchange servers to the Colonial Pipeline ransomware attack that disrupted fuel deliveries, 2021 witnessed an increasing number and variety of cyber threats. Coupled with the challenges of securing a remote workforce, it’s become more challenging than ever for organizations to protect data and ensure the uptime of services.

The threat landscape is going to evolve and expand at pace in the year ahead. We should expect to see ransomware gangs continue putting lives at risk, the weaponization of firmware exploits and much more. Here are four key cybersecurity trends organizations need to be prepared for in 2022.

Continued commodification of software supply chain attacks could result in more high-profile targets

The Kaseya breach, which impacted over 1,500 companies, demonstrated how supply chain attacks can be monetized. As a result, it is likely that supply chain threats will rise over the next year, and we will see the continued commoditization of the tactics, techniques and procedures (TTPs) used to conduct such attacks.

Threat actors will search for weak links in software supply chains and target widely used software. Both small- to medium-sized businesses (SMBs) and high-profile victims may be targeted. The Kaseya attack should be a wakeup call to all independent software vendors (ISVs) that even if their customer base doesn’t consist of enterprise and government customers, they can still be caught in the crosshairs of attackers looking to exploit their customers. Now that this blueprint is in place, we could see these types of attack become more widespread in the year ahead.

Ransomware gangs could put lives at risk and engage in “pile-ons” 

Ransomware will continue to be a major risk in 2022, with victims potentially being hit more than once. The method will be akin to “social media pile-ons” — once an organization is shown to have paid a ransom, others will pile on to get their share of the action. In some instances, threat actors will hit a company multiple times — doubling or even tripling extortion rackets.

Ransomware operators will almost certainly intensify how they pressure victims into paying ransoms. Beyond data leak websites, attackers will use increasingly varied extortion methods, such as contacting customers and business associates of victim organizations. 

Threat actors could also focus on hitting certain industries that have a higher likelihood of payment such as healthcare firms and organizations in the critical infrastructure sector. Attackers may well target high-risk devices such as critical medical support systems and their supporting infrastructure, where the risk of significant harm will be highest and therefore a payout will come quickly.

Weaponization of firmware attacks will lower the bar for entry

Firmware provides a fertile opportunity for cyberattackers looking to gain long-term persistence or perform destructive attacks. The security of firmware is frequently neglected by organizations, with much lower levels of patching observed. 

In the last year we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously these types of cyberattacks were only used by nation-state actors. In the next 12 months, we can expect to see the TTPs for targeting firmware trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks.

The lack of visibility and control over firmware security will exacerbate this issue. Certain industries where these attacks could be more probable should start thinking about the risks posed by low-level malware and exploits.

Hybrid work will create more opportunities to attack users

The shift to hybrid work will continue to create problems for organizational security. The volume of unmanaged and unsecure devices has created a wider attack surface. Threat actors could start to target the homes and personal networks of top executives or even government officials, as these networks are easier to compromise than traditional enterprise environments.

Phishing will remain an ever-present threat in the era of hybrid work. The line between personal and professional has been blurred, with employees using home devices for work or corporate devices for personal tasks. This will continue, and it’s likely there will be an increase in phishing attacks targeting both corporate and personal email accounts, doubling attackers’ chances of a successful attack. 

High-profile sporting events will present new opportunities to lure users to click on malicious content. For example, the Winter Olympics in Beijing and FIFA World Cup in Qatar both give threat actors plenty of scope for exploitation. Such large events attract opportunistic attacks, be it a direct attack on organizers, sponsors, participants and fans or exploited as phishing lures for malware and ransomware campaigns targeted at users. Organizations need to educate their workforce on the risks and enforce technical controls to prevent compromise.

A new approach to security is needed

The rise of hybrid working and continued innovation from threat actors means 2022 has plenty of nasty surprises in store. As a result, a fresh approach to secure the future of work is required.

Cybersecurity leaders should focus on protection where it is needed most: the endpoint. Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust — least privilege access, isolation, mandatory access control and strong identity management.