It is that time again when organizations look ahead to understand the cybersecurity risks facing their operations in the new year to efficiently develop cybersecurity programs that align with business objectives. Unfortunately, the last couple of years reminded us that nothing lasts forever; the same goes for the cyber-threat landscape and actors that operate within its boundaries. Therefore, the tactics, techniques, and procedures (TTPs) leveraged by threat actors in 2021 will continue to evolve to uncover and exploit vulnerabilities in emerging technologies deployed across critical industries, including healthcare, financial services, government, etc.

Whether your organization plans to migrate to the cloud, leverage cybersecurity automation, or introduce open-source software algorithms, your operations are sure to attract both nation-state attackers and financially-motivated cybercriminals looking to capitalize on the evolving landscape in 2022. Therefore, our cybersecurity experts have developed this article to share some of the top five cybersecurity trends to expect in 2022 to help your organization effectively prepare and respond to the threat.

Top Five Cybersecurity Trends to Expect in 2022

1.   The weaponization of open-source (Linux-based) code libraries to lower the bar of entry

Security researchers noticed an increase in the usage of Linux-based, open-source firmware by organizations looking to support the demands placed on their technology supply chain infrastructure due to the soaring use of virtualized working environments. Surprisingly, the incorporation of open-source tools augmented many services for end-users. As a result, threat actors, such as Nobelium and Lazarus advanced persistent threat (APT) groups, resurfaced and focused their attack methodologies on targeting specific open-source tools. For instance, in 2021, we saw a barrage of customized malware, such as BLINDINGCAN, compromising widely used open-source software and firmware.

Although a community effort often manages open-source tools, threat actors have devised a clever way to infiltrate codebases used to deploy several open-source tools. In 2022, we expect this trend to mature with threat actors using automation to target software and firmware libraries to have a widespread impact. This action will make it easier for newer and less sophisticated threat actors to compromise many organizations, regardless of cybersecurity posture. In addition, the low entry barrier for entry could give cybersecurity experts sleepless nights.

2.   An increase in multi-jurisdictional privacy and cybersecurity laws and regulations

The dynamic cyber threats and their asymmetric attacks are difficult to predict. While law enforcement and other organizations are trying to define new defensive strategies, adopting an offensive approach to cybersecurity would help to mitigate large-scale cyber threats. There are multi-territorial cyber-privacy laws in full effect today, such as EU-GDPR; some of those laws only specific individuals based on residential location or citizenship. As such, threat actors have learned to exploit loopholes in such a limited implementation of cyber law.

However, due to widespread cases of destructive cybercriminal activities that impacted governments and corporations in 2021, security experts expect to see the unification of cyber law across multiple jurisdictions. Meaning, various countries with similar objectives will form an INTERPOL-like alliance to make it easier to capture, extradite, and persecute threat actors anywhere in the world – such an alliance could supersede the need for extradition treaties. While a multi-jurisdictional approach to combating cyber security and privacy issues would likely cause a geopolitical uproar, especially from China and Russia, Western governments will openly use cyber-offensive tools to disrupt threat actors.

3.   Heightened collaboration between state-sponsored attackers and ransomware groups to quickly disrupt critical sectors

Many cyber-incident responders assume that state-sponsored threat actors are far removed from financially-motivated cyber criminals due to the kind of targets they go after. However, the reality is that many state-sponsored threat actors tend to moonlight as financially-motivated cybercriminals to gain additional side income. For example, it is widely known that state-sponsored cyber attacks focus on disrupting critical national infrastructures for geopolitical gain. Meanwhile, financially-motivated cybercriminals are focused on stealing financial resources. However, security experts noticed that their tactics, techniques, and procedures (TTPs) are starting to mirror each other.

In 2021, state-sponsored threat actors leveraged ransomware codes into their attack methodologies to lure corporate targets with access to U.S. government classified access. Therefore, in 2022 security experts expect active collaborations and sharing of attack tools and TTPs between state-sponsored attacks and common ransomware groups. While state-sponsored attackers initiate their sophisticated TTPs to paralyze a target network, financially-motivated cybercriminals will swoop in to exploit any noticeable vulnerabilities.

Such robust collaboration will most likely include a coordinated sharing of initial access compromise tips, splitting of ransomware profits, and the widening of attack scope such that victims would be forced to worry about persistent and repeat attacks.

4.   Large scale use of artificial intelligence and cybersecurity automation in the threat landscape

The rapidly changing cyber-threat landscape is riddled with artificial intelligence (AI) advancements to increase the probability and impact of security incidents. Although threat actors will continue to circumvent AI-enabled capabilities, organizations must be ready to combat AI-enabled threats with AI-enabled security controls. Incorporating real-time detection, prevention, and correction capabilities into critical computing environments will allow your systems to analyze threat data quicker, interpret behavioral patterns accurately, and detect anomalies before they materialize into full-blown incidents. Therefore, we expect to see an increased use of AI and cybersecurity automation by threat actors and cybersecurity defenders alike. Artificial intelligence with intelligent decision-making and automation will level the playing field related to enterprise risk and vulnerability management operations.

5.   A radical shift to zero-trust to secure multi-cloud environments

The Zero-trust approach to data security consistently verifies each request and treats it as originating from an uncontrolled, unknown network. While cloud computing services provide a new paradigm to virtual business operations, organizations should expect to see a more divergent nature of incoming traffic from unknown sources attempting to access sensitive resources. Additionally, as many employees continue to work remotely, threat actors are expected to double-down on using unsecured home network vectors to access otherwise secure cloud resources.

However, explicitly verifying requests and using the least privileged approaches (technical controls and administrative controls) will be an essential cybersecurity best practice that will save the day. In addition, security experts would discover anomalies quicker by continuously confirming the safety and reliability of multi-cloud resources and all trusted endpoints. All in all, organizations must realign their security awareness training programs to meet the current attack methodologies being introduced in the threat landscape this new year.

Conclusion

Cybersecurity risks are here to stay. Today’s threat actors are in the business of collaborating at the highest levels to achieve a common goal. Unfortunately, such collaborative efforts tend to introduce very sophisticated cybersecurity attack methodologies, and the impact is felt on a broader scale. In 2021, Goldsky Security noticed some of the most interesting and shocking cybersecurity trends across various industries, and our security experts notified our respective clients. Such a proactive approach to cybersecurity risk management helped mitigate some of the most popular cyberattacks in 2021.

As we enter 2022, it is essential to note that cybersecurity threat actors have formed a coordinated framework, allowing them to share similar goals and objectives to disrupt, damage, and destroy critical assets. As a result, while small-to-midsize businesses remain the most targeted entity, decision-makers must understand that the sophistication of cyberattacks we expect to see in 2022 will not be mitigated using the security controls from 2021.

From the automated weaponization of open-source code libraries to the use of Internet of Things vulnerabilities to target other critical systems, the detective, preventive, and corrective security measures used to combat risks in 2022’s cyber-threat landscape must be laser-focused. All in all, implementing optimal managed security services, continuous monitoring, and robust risk assessment capabilities that evolve with the threat landscape will help maintain a fortified cybersecurity posture that supports your business objectives.