Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.
For 2021, cybercriminals took advantage of the coronavirus pandemic, the ongoing shift to hybrid work and the vulnerability of organizations to ransomware. For 2022, we can expect more of the same as well as a host of worsening threats to keep us on our toes. A report released Tuesday by cyber threat intelligence provider Check Point looks at some of the security challenges that organizations will likely face next year.
SEE: Incident response policy (TechRepublic Premium)
Supply chain attacks will continue to grow. Cyberattacks no longer just impact the targeted organization but often have a ripple effect that harms partners, providers, customers and others along the supply chain. For 2022, Check Point expects that trend to escalate with more data breaches and malware infections. As supply chain attacks become more common, however, governments will start to devise regulations to better protect vulnerable networks. Expect greater collaboration between government officials and the private sector to identify and combat more cybercriminal groups that operate regionally and globally.
The cyber "cold war" will ramp up. The cyber cold war among different nations has been escalating, and that will intensify next year. More nation states and groups operating on their behalf will continue to try to destabilize rival countries and governments. Terrorist groups and activities will take advantage of better infrastructure and greater technological capabilities to launch more sophisticated attacks.
Data breaches will scale up. As data breaches scale up, organizations and governments will be forced to spend more money to recover from them, Check Point says. Following the record $40 million ransom payment paid by insurance giant CNA Financial this year, ransom demands are expected to continue to increase next year.
Misinformation campaigns will flourish. In 2021, misinformation and "fake news" surrounding the coronavirus pandemic and the efficacy of vaccines spread through social media and other venues. As one consequence, Dark Web cybercriminals turned a tidy profit by selling phony vaccine certificates to people who refused to get vaccinated. In 2022, fake news will continue to play a role in phishing campaigns and scams. Plus, expect to see propaganda and misinformation in advance of the US midterm elections in an attempt to influence voters.
SEE: 27 ways to reduce insider security threats (free PDF) (TechRepublic)
Deepfake technology will be weaponized. The tools needed to create fake but convincing videos and audios have become more advanced. Cybercriminals will increasingly use them to steal money, manipulate stock prices and sway the opinions of people via social media, Check Point says. As one example from 2020, attackers used technology to impersonate the voice of a director of a Hong Kong bank to trick a bank manager into transferring $35 million into their account.
Cryptocurrency will play a greater role in attacks. As money becomes more digital, criminals will increasingly find innovative ways to steal it. Following reports of stolen crypto wallets triggered by free airdropped NFTs, Check Point discovered that attackers could steal such wallets by exploiting security flaws. Expect more cryptocurrency-related attacks in 2022.
Criminals will exploit vulnerabilities in microservices. Microservices have become a more common method for application development and one supported by a greater number of cloud service providers (CSPs). But as with any popular trend, cybercriminals are taking advantage of vulnerabilities found in microservices to launch attacks. For 2022, expect more of these attacks targeting CSPs.
Mobile malware attacks will increase. As organizations shifted to remote and hybrid work in 2020 and 2021, criminals increasingly turned to mobile malware as an attack vector. In 2021, almost half of all organizations reviewed by Check Point had at least one employee who downloaded a malicious mobile app. With the growing use of mobile wallets and mobile payment services, attackers will continue to exploit the reliance on mobile devices.
Penetration tools will continue to be used in attacks. Though created to help organizations test their security defenses, penetration tools have been exploited by cybercriminals to help them launch more effective attacks. By customizing such tools, hackers have been able to target victims with ransomware. As this tactic continues to catch on, we'll see them used to carry out more data exfiltration and extortion attacks in 2022.
"In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations' supply chains and networks to achieve maximum disruption," Check Point Software research VP Maya Horowitz said in a blog post.
"Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks, including the most advanced ones," Horowitz added. "To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks."
- Cybersecurity: Don't blame employees—make them feel like part of the solution (TechRepublic)
- The security and privacy behind IBM's Digital Health Pass (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)