Lather. Rinse. Repeat. This seems to be the theme for cyber incidents we will see in 2022. More of the same we experienced in 2021 but with a few changes. Ransomware and multifaceted extortion scams will continue. These attacks will endure because they work. The rewards far outweigh any risks involved.
Some industry professionals expect to see more in-fighting between threat actors as they develop their business model of crime-as-a-service and hire crooks to write code and carry out attacks (see Ransomware-As-A-Service for a look at this practice). Data breaches are up and DDoS attacks are down this year. Don’t expect either one to disappear in 2022. There will be more breaches as a result of extortion tactics. Remember the Colonial Pipeline assault? Look for more cyber-related attacks on physical systems.
Attackers will find new ways to hide their bombs among victim’s networks. Internet of Things devices are now reaching their legacy and may provide vulnerabilities through unpatched or end-of-life systems.
Modern cloud applications offer benefits to organizations in terms of portability and speed, but with the increased use of application containers, there is also the potential for increases of the attack surface. Security professionals are expected to fortify their operations through the use of secure web gateways and zero trust networks. Consolidating, optimizing and risk management will come to the forefront of all organizations.
Organizations need to remain vigilant as the cyber security landscape is constantly morphing and developing.