SlideShare ist ein Scribd-Unternehmen logo
1 von 29
Downloaden Sie, um offline zu lesen
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 1
PREDICTIONS 2022
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 2
PREFACE:
2021 FACTORS WITH LIKELY IMPACT IN 2022 .........3
EXECUTIVE SUMMARY.............................................6
TOP 10 THREATS AND RISKS PREDICTION ..............7
1. Arming of IoT / IIoT and
Operational Technology (OT) for Cybercrime.....................8
2. Cybercrime Becomes ‘Investment-Worthy’........................12
3. Cybercriminals Will Embark on Kinetiic Cyberattacks........13
4. The War for Intellectual Property Will Take Place on the
Wire.........................................................................................15
5. Cyberwarfare will be Mainstream .......................................10
6. Ransomware Menace to Continue.....................................16
7. Hijacking of Mobile Devices for Ransom.............................18
8. From Data Exfiltration to Confiscation of Data...................19
9. ICybercriminals Will Be More Interested in Behavioral and
Transaction Data...................................................................21
10. State-Sponsored Groups Look for More Collaboration......22
RECAP....................................................................25
RECOMMENDED ACTIONS....................................27
TABLE OF CONTENTS
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 3
PREFACE:
2021 FACTORS WITH LIKELY IMPACT IN 2022
As 2021 draws to a close we have seen a dramatic increase in the attention paid by law
enforcement to ransomware groups. There were arrests of actors linked to REvil, Clop, and
the seizure of funds linked to ransomware attacks. Coupled with this we have seen the
United States update advisories on the potential sanctions risks to making or facilitating
ransomware payments. This year also witnessed law enforcement and several security
researchers identify real-world IP addresses for darknet Data Leak Sites and subsequently
take them down. However, the rate of new data leak sites emerging far outpaces the
speed of busting these cybercrime syndicates.
Furthermore, Mark Zuckerberg’s
announcement of ‘The Metaverse’ has
caused an equal measure of excitement
and derision. An interesting
development herein is the purchase of
digital space for the first digital embassy
by the island nation of Barbados. This
new digital presence creates an
interesting attack surface for
cybercriminals. As more organizations
(government and businesses) latch on to
the metaverse concept, it will not be
long before cybercriminals - both state-
sponsored groups as well as
opportunistic hackers - will seek out the
metaverse for new victims.
For instance, the opportunity to embarrass a nation-state by attacking their digital
embassy on a new social media platform would garner significant headlines and therefore
be an attractive target. While Mark Zuckerberg calls this the new chapter of the internet,
what we can expect is to see age-old problems with a new twist.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 4
It is important to remember that several other companies and organizations have
discussed their metaverses. While the level of interoperability between them is unknown,
however, we could expect an iOS and Android version of the Metaverse. We can imagine
the Android-like metaverse to be a wild west. With a lack of content control, we expect
to see imitation brands or shops acting as either a distribution vector for malware or more
simply phishing victim credentials.
Also, given that the Metaverse offers the opportunity to track behavioral activities and
patterns we are likely to see a brisk trade in this data. There is a huge commercial want
for such data. In terms of criminal use of this data, we can expect cybercriminals to exploit
this data for various malicious activities.
Moreover, in the hindsight the
widespread adoption of the Internet of
Things (IoT) and Industrial Internet of
Things (IIoT) has not only led to a surge in
connected devices; but also opened
several vulnerable entry points, of an
organization, which are being leveraged
by threat actors to access a gold mine of
data-carrying huge value from both
commercial and security point of view.
As the background chorus of cyberwar
going mainstream got stronger this year
with state-sponsored groups aiming for
better collaborations with cybercriminals,
the battleground for more lethal warfare
at the level of intellectual property has
also been prepared - and is likely to easily
pass into the year 2022. While intellectual
property warfare was always a matter of
concern, its full-blown effect has been
felt by the global community in the face
of COVID-19.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 5
Interestingly, at a time when the phrase
“war over the wire” has turned into a
cliché, it looks like cybercriminals have
taken upon themselves to give their
attacks a tinge of physical violence as
well. This shift from non-kinetic to kinetic
cyber-attacks is a trend that is still in a
nascent stage yet has the potential to
mature at a rather fast pace in the
upcoming years. Apart from this, behavior
and transaction data have also caught
the fancy of several threat actor groups.
This interest is particularly ominous given
that hijacking of mobile devices for
ransom and confiscation of data are
turning out to be the new norms for
cybercriminals as well as underground
communities.
And lastly, as cybercriminals turn more
professional in their attack execution and
behave like a legitimate industry –
cybercrime is transforming into a multi-
layered economy in itself. Moreover, as
the pandemic moves into its third year,
we expect that global fatigue will set in
and people will let their guard down,
providing opportunities for cybercriminals
to escalate their malicious activities.
Threat actors will keep exploiting COVID-
19 themes, especially new variants, and
vaccinations to craft social engineering
campaigns executed via both phishing
and vishing as well as malicious online ads
or fake ‘vaccine passports.’ The same
goes for continued working from home,
where users are easier targets than at
secured networks at the company’s
office.
CYFIRMA’ s cybersecurity
prediction for 2022 highlights
10 key developments which
are likely to transform the
way cybercrime will unfold
as the threat landscape
evolves.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 6
EXECUTIVE SUMMARY
While the world had to adapt to the new normal in 2021, cybercriminals upped the ante
to target employees working from home, COVID vaccine research, and a myriad of other
opportunistic targets to disrupt organizations’ supply chains and networks, propagate their
geopolitical agenda, amongst other nefarious objectives.
Ransomware proved to be a major disruptor, and the sophistication and scale of these
attacks made international news. In 2021, cybercriminal syndicates around the world
stepped away from the shadows and firmly took center stage.
In 2022, cybercriminals will
continue to evolve their modus
operandi – Attaining greater
sophistication and modifying
their tactics, techniques, and
procedures to outsmart the
cyber defenders.
With the development and
wider adoption of radical new
technologies like 5G,
cryptocurrencies, industrial
robotics, etc., Attackers will find
renewed motivation to diversify,
with attacks that are not easy to
foresee and difficult to mitigate.
In simple terms, cyber defenders
will quickly realize the inevitable
fact: No surface is out of the
cybercriminals’ reach and
influence!
Organizations – already stretched to their
limits due to the prolonged COVID-19
orchestrated conditions – will be forced to be
more aware of security issues brewing in their
threat landscape, and will be compelled to
leverage resources that anticipate, identify,
and mitigate security issues targeting them
from a variety of angles.
As the number and complexity of security
breaches continue to rise, we advise
organizations to introduce new mandates to
protect their customers, create new
synergies with their vendors, subsidiaries,
supply chains, and firmly place cybersecurity
at the center of their business decisions.
Against this backdrop, CYFIRMA presents its
cybersecurity predictions for 2022.
Based on CYFIRMA’s research, this report
highlights 10 prominent trends and shifts that
are likely to take precedence which
businesses and technology leaders, should
consider as they build their roadmap for the
coming years.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 7
TOP 10
THREATS AND RISKS PREDICTION
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 8
1. Arming of IoT / IIoT and
Operational Technology (OT) for Cybercrime
Hypothesis
The number of connected devices (IOT/IIOT) to hit 15 billion in 2022, 27 billion in 2025.
Together with rise of cellular IOT devices connected over 5G, this means the footprint of
potential access points for cybercriminals grows dramatically. From smart homes and
offices to industrial deployments.
Analysis
While legislations, standards and certifications are coming, 2022 will remain a wild west in
this regard and leave many IOT/IIOT lacking proper security.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 9
Some notable trends observed:
 Several devices were added without
adequate testing for vulnerabilities,
and addressing inherent security
concerns, especially in convergence
with legacy OT environment.
 As new use cases emerge by the hour,
IoT/IIoT is making deep inroads into
new verticals, both within OT and IT
applications.
 More data from IoT/IIoT projects is
making its way into data dumps across
various channels.
 Technology at the edge is increasing
where the processing of data out to
where it is required which provides
business benefits. This has increased
the wide expanse and processing of
business data.
 Chips shortage forcing some
manufacturers to buy dubious, less
secure, and even potentially
backdoored chips from unproven
sources.
Takeaway
In 2022 we will continue to see an increase in business adopting of IoT/IIoT devices and
increased number within our homes. We will see the attacks on IoT/IIoT and its continued
convergence of OT devices, edge computing devices - where data is operated on as
close as possible to the point it is collected, as well as a centralized cloud infrastructure
that is vulnerable. Minimizing network exposure for all control system devices and/or
systems and ensuring that they are not accessible from the internet, will go a long way in
fool proofing critical infrastructure. Additionally, IoT/IIoT device manufacturers are
recommended to apply controls around Web APIs used to obtain Kalay UIDs, usernames,
and passwords, as this would decrease attackers' ability to access the data.
Hackers will leverage OT to orchestrate cybercrime. The development of ‘digital twins’ –
comprehensive digital simulations of entire buildings, cities and systems offer a treasure
trove of data and access points to those with nefarious intentions.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 10
2. Cybercrime becomes ‘investment-worthy’
Hypothesis
In 2022, we predict cybercrimes will be more specialized and targeted. As the whole
ecosystem of cybercriminals starts to behave like a legitimate industry with money pouring
in, ransomware operators are re-investing profits and hiring freelance developers to
improve the efficiency and capabilities of their products.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 11
Analysis
In recent times, we have witnessed several developments:
 Rise of specialized vendors such as
Initial Access Brokers (IABs) who
exclusively deal with stolen
accesses to organization’s network
 Large-scale advertising by
ransomware operators looking for
affiliated and freelancer
developers for a targeted
component to connect various
attack groups/scenarios
 An increasing trend of recruiting
insiders to deliberately compromise
their own organization’s security
 Cybercriminals luring security
professionals, pen-testers with fake
job ads, setting up fake companies;
to use their skills & expertise in
identifying weaknesses of target
organizations
Takeaway
 Cybercrime perpetrated losses are expected to increase exponentially
(> USD 10 Trillion) in the coming years.
 Large-scale and well-funded outsourcing, automation, and specialization
throughout 2022 and beyond will bring more efficient malicious operations to a
wider pool of target organizations. Breaches will on average penetrate deeper,
expose more critical systems, and cost severe damage to the impacted
organizations.
 Increased cyberattacks against entities and organizations will have a potential
impact on the target nation’s economy, GDP and growth trajectory.
Cybercrime will become tradeable, exchangeable and an investment-worthy asset class.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 12
3. Cybercriminals will embark on
kinetic cyberattacks
Hypothesis
Based on trends analysis of cyber-attacks in 2021, we have
reason to believe that cyber-attacks will escalate beyond
the current crop of non-violent or non-kinetic attacks and
exploit vulnerable information systems and processes. This will
serve two objectives: 1) Force the victims to be more open to
negotiations when faced with the prospect of real-world
damage, and 2) Enhance their credibility amongst peers and
finetune their ability to bring in big financial gains, cause the
maximum reputational damage, recruit affiliates, etc.
Analysis
There have been noticeable observations
where a particular nation-state is using
disputed territory as a warzone as a
testing ground for rapidly developing and
testing kinetic cyber-attacks.
Ever since the infamous Stuxnet worm to
the most recent Colonial Pipeline
incident, similar attacks have occurred
with physical damage inflicted on PLC
systems, ICS devices, water facilities,
hospitals, transportation systems, and
manufacturing plants.
Takeaway
We will see an increasing trend of cyber-
attacks targeting verticals like PLC
systems, ICS devices, critical
infrastructure, healthcare, and research
entities as cybercriminals look to
transcend the boundaries of cyber and
physical worlds.
Establishing a robust security posture that
is thoughtfully layered with a series of
security mechanisms and controls in the
network to protect the confidentiality,
integrity, and availability of critical data is
the foundation on which concrete cyber
defense can be built.
Geopolitical tensions, commercial
competition, and socio-economic
differences will trigger kinetic cyber-
attacks resulting in actual physical
damage and loss of lives.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 13
4. The war for Intellectual Property will take place on
the wire
Hypothesis
On a global geopolitical stage, cyber risk, intellectual property, and cyberwarfare have
always been and will continue to be interlinked. Many IP theft cyberattacks are directed
at the defense sector and critical infrastructure, including state-sponsored Threat actors
acting executing these for their monetary gain or at the behest of their state masters. The
COVID-19 pandemic has since changed this phenomenon as an increasing number of
attempts have also been made at health research and pharmaceutical companies.
Chinese and Russian state-sponsored hacking groups are the most active in wreaking
economic havoc through cyberespionage.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 14
Analysis
CYFIRMA’s detailed analysis of major recent breaches reveals a worrying trend of
cybercriminals leveraging a mix of classical attack techniques together with other cloud-
specific methods. Suspect nations are also looking to bypass the competition, be it in terms
of industrial might, social advancement, or as pioneers of innovation and technology, by
simply stealing the essential blueprint of these accomplishments from others. As an
example, for the past 3 years, we have been tracking a global reconnaissance campaign
dubbed "Vision 2025", suspected to be carried out by state-sponsored Chinese hackers to
establish China as the leader of innovation and manufacturing. This campaign’s foremost
aim is to exfiltrate IP, copyright, trade secrets, etc. to benefit local Chinese companies and
get one-up against their foreign rivals.
Takeaway
In 2022, more countries, especially those that are not bestowed with natural resources,
economic might or politically isolated, will choose to steal IP to achieve economic and
social goals.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 15
5. Cyberwarfare will be mainstream
Hypothesis
In the year 2022, cyber warfare will the go-
to approach to target other nations as it is
cost-effective, covert, effective, and
easily deniable. Corporate entities and
private players will be caught in the
crossfire with geo-political tensions
between major nations and major
geopolitical events taking place.
Analysis
 There is already an undeclared cyber-warfare between nations ongoing for quite some
time. Individual players have now joined the fray.
 Supply chain attacks have become the opportunity threat actors and cybercriminals
are starting to target to reap financial and geopolitical driven benefits. We have
increasingly observed such attacks on the high-tech industry ecosystem belonging to
semiconductors, energy, and pharmaceutical.
 Increased cyberattacks on the critical infrastructure of a nation continue, leaving
millions of its population helpless.
Takeaway
State-sponsored threat actors in collaboration with other groups and corporates will
continue to carry out espionage and cyber-attacks against targeted organizations and
countries. This will lead to changing power equations in the world with many new
partnerships mushrooming based on geopolitical needs and wants.
Cyberwarfare will no longer be restricted to nation states, business entities and private
players will adopt cyber espionage to advance commercial interest.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 16
6. Ransomware Menace to Continue
Hypothesis
Ransomware-as-a-service
(RaaS) is a thriving business
today because ransomware
syndicates can garner millions
of dollars in revenue by
targeting organizations almost
at will. The operators continue
to look for a new way to evade
actions by international law
enforcement and hide their
footprints.
Analysis
Ransomware cost the world approximately USD 20 billion in 2021. In 2021, almost 37% of all
businesses and organizations globally were hit by ransomware. Recovering from a
ransomware attack has cost businesses USD 1.85 million on average in 2021. Out of all
ransomware victims, 32% pay the ransom, but they only get 65% of their data back.
Approximately 57% of businesses are successful in recovering their data using a backup.
Ransomware operators have since upgraded to following a four-layered approach of
targeting organizations that includes:
 Infiltrate into the target
organization’s network.
 Exfiltrate and encrypt data.
 Demand ransom and “Name &
Shame”.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 17
 Leave behind footprints in the
targeted organizations to return
and attack again.
Some noticeable trends could include:
 Ransomware will use IoT as entry points - IoT devices are everywhere these days and
researchers have predicted that there will be over 25 billion of them by next year.
That’s a vast number of devices the adversaries can target as a gateway for
nefarious purposes. In many instances, IoT misconfigurations like unchanged default
settings or unwanted services still being enabled, leave devices vulnerable and
exposed to attacks.
 Ransomware will increasingly target third-party software - Ransomware operators
will not necessarily always attack organizations or their systems directly. Increasingly,
hackers will target supply chain software, including remote monitoring and
management software, as in the case of Kaseya and SolarWinds, or by exploiting
widespread TCP/IP stack vulnerabilities or the latest log4j vulnerability that was
patched in December 2021.
 Ransomware will focus on Operational Technology - Still for many organizations,
operational technology (OT) has mostly flown under the cybersecurity radar in the
past. But the cyberattack against Colonial Pipeline in 2021 has dramatically
changed this. While IT systems under attack are bad, compromised OT systems are
even worse as they allow ransomware operators to halt operations and almost
instantaneously bring organizations to a complete standstill. Once companies get
locked out of their systems and ransom demands are made, there is very little
organizations can do to reverse this, other than to pay up.
Takeaway
Given the high profitability of RaaS, ransomware attacks are only going to escalate in near
future. Payouts in six to seven figures have sparked a new gold rush. This is feeding a vicious
cycle where more and more resources are invested into developing increasingly
sophisticated code. The development of Linux variants targeting infrastructure and
backup solutions promises future attacks to be increasingly crippling for their victims. The
need for active cyber defense and fast actionable intelligence is going to be a must to
prevent both initial access brokers and ransomware groups from breaching networks.
Ransomware will use IoT as entry points, targeting third-party software and operational
technology.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 18
7. Hijacking of Mobile Devices for Ransom
Hypothesis
Mobile devices will continue to attract
more attention in 2022 by both
cybercriminals and nation-states threat
actors. They are a perfect spying bug
attached to a treasure chest of valuable
data.
Stats and analytics:
 Unlike desktop platforms, the mobile
app lacks mature and robust
security checks to prevent and
detect phishing, C2 traffic,
credential theft, etc.
 Voice call (vishing) spamming, and
scams are on a rise, all messaging
apps are riddled with phishing and
spam aimed to steal credentials or
lure into installing malicious/fake
apps.
 Mobile Device Management
platforms are targeted in supply
chain attacks to get a foothold into
an organization’s networks.
Takeaway
Attacks on mobile-based devices and
operating systems like Android and iOS
will increase in 2022 as cybercriminals look
to implant look-alike/malicious
applications, exploit legitimate software.
Do not overlook and neglect mobile
security, enforce strict security policies,
limit numbers of apps installed on any
device and minimize surface used for
social engineering.
The mobile phone has become an
absolute necessity, directing every
aspect of our lives. In 2022, cybercriminals
will mount attacks to take over mobile
devices and demand ransom knowing
that many will succumb to the extortion
tactics.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 19
8. From Data Exfiltration to Confiscation of Data
Hypothesis
Taking inspiration from the RaaS business model and its success observed throughout 2021,
the small-time opportunistic cybercriminals from the underground communities are going
to follow in the footsteps of RaaS groups. Within the underground forums, the
cybercriminals who merely used to monetize their stolen data by way of leaking it into such
forums are now attempting to extort victim organizations before eventually putting the
data for sale to any potential buyer. This shift will likely put the small and medium-sized
businesses on the radar of cybercriminals who often are not on the target list of established
ransomware groups.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 20
Going forward targets are being carefully researched beyond just the reconnaissance of
corporate network, financials of potential victims are studied including associated
penalties for a breach, to set a ransom amount.
Analysis
CYFIRMA is observing a growing trend
where cybercriminals have had
unsuccessful extortion attempts for
ransom and ultimately turned to
monetizing the stolen data by selling it.
With most cyber-attacks, the worrisome
factor for business is being subject to data
exfiltration and permanent data
confiscation/deletion – which takes
organizations to a point of no return and
being forced to deal with cybercriminals
and their demands.
Takeaway
Cybercriminals will not only encrypt
victims’ data but also delete or destroy
sensitive and critical digital assets. The
disruption and damage inflicted can be
difficult to track making law enforcement
even more challenging.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 21
9. Cybercriminals will be more interested in Behavioral
and Transaction Data
Hypothesis
Threat actors are increasingly utilizing big-
data techniques to understand and
decipher the hidden traits of a society or
target victims to craft specifically tailored
campaigns for wider impact. This includes
social, political, financial objectives
leading to tangible outputs - financial
outcomes and non-tangible outputs -
fear-mongering, influencing the behavior
of a society, influencing political
outcomes.
Analysis
A recent example of priority placed by
cybercriminals on behavioral patterns
was observed when North Korean cyber-
criminals implanted behavior-based
malware using browser-based extensions
as part of their attacks on the Tokyo 2020
Olympics.
As the pandemic continues, people's
digital footprint has been increasingly
defined by social media and online
purchasing activities. The resultant trail of
information includes - behavioral hints
and consumers' personally identifiable
financial information (PIFI) – which
presents a lucrative opportunity for
cybercriminals.
Takeaway
As the pandemic continues, people's digital footprint has been increasingly defined by
social media and online purchasing activities. Data with behavioral hints and consumers'
personally identifiable financial information (PIFI) presents a lucrative opportunity for
cybercriminals.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 22
10. State-Sponsored Groups
Look for More Collaboration
Hypothesis
In 2022, we expect increased collaboration amongst threat actors.
 Chinese threat actors including state-sponsored outfits hiring North Korean groups
as part of HaaS for exfiltrating sensitive details from organizations in return for
financial benefits.
 Collaboration of Russian Groups (State-sponsored as well as Cybercriminals) with
Chinese threat actors under RaaS, possibly helping the Russians expand their attack
aside from their traditional targets, i.e., the US, and Europe.
 Increased collaboration among same-nation Hacker groups to realize the political
agenda of their state masters.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 23
Analysis
 CYFIRMA’s monitoring of dark web forums has revealed a trend of ransomware
operators teaming against the US and its allies’ interests to likely target them.
An example of one such case is provided below:

The above underground forum conversation loosely translates in English to:
“In our difficult and troubled times, when the US government is trying to fight us, I urge
all affiliate programs to stop competing. Unite and start to destroy the state sector of
the United States, show this dementia old man who is the boss who is the boss and will
be on the Internet. While our guys were dying on honeypots Sachkov from rude aibi
squeezed his own ... but he was rewarded with higher and now he will sit for treason,
so let's help our state fight such ghouls as cybersecurity firms that are sold to amers like
state structures of the USA, I urge you not to attack Chinese companies, because
where do we need to worry if our homeland suddenly turns its back on us, only to our
good neighbours - the Chinese! I believe that all zones in the US will cope all blacks
will go and **** this ****ing Biden in all the cracks, I myself will personally make efforts
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 24
 Threat actors have been observed evolving, innovating, and enhancing their
capabilities in the use of malware/ransomware, TTPs. They are suspected to have
done this by collaborating with other threat actors, sharing, and benefitting from
their experiences and skills.
 Of the campaigns tracked by CYFIRMA in 2021, in almost 25% we have observed
Russian ransomware groups hiring Chinese affiliated and vice-versa, under the RaaS
model.
 In 2021, we have also continued observing in 20% campaigns, North Korean hacking
groups hired by Chinese groups under the HaaS model.
Takeaway
 State-sponsored threat actors will find more ways of collaborating across boundaries
to further the political agenda of their state masters, and at times also justify their
domestic authoritarian policies for wider adoption.
 The trend of monitoring social media and the surface web to influence outcomes
based on key political events like elections will continue in a much wider manner
than previously observed.
Hacking groups will share infrastructure, tools, techniques and tradecraft making it more
difficult for cyber researchers to attribute threat actors to specific campaigns.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 25
.
RECAP
The cybercrime problem is escalating. Hacking activity is not just restricted to the
sophisticated and highly skilled computer genius.
The fast pace of technological innovation has had an unexpected outcome - lowering
of technical skill cap to conduct malicious attacks.
So-called “script kiddies” now have access to tools that only require the right targeting to
successfully get in and steal data or cause substantial damage. Furthermore, demand in
underground markets for stolen databases and initial access is booming, hence creating
financial incentives for more people to get into cybercrime.
Embrace External Threat Landscape management strategies to move from event-driven
reactive cybersecurity to intelligence-led predictive cyber posture management.
DeCYFIR:
External Threat Landscape Management Platform
DeCYFIR gives security leaders a unified view into six threat pillars –
ATTACK SURFACE
DISCOVERY
VULNERABILITY
INTELLIGENCE
BRAND
INTELLIGENCE
CYBER
INTELLIGENCE
DIGITAL RISK
PROTECTION
SITUATIONAL
AWARENESS
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 26
Based on the analysis of threat indicators collected from the deep web, dark web, hacker
forums and other closed communities, as well as CYFIRMA’s research, attacks are
predicted to use probability prediction models and analytics engines. By providing threat
intelligence from the outside, CYFIRMA can share early warning information when signs of
cyber-attacks are detected, enabling cyber teams to take rapid action to thwart
attempts at intellectual property theft, ransomware attacks, and other malicious activities.
The company’s unique perspective lies in its systematic approach of discovering threats
and producing personalized and predictive cyber-intelligence where six threat landscape
pillars are presented on a single pane of glass.
With DeCYFIR, enterprises can see cybersecurity through the hackers’ lens and obtain
deep insights to connect the dots between threat actors, motives, methods, and
campaigns. DeCYFIR’s virtual agents navigate the deep/dark web, hackers’ forums,
closed communities, and other data sources to discover hidden signals of impending
attacks. The ability to identify threats at the early planning stage gives DeCYFIR the unique
ability to predict attacks, allowing enterprises to take remedial actions before actual
attacks occur.
DeCYFIR provides full contextual insights answering the ‘WHO’, ‘WHY’, ‘WHAT’, ‘WHEN’,
and ‘HOW’ of underlying threats and risks. With DeCYFIR, enterprises receive relevant
intelligence that is customized to their industry, geography, and technology.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 27
RECOMMENDED ACTIONS
Cybersecurity recommendations encompass some general best practices — like being
cautious when engaging in online activities, abiding by the organization’s compliance
and governance rules, and reaching out for help when you encounter something
suspicious. Here is a list of outcome-driven recommendations that organizations should
follow.
 Embrace External Threat Landscape
Management Strategies to move from
event-driven reactive cybersecurity to
intelligence-driven predictive aimed
at strengthening cyber posture
management.
 Add Outside-In to the already known
Inside-Out Know-How. Understand the
criminals who are interested in your
organization, together with situational
awareness to comprehend the
external threat landscape of the
organization.
 Align Cybersecurity to Business
Objectives through prudent
boardroom representation.
Every new market entry, adoption of
new technology, innovation should
have cybersecurity assessment done
leading to the adoption of
cybersecurity awareness within
the workforce
 Educate staff to be wary of unsolicited
emails containing attachments – they
should not open these emails as it has
a high probability of containing
malicious attachments.
 Conduct Educational Training
on social engineering attacks and
conduct social Engineering Tests (SET).
 Manage Supply Chain Risk
by creating, reviewing, periodic
assessments, as well as enforcing
Information Security Policies and
Processes for vendor and third-party
management.
 Plan Periodic Red Team Exercises
to measure the effectiveness of the
people, processes, and security
technologies used to defend the
environment. Red Team exercise
helps organizations to improve
security controls detection, enhance
defensive capabilities, and measure
the overall effectiveness of existing
security operations.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 28
 Enable Emerging Security Solutions
like deception technology powered
with machine learning helps in real-
time breach detection and
prevention.
 Continue to Evolve the incident
response and crisis management
procedures through – continual
improvement, wargaming, and
table-top exercises.
 Ensure the Email Security Gateways,
Email SPF, DKIM, DMARC, advanced
threat protection systems, Firewall
rules, and network proxy controls are
configured appropriately to detect
the attacks in real-time.
 Implement Robust Security
Protocols and Encryption, including
authentication or access credentials
configurations, to secure critical
information stored in
databases/servers.
 Ensure that all Applications/Hardware
are Updated to their Latest Versions
to flush out exploitable vulnerabilities.
 Employ Backup Systems to Restore
Data in the occurrence of ransomware
attacks. Ideally, these backup systems
should not be attached or connected
to the
main network.
 Employ a Multi-layered Threat
Detection and Mitigation Approach
to effectively detect and block threats
that manage to sneak into your
organizational setup.
CYFIRMA CYBERSECURITY PREDICTIONS 2022
© 2021-2022, ALL RIGHTS ARE RESERVED 29

Weitere ähnliche Inhalte

Was ist angesagt?

Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020Ulf Mattsson
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 

Was ist angesagt? (20)

Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011)
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Security Threats Predictions in 2015 – Netmagic
Security Threats Predictions in 2015 – NetmagicSecurity Threats Predictions in 2015 – Netmagic
Security Threats Predictions in 2015 – Netmagic
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 

Ähnlich wie Cyfirma cybersecurity-predictions-2022-v1.0 c

Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfYamuna5
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfKrishna N
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfsatheesh kumar
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxbriancrawford30935
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020Dharmendra Rama
 
2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat ReportAlex492583
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Shawn Nutley
 
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19Alex Smirnoff
 
Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsJohn ILIADIS
 
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021Bernard Marr
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.Merry D'souza
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 

Ähnlich wie Cyfirma cybersecurity-predictions-2022-v1.0 c (20)

Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdf
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdf
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docx
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
 
2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
 
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trends
 
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 

Kürzlich hochgeladen

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 

Kürzlich hochgeladen (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 

Cyfirma cybersecurity-predictions-2022-v1.0 c

  • 1. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 1 PREDICTIONS 2022
  • 2. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 2 PREFACE: 2021 FACTORS WITH LIKELY IMPACT IN 2022 .........3 EXECUTIVE SUMMARY.............................................6 TOP 10 THREATS AND RISKS PREDICTION ..............7 1. Arming of IoT / IIoT and Operational Technology (OT) for Cybercrime.....................8 2. Cybercrime Becomes ‘Investment-Worthy’........................12 3. Cybercriminals Will Embark on Kinetiic Cyberattacks........13 4. The War for Intellectual Property Will Take Place on the Wire.........................................................................................15 5. Cyberwarfare will be Mainstream .......................................10 6. Ransomware Menace to Continue.....................................16 7. Hijacking of Mobile Devices for Ransom.............................18 8. From Data Exfiltration to Confiscation of Data...................19 9. ICybercriminals Will Be More Interested in Behavioral and Transaction Data...................................................................21 10. State-Sponsored Groups Look for More Collaboration......22 RECAP....................................................................25 RECOMMENDED ACTIONS....................................27 TABLE OF CONTENTS
  • 3. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 3 PREFACE: 2021 FACTORS WITH LIKELY IMPACT IN 2022 As 2021 draws to a close we have seen a dramatic increase in the attention paid by law enforcement to ransomware groups. There were arrests of actors linked to REvil, Clop, and the seizure of funds linked to ransomware attacks. Coupled with this we have seen the United States update advisories on the potential sanctions risks to making or facilitating ransomware payments. This year also witnessed law enforcement and several security researchers identify real-world IP addresses for darknet Data Leak Sites and subsequently take them down. However, the rate of new data leak sites emerging far outpaces the speed of busting these cybercrime syndicates. Furthermore, Mark Zuckerberg’s announcement of ‘The Metaverse’ has caused an equal measure of excitement and derision. An interesting development herein is the purchase of digital space for the first digital embassy by the island nation of Barbados. This new digital presence creates an interesting attack surface for cybercriminals. As more organizations (government and businesses) latch on to the metaverse concept, it will not be long before cybercriminals - both state- sponsored groups as well as opportunistic hackers - will seek out the metaverse for new victims. For instance, the opportunity to embarrass a nation-state by attacking their digital embassy on a new social media platform would garner significant headlines and therefore be an attractive target. While Mark Zuckerberg calls this the new chapter of the internet, what we can expect is to see age-old problems with a new twist.
  • 4. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 4 It is important to remember that several other companies and organizations have discussed their metaverses. While the level of interoperability between them is unknown, however, we could expect an iOS and Android version of the Metaverse. We can imagine the Android-like metaverse to be a wild west. With a lack of content control, we expect to see imitation brands or shops acting as either a distribution vector for malware or more simply phishing victim credentials. Also, given that the Metaverse offers the opportunity to track behavioral activities and patterns we are likely to see a brisk trade in this data. There is a huge commercial want for such data. In terms of criminal use of this data, we can expect cybercriminals to exploit this data for various malicious activities. Moreover, in the hindsight the widespread adoption of the Internet of Things (IoT) and Industrial Internet of Things (IIoT) has not only led to a surge in connected devices; but also opened several vulnerable entry points, of an organization, which are being leveraged by threat actors to access a gold mine of data-carrying huge value from both commercial and security point of view. As the background chorus of cyberwar going mainstream got stronger this year with state-sponsored groups aiming for better collaborations with cybercriminals, the battleground for more lethal warfare at the level of intellectual property has also been prepared - and is likely to easily pass into the year 2022. While intellectual property warfare was always a matter of concern, its full-blown effect has been felt by the global community in the face of COVID-19.
  • 5. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 5 Interestingly, at a time when the phrase “war over the wire” has turned into a cliché, it looks like cybercriminals have taken upon themselves to give their attacks a tinge of physical violence as well. This shift from non-kinetic to kinetic cyber-attacks is a trend that is still in a nascent stage yet has the potential to mature at a rather fast pace in the upcoming years. Apart from this, behavior and transaction data have also caught the fancy of several threat actor groups. This interest is particularly ominous given that hijacking of mobile devices for ransom and confiscation of data are turning out to be the new norms for cybercriminals as well as underground communities. And lastly, as cybercriminals turn more professional in their attack execution and behave like a legitimate industry – cybercrime is transforming into a multi- layered economy in itself. Moreover, as the pandemic moves into its third year, we expect that global fatigue will set in and people will let their guard down, providing opportunities for cybercriminals to escalate their malicious activities. Threat actors will keep exploiting COVID- 19 themes, especially new variants, and vaccinations to craft social engineering campaigns executed via both phishing and vishing as well as malicious online ads or fake ‘vaccine passports.’ The same goes for continued working from home, where users are easier targets than at secured networks at the company’s office. CYFIRMA’ s cybersecurity prediction for 2022 highlights 10 key developments which are likely to transform the way cybercrime will unfold as the threat landscape evolves.
  • 6. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 6 EXECUTIVE SUMMARY While the world had to adapt to the new normal in 2021, cybercriminals upped the ante to target employees working from home, COVID vaccine research, and a myriad of other opportunistic targets to disrupt organizations’ supply chains and networks, propagate their geopolitical agenda, amongst other nefarious objectives. Ransomware proved to be a major disruptor, and the sophistication and scale of these attacks made international news. In 2021, cybercriminal syndicates around the world stepped away from the shadows and firmly took center stage. In 2022, cybercriminals will continue to evolve their modus operandi – Attaining greater sophistication and modifying their tactics, techniques, and procedures to outsmart the cyber defenders. With the development and wider adoption of radical new technologies like 5G, cryptocurrencies, industrial robotics, etc., Attackers will find renewed motivation to diversify, with attacks that are not easy to foresee and difficult to mitigate. In simple terms, cyber defenders will quickly realize the inevitable fact: No surface is out of the cybercriminals’ reach and influence! Organizations – already stretched to their limits due to the prolonged COVID-19 orchestrated conditions – will be forced to be more aware of security issues brewing in their threat landscape, and will be compelled to leverage resources that anticipate, identify, and mitigate security issues targeting them from a variety of angles. As the number and complexity of security breaches continue to rise, we advise organizations to introduce new mandates to protect their customers, create new synergies with their vendors, subsidiaries, supply chains, and firmly place cybersecurity at the center of their business decisions. Against this backdrop, CYFIRMA presents its cybersecurity predictions for 2022. Based on CYFIRMA’s research, this report highlights 10 prominent trends and shifts that are likely to take precedence which businesses and technology leaders, should consider as they build their roadmap for the coming years.
  • 7. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 7 TOP 10 THREATS AND RISKS PREDICTION
  • 8. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 8 1. Arming of IoT / IIoT and Operational Technology (OT) for Cybercrime Hypothesis The number of connected devices (IOT/IIOT) to hit 15 billion in 2022, 27 billion in 2025. Together with rise of cellular IOT devices connected over 5G, this means the footprint of potential access points for cybercriminals grows dramatically. From smart homes and offices to industrial deployments. Analysis While legislations, standards and certifications are coming, 2022 will remain a wild west in this regard and leave many IOT/IIOT lacking proper security.
  • 9. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 9 Some notable trends observed:  Several devices were added without adequate testing for vulnerabilities, and addressing inherent security concerns, especially in convergence with legacy OT environment.  As new use cases emerge by the hour, IoT/IIoT is making deep inroads into new verticals, both within OT and IT applications.  More data from IoT/IIoT projects is making its way into data dumps across various channels.  Technology at the edge is increasing where the processing of data out to where it is required which provides business benefits. This has increased the wide expanse and processing of business data.  Chips shortage forcing some manufacturers to buy dubious, less secure, and even potentially backdoored chips from unproven sources. Takeaway In 2022 we will continue to see an increase in business adopting of IoT/IIoT devices and increased number within our homes. We will see the attacks on IoT/IIoT and its continued convergence of OT devices, edge computing devices - where data is operated on as close as possible to the point it is collected, as well as a centralized cloud infrastructure that is vulnerable. Minimizing network exposure for all control system devices and/or systems and ensuring that they are not accessible from the internet, will go a long way in fool proofing critical infrastructure. Additionally, IoT/IIoT device manufacturers are recommended to apply controls around Web APIs used to obtain Kalay UIDs, usernames, and passwords, as this would decrease attackers' ability to access the data. Hackers will leverage OT to orchestrate cybercrime. The development of ‘digital twins’ – comprehensive digital simulations of entire buildings, cities and systems offer a treasure trove of data and access points to those with nefarious intentions.
  • 10. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 10 2. Cybercrime becomes ‘investment-worthy’ Hypothesis In 2022, we predict cybercrimes will be more specialized and targeted. As the whole ecosystem of cybercriminals starts to behave like a legitimate industry with money pouring in, ransomware operators are re-investing profits and hiring freelance developers to improve the efficiency and capabilities of their products.
  • 11. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 11 Analysis In recent times, we have witnessed several developments:  Rise of specialized vendors such as Initial Access Brokers (IABs) who exclusively deal with stolen accesses to organization’s network  Large-scale advertising by ransomware operators looking for affiliated and freelancer developers for a targeted component to connect various attack groups/scenarios  An increasing trend of recruiting insiders to deliberately compromise their own organization’s security  Cybercriminals luring security professionals, pen-testers with fake job ads, setting up fake companies; to use their skills & expertise in identifying weaknesses of target organizations Takeaway  Cybercrime perpetrated losses are expected to increase exponentially (> USD 10 Trillion) in the coming years.  Large-scale and well-funded outsourcing, automation, and specialization throughout 2022 and beyond will bring more efficient malicious operations to a wider pool of target organizations. Breaches will on average penetrate deeper, expose more critical systems, and cost severe damage to the impacted organizations.  Increased cyberattacks against entities and organizations will have a potential impact on the target nation’s economy, GDP and growth trajectory. Cybercrime will become tradeable, exchangeable and an investment-worthy asset class.
  • 12. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 12 3. Cybercriminals will embark on kinetic cyberattacks Hypothesis Based on trends analysis of cyber-attacks in 2021, we have reason to believe that cyber-attacks will escalate beyond the current crop of non-violent or non-kinetic attacks and exploit vulnerable information systems and processes. This will serve two objectives: 1) Force the victims to be more open to negotiations when faced with the prospect of real-world damage, and 2) Enhance their credibility amongst peers and finetune their ability to bring in big financial gains, cause the maximum reputational damage, recruit affiliates, etc. Analysis There have been noticeable observations where a particular nation-state is using disputed territory as a warzone as a testing ground for rapidly developing and testing kinetic cyber-attacks. Ever since the infamous Stuxnet worm to the most recent Colonial Pipeline incident, similar attacks have occurred with physical damage inflicted on PLC systems, ICS devices, water facilities, hospitals, transportation systems, and manufacturing plants. Takeaway We will see an increasing trend of cyber- attacks targeting verticals like PLC systems, ICS devices, critical infrastructure, healthcare, and research entities as cybercriminals look to transcend the boundaries of cyber and physical worlds. Establishing a robust security posture that is thoughtfully layered with a series of security mechanisms and controls in the network to protect the confidentiality, integrity, and availability of critical data is the foundation on which concrete cyber defense can be built. Geopolitical tensions, commercial competition, and socio-economic differences will trigger kinetic cyber- attacks resulting in actual physical damage and loss of lives.
  • 13. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 13 4. The war for Intellectual Property will take place on the wire Hypothesis On a global geopolitical stage, cyber risk, intellectual property, and cyberwarfare have always been and will continue to be interlinked. Many IP theft cyberattacks are directed at the defense sector and critical infrastructure, including state-sponsored Threat actors acting executing these for their monetary gain or at the behest of their state masters. The COVID-19 pandemic has since changed this phenomenon as an increasing number of attempts have also been made at health research and pharmaceutical companies. Chinese and Russian state-sponsored hacking groups are the most active in wreaking economic havoc through cyberespionage.
  • 14. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 14 Analysis CYFIRMA’s detailed analysis of major recent breaches reveals a worrying trend of cybercriminals leveraging a mix of classical attack techniques together with other cloud- specific methods. Suspect nations are also looking to bypass the competition, be it in terms of industrial might, social advancement, or as pioneers of innovation and technology, by simply stealing the essential blueprint of these accomplishments from others. As an example, for the past 3 years, we have been tracking a global reconnaissance campaign dubbed "Vision 2025", suspected to be carried out by state-sponsored Chinese hackers to establish China as the leader of innovation and manufacturing. This campaign’s foremost aim is to exfiltrate IP, copyright, trade secrets, etc. to benefit local Chinese companies and get one-up against their foreign rivals. Takeaway In 2022, more countries, especially those that are not bestowed with natural resources, economic might or politically isolated, will choose to steal IP to achieve economic and social goals.
  • 15. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 15 5. Cyberwarfare will be mainstream Hypothesis In the year 2022, cyber warfare will the go- to approach to target other nations as it is cost-effective, covert, effective, and easily deniable. Corporate entities and private players will be caught in the crossfire with geo-political tensions between major nations and major geopolitical events taking place. Analysis  There is already an undeclared cyber-warfare between nations ongoing for quite some time. Individual players have now joined the fray.  Supply chain attacks have become the opportunity threat actors and cybercriminals are starting to target to reap financial and geopolitical driven benefits. We have increasingly observed such attacks on the high-tech industry ecosystem belonging to semiconductors, energy, and pharmaceutical.  Increased cyberattacks on the critical infrastructure of a nation continue, leaving millions of its population helpless. Takeaway State-sponsored threat actors in collaboration with other groups and corporates will continue to carry out espionage and cyber-attacks against targeted organizations and countries. This will lead to changing power equations in the world with many new partnerships mushrooming based on geopolitical needs and wants. Cyberwarfare will no longer be restricted to nation states, business entities and private players will adopt cyber espionage to advance commercial interest.
  • 16. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 16 6. Ransomware Menace to Continue Hypothesis Ransomware-as-a-service (RaaS) is a thriving business today because ransomware syndicates can garner millions of dollars in revenue by targeting organizations almost at will. The operators continue to look for a new way to evade actions by international law enforcement and hide their footprints. Analysis Ransomware cost the world approximately USD 20 billion in 2021. In 2021, almost 37% of all businesses and organizations globally were hit by ransomware. Recovering from a ransomware attack has cost businesses USD 1.85 million on average in 2021. Out of all ransomware victims, 32% pay the ransom, but they only get 65% of their data back. Approximately 57% of businesses are successful in recovering their data using a backup. Ransomware operators have since upgraded to following a four-layered approach of targeting organizations that includes:  Infiltrate into the target organization’s network.  Exfiltrate and encrypt data.  Demand ransom and “Name & Shame”.
  • 17. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 17  Leave behind footprints in the targeted organizations to return and attack again. Some noticeable trends could include:  Ransomware will use IoT as entry points - IoT devices are everywhere these days and researchers have predicted that there will be over 25 billion of them by next year. That’s a vast number of devices the adversaries can target as a gateway for nefarious purposes. In many instances, IoT misconfigurations like unchanged default settings or unwanted services still being enabled, leave devices vulnerable and exposed to attacks.  Ransomware will increasingly target third-party software - Ransomware operators will not necessarily always attack organizations or their systems directly. Increasingly, hackers will target supply chain software, including remote monitoring and management software, as in the case of Kaseya and SolarWinds, or by exploiting widespread TCP/IP stack vulnerabilities or the latest log4j vulnerability that was patched in December 2021.  Ransomware will focus on Operational Technology - Still for many organizations, operational technology (OT) has mostly flown under the cybersecurity radar in the past. But the cyberattack against Colonial Pipeline in 2021 has dramatically changed this. While IT systems under attack are bad, compromised OT systems are even worse as they allow ransomware operators to halt operations and almost instantaneously bring organizations to a complete standstill. Once companies get locked out of their systems and ransom demands are made, there is very little organizations can do to reverse this, other than to pay up. Takeaway Given the high profitability of RaaS, ransomware attacks are only going to escalate in near future. Payouts in six to seven figures have sparked a new gold rush. This is feeding a vicious cycle where more and more resources are invested into developing increasingly sophisticated code. The development of Linux variants targeting infrastructure and backup solutions promises future attacks to be increasingly crippling for their victims. The need for active cyber defense and fast actionable intelligence is going to be a must to prevent both initial access brokers and ransomware groups from breaching networks. Ransomware will use IoT as entry points, targeting third-party software and operational technology.
  • 18. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 18 7. Hijacking of Mobile Devices for Ransom Hypothesis Mobile devices will continue to attract more attention in 2022 by both cybercriminals and nation-states threat actors. They are a perfect spying bug attached to a treasure chest of valuable data. Stats and analytics:  Unlike desktop platforms, the mobile app lacks mature and robust security checks to prevent and detect phishing, C2 traffic, credential theft, etc.  Voice call (vishing) spamming, and scams are on a rise, all messaging apps are riddled with phishing and spam aimed to steal credentials or lure into installing malicious/fake apps.  Mobile Device Management platforms are targeted in supply chain attacks to get a foothold into an organization’s networks. Takeaway Attacks on mobile-based devices and operating systems like Android and iOS will increase in 2022 as cybercriminals look to implant look-alike/malicious applications, exploit legitimate software. Do not overlook and neglect mobile security, enforce strict security policies, limit numbers of apps installed on any device and minimize surface used for social engineering. The mobile phone has become an absolute necessity, directing every aspect of our lives. In 2022, cybercriminals will mount attacks to take over mobile devices and demand ransom knowing that many will succumb to the extortion tactics.
  • 19. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 19 8. From Data Exfiltration to Confiscation of Data Hypothesis Taking inspiration from the RaaS business model and its success observed throughout 2021, the small-time opportunistic cybercriminals from the underground communities are going to follow in the footsteps of RaaS groups. Within the underground forums, the cybercriminals who merely used to monetize their stolen data by way of leaking it into such forums are now attempting to extort victim organizations before eventually putting the data for sale to any potential buyer. This shift will likely put the small and medium-sized businesses on the radar of cybercriminals who often are not on the target list of established ransomware groups.
  • 20. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 20 Going forward targets are being carefully researched beyond just the reconnaissance of corporate network, financials of potential victims are studied including associated penalties for a breach, to set a ransom amount. Analysis CYFIRMA is observing a growing trend where cybercriminals have had unsuccessful extortion attempts for ransom and ultimately turned to monetizing the stolen data by selling it. With most cyber-attacks, the worrisome factor for business is being subject to data exfiltration and permanent data confiscation/deletion – which takes organizations to a point of no return and being forced to deal with cybercriminals and their demands. Takeaway Cybercriminals will not only encrypt victims’ data but also delete or destroy sensitive and critical digital assets. The disruption and damage inflicted can be difficult to track making law enforcement even more challenging.
  • 21. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 21 9. Cybercriminals will be more interested in Behavioral and Transaction Data Hypothesis Threat actors are increasingly utilizing big- data techniques to understand and decipher the hidden traits of a society or target victims to craft specifically tailored campaigns for wider impact. This includes social, political, financial objectives leading to tangible outputs - financial outcomes and non-tangible outputs - fear-mongering, influencing the behavior of a society, influencing political outcomes. Analysis A recent example of priority placed by cybercriminals on behavioral patterns was observed when North Korean cyber- criminals implanted behavior-based malware using browser-based extensions as part of their attacks on the Tokyo 2020 Olympics. As the pandemic continues, people's digital footprint has been increasingly defined by social media and online purchasing activities. The resultant trail of information includes - behavioral hints and consumers' personally identifiable financial information (PIFI) – which presents a lucrative opportunity for cybercriminals. Takeaway As the pandemic continues, people's digital footprint has been increasingly defined by social media and online purchasing activities. Data with behavioral hints and consumers' personally identifiable financial information (PIFI) presents a lucrative opportunity for cybercriminals.
  • 22. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 22 10. State-Sponsored Groups Look for More Collaboration Hypothesis In 2022, we expect increased collaboration amongst threat actors.  Chinese threat actors including state-sponsored outfits hiring North Korean groups as part of HaaS for exfiltrating sensitive details from organizations in return for financial benefits.  Collaboration of Russian Groups (State-sponsored as well as Cybercriminals) with Chinese threat actors under RaaS, possibly helping the Russians expand their attack aside from their traditional targets, i.e., the US, and Europe.  Increased collaboration among same-nation Hacker groups to realize the political agenda of their state masters.
  • 23. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 23 Analysis  CYFIRMA’s monitoring of dark web forums has revealed a trend of ransomware operators teaming against the US and its allies’ interests to likely target them. An example of one such case is provided below:  The above underground forum conversation loosely translates in English to: “In our difficult and troubled times, when the US government is trying to fight us, I urge all affiliate programs to stop competing. Unite and start to destroy the state sector of the United States, show this dementia old man who is the boss who is the boss and will be on the Internet. While our guys were dying on honeypots Sachkov from rude aibi squeezed his own ... but he was rewarded with higher and now he will sit for treason, so let's help our state fight such ghouls as cybersecurity firms that are sold to amers like state structures of the USA, I urge you not to attack Chinese companies, because where do we need to worry if our homeland suddenly turns its back on us, only to our good neighbours - the Chinese! I believe that all zones in the US will cope all blacks will go and **** this ****ing Biden in all the cracks, I myself will personally make efforts
  • 24. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 24  Threat actors have been observed evolving, innovating, and enhancing their capabilities in the use of malware/ransomware, TTPs. They are suspected to have done this by collaborating with other threat actors, sharing, and benefitting from their experiences and skills.  Of the campaigns tracked by CYFIRMA in 2021, in almost 25% we have observed Russian ransomware groups hiring Chinese affiliated and vice-versa, under the RaaS model.  In 2021, we have also continued observing in 20% campaigns, North Korean hacking groups hired by Chinese groups under the HaaS model. Takeaway  State-sponsored threat actors will find more ways of collaborating across boundaries to further the political agenda of their state masters, and at times also justify their domestic authoritarian policies for wider adoption.  The trend of monitoring social media and the surface web to influence outcomes based on key political events like elections will continue in a much wider manner than previously observed. Hacking groups will share infrastructure, tools, techniques and tradecraft making it more difficult for cyber researchers to attribute threat actors to specific campaigns.
  • 25. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 25 . RECAP The cybercrime problem is escalating. Hacking activity is not just restricted to the sophisticated and highly skilled computer genius. The fast pace of technological innovation has had an unexpected outcome - lowering of technical skill cap to conduct malicious attacks. So-called “script kiddies” now have access to tools that only require the right targeting to successfully get in and steal data or cause substantial damage. Furthermore, demand in underground markets for stolen databases and initial access is booming, hence creating financial incentives for more people to get into cybercrime. Embrace External Threat Landscape management strategies to move from event-driven reactive cybersecurity to intelligence-led predictive cyber posture management. DeCYFIR: External Threat Landscape Management Platform DeCYFIR gives security leaders a unified view into six threat pillars – ATTACK SURFACE DISCOVERY VULNERABILITY INTELLIGENCE BRAND INTELLIGENCE CYBER INTELLIGENCE DIGITAL RISK PROTECTION SITUATIONAL AWARENESS
  • 26. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 26 Based on the analysis of threat indicators collected from the deep web, dark web, hacker forums and other closed communities, as well as CYFIRMA’s research, attacks are predicted to use probability prediction models and analytics engines. By providing threat intelligence from the outside, CYFIRMA can share early warning information when signs of cyber-attacks are detected, enabling cyber teams to take rapid action to thwart attempts at intellectual property theft, ransomware attacks, and other malicious activities. The company’s unique perspective lies in its systematic approach of discovering threats and producing personalized and predictive cyber-intelligence where six threat landscape pillars are presented on a single pane of glass. With DeCYFIR, enterprises can see cybersecurity through the hackers’ lens and obtain deep insights to connect the dots between threat actors, motives, methods, and campaigns. DeCYFIR’s virtual agents navigate the deep/dark web, hackers’ forums, closed communities, and other data sources to discover hidden signals of impending attacks. The ability to identify threats at the early planning stage gives DeCYFIR the unique ability to predict attacks, allowing enterprises to take remedial actions before actual attacks occur. DeCYFIR provides full contextual insights answering the ‘WHO’, ‘WHY’, ‘WHAT’, ‘WHEN’, and ‘HOW’ of underlying threats and risks. With DeCYFIR, enterprises receive relevant intelligence that is customized to their industry, geography, and technology. CYFIRMA CYBERSECURITY PREDICTIONS 2022
  • 27. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 27 RECOMMENDED ACTIONS Cybersecurity recommendations encompass some general best practices — like being cautious when engaging in online activities, abiding by the organization’s compliance and governance rules, and reaching out for help when you encounter something suspicious. Here is a list of outcome-driven recommendations that organizations should follow.  Embrace External Threat Landscape Management Strategies to move from event-driven reactive cybersecurity to intelligence-driven predictive aimed at strengthening cyber posture management.  Add Outside-In to the already known Inside-Out Know-How. Understand the criminals who are interested in your organization, together with situational awareness to comprehend the external threat landscape of the organization.  Align Cybersecurity to Business Objectives through prudent boardroom representation. Every new market entry, adoption of new technology, innovation should have cybersecurity assessment done leading to the adoption of cybersecurity awareness within the workforce  Educate staff to be wary of unsolicited emails containing attachments – they should not open these emails as it has a high probability of containing malicious attachments.  Conduct Educational Training on social engineering attacks and conduct social Engineering Tests (SET).  Manage Supply Chain Risk by creating, reviewing, periodic assessments, as well as enforcing Information Security Policies and Processes for vendor and third-party management.  Plan Periodic Red Team Exercises to measure the effectiveness of the people, processes, and security technologies used to defend the environment. Red Team exercise helps organizations to improve security controls detection, enhance defensive capabilities, and measure the overall effectiveness of existing security operations.
  • 28. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 28  Enable Emerging Security Solutions like deception technology powered with machine learning helps in real- time breach detection and prevention.  Continue to Evolve the incident response and crisis management procedures through – continual improvement, wargaming, and table-top exercises.  Ensure the Email Security Gateways, Email SPF, DKIM, DMARC, advanced threat protection systems, Firewall rules, and network proxy controls are configured appropriately to detect the attacks in real-time.  Implement Robust Security Protocols and Encryption, including authentication or access credentials configurations, to secure critical information stored in databases/servers.  Ensure that all Applications/Hardware are Updated to their Latest Versions to flush out exploitable vulnerabilities.  Employ Backup Systems to Restore Data in the occurrence of ransomware attacks. Ideally, these backup systems should not be attached or connected to the main network.  Employ a Multi-layered Threat Detection and Mitigation Approach to effectively detect and block threats that manage to sneak into your organizational setup.
  • 29. CYFIRMA CYBERSECURITY PREDICTIONS 2022 © 2021-2022, ALL RIGHTS ARE RESERVED 29