From high-profile ransomware attacks to government spending on improving national security, the cybersecurity industry impacted nearly every sector – including business, health care and education – in 2021. We don’t foresee this slowing down anytime soon, meaning that in 2022, companies should be aware of emerging threats and risks. Here are my cybersecurity predictions for the year ahead.

Phishing campaigns will increasingly abuse OAuth workflows: Phishing campaigns have historically focused on obtaining usernames and passwords. As multi-factor authentication (MFA) becomes more commonplace, attackers have been forced to find workarounds. One such workaround is the illicit consent grant, wherein an attacker tricks a victim into authorizing access to the target app by abusing an OAuth workflow intended for device or plug-in authorization. We expect to see an increase in attacks abusing OAuth workflows across multiple apps.

Office documents will represent more than 50% of all malware downloads: By the end of 2022, malicious Office documents will account for more than 50% of all malware downloads as attackers continue to find new ways to abuse the file format and evade detection. At the beginning of 2020, Office documents accounted for only 20% of all malware downloads and have increased to 40% in 2021. This trend will continue due to the pervasive nature of Office documents in the enterprise and the many ways they can be abused, making them an ideal malware delivery vector.

Scams, phishing pages, and other malicious websites will move to cloud apps: For the past few years, we have seen attackers transition away from using traditional websites to deliver malware and instead abuse cloud apps, especially cloud storage apps, to deliver malware. Today, two-thirds of all malware detected by my company’s platform comes from cloud apps. In contrast, the majority of scams, phishing pages, and other malicious websites detected by the platform are hosted on traditional websites. While there are some attackers that abuse cloud apps for these purposes, we have yet to see a rapid transition to cloud like we saw for malware delivery. In 2022, we expect scams, phishing pages, and other malicious websites to start transitioning to cloud apps at an increasing rate. At the end of 2021, we saw an uptick in visits to malicious websites hosted on Weebly, Google Sites, Azure Websites, Amazon S3, and other cloud apps that provide free or low-cost web hosting. We expect that by the end of 2022, nearly half of all scams, phishing pages, and other malicious websites detected by my company’s platform will abuse cloud apps.

As cyber threats evolve this year and beyond, enterprises should keep a close eye on OAth workflows via phishing campaigns and how Office documents are downloaded to avoid malware concerns and be best set up for success.