Cybercriminals flooded businesses across industries with one major attack after another in 2021. As the year comes to an end, it’s time to look back at what we have learned the past year and what is in store for the security world in 2022. Below, my company’s team has compiled some realistic cybersecurity expectations for the new year.
James Carder, Chief Security Officer and Vice President of Labs, LogRhythm:
A leading country producing semiconductor chips will have its supply-chain compromised, resulting in major shortages of critical materials. As we have seen with the pandemic, cybercriminals will take advantage of periods of societal disruption to manipulate companies and governments for financial gain. The global chip shortage, which shows no sign of slowing down as some experts estimate it could last through the end of 2022, is another period of disruption that hackers will soon exploit. As countries seek to ramp up production, one country will be caught attempting to corner the market by using fraudulent methods to gain access to the production and supply of the leading chip-producing countries. This will result in shortages of critical supplies, as well as soaring prices for basic goods.
The supply chain of a major vaccine manufacturer will be halted by ransomware. In 2021, ransomware attacks crippled Colonial Pipeline and JBS. In 2022, cybercriminals will set their sights on carrying out a ransomware attack against one of the pharmaceutical companies producing the COVID-19 vaccine. This will interrupt the production of critical booster shots and keep many other life-saving drugs from reaching patients. The resulting fallout will fan the flame for foreign and domestic vaccine disinformation campaigns.
Cybercriminals will leverage API vulnerabilities to breach multiple company networks at once. Cyberattackers commonly use lateral movement techniques to move through an organization’s network after carrying out the initial breach. We have already seen the Russia-linked REvil ransomware-as-a-service group leverage Kaseya’s network management and remote-control software to move not only within Kaseya’s network but extend its reach to its customers. In 2022, we will see hackers seek to up-level the lateral movement concept for internal networks and apply it to an entire partner network using misconfigured APIs, which serve as a doorway from the internet into a company’s environment.
Hackers will blackmail Olympic athletes during the Beijing Olympics. Hackers will breach various athletes’ accounts and find incriminating email exchanges regarding the use of performance-enhancing drugs and insight into the individual’s personal life. This will result in athletes being blackmailed into helping hackers carry out cyberattacks on their home countries or face the release of incriminating evidence.
Joanne Wong, VP of International Marketing, LogRhythm:
Individuals, not infrastructure, will be top cybersecurity threats at the 2022 FIFA World Cup in Qatar. Qatar has made significant investments in cybersecurity ahead of the FIFA 2022 World Cup. Although local cybersecurity teams are proactively mitigating threats to protect visitors, it is travel to the World Cup and the hospitality industry surrounding the tournament that will leave individuals vulnerable. We predict that organizers will be prepared to manage the large in-country attack surface surrounding the tournament, but what about individuals before they arrive? It is individuals as well as the travel and hospitality industries that will need to be aware of these cyber threats.
Phishing and social engineering will be used to steal personal and financial information that criminals can monetize. Ticketing, hotel bookings, and reservations of any kind can be faked and used to capture personal data and compromise individuals. Cybercriminals will recognize the work that Qatar has done to be prepared for the tournament and will focus on exploiting human nature before arrival, rather than digital infrastructure.
Matt Sanders, Director of Security, LogRhythm:
There will be a successful large-scale attack delivered through open-source software. Malicious actors have repeatedly demonstrated their technological aptitude at infiltrating and compromising organizations. Those same skills will be increasingly applied to the open-source software ecosystem (which welcomes all contributors), where attackers can intentionally introduce vulnerable code to widely used open-source software components. This would allow cybercriminals to exploit vulnerabilities on a massive scale, targeting companies that have built products using open-source technology without reviewing the code before copying and pasting it into their platforms. Such attacks can be extremely difficult to detect. It is likely that several instances of such attacks are already present in widely used open-source software today, which may be found in the year to come.