While the world had to adapt to the new normal in 2021, cybercriminals upped the ante to target employees working from home, COVID vaccine research, and a myriad of other opportunistic attacks to disrupt organizations’ supply chains and networks, propagate their geopolitical agenda, amongst other nefarious objectives.  Ransomware proved to be a major disruptor, and the sophistication and scale of these attacks made international news. In 2021, cybercriminal syndicates around the world stepped away from the shadows and firmly took center stage.

In 2022, cybercriminals will continue to evolve their modus operandi – attaining greater sophistication and modifying their tactics, techniques, and procedures to outsmart the cyber defenders. Cyber defenders will quickly realize the inevitable fact: No surface is out of the cybercriminals’ reach and influence.

Kinetic cyber attack garners cybercriminals’ interest

Based on trends analysis of cyber-attacks in 2021, we anticipate cyber-attacks will escalate beyond the current crop of non-violent or non-kinetic attacks and exploit vulnerable information systems and processes. This will serve two objectives: 1) Force the victims to be more open to negotiations when faced with the prospect of real-world damage, and 2) Enhance their credibility amongst peers and finetune their ability to bring in big financial gains, cause the maximum reputational damage, recruit affiliates, and more.

Ever since the infamous Stuxnet worm to the recent Colonial Pipeline incident, similar attacks have occurred with physical damage inflicted on PLC systems, ICS devices, water facilities, hospitals, transportation systems, and manufacturing plants.

We will see an uptrend of cyber-attacks targeting verticals like PLC systems, ICS devices, critical infrastructure, healthcare, and research entities as cybercriminals look to transcend the boundaries of cyber and physical worlds. Geopolitical tensions, commercial competition, and socio-economic differences will trigger kinetic cyber- attacks resulting in actual physical damage and loss of lives.

Establishing a robust security posture requires agility in security mechanisms and controls to tackle fast-evolving external threats and mitigate their impact to the network. This will go a long way to protect not just data but also human lives.

Cyber war will be mainstream

This year cyber warfare will be the go-to approach to target other nations. Corporate entities and private players will be caught in the crossfire with geo-political tensions between major nations escalating.

Supply chain attacks have become the opportunity threat actors and cybercriminals are starting to target to reap financial and geopolitical driven benefits. We have increasingly observed such attacks on the high-tech industry ecosystem belonging to semiconductors, energy, and pharmaceuticals.

We will see an increase in cyberattacks targeting critical infrastructure and leaving millions helpless.

State-sponsored threat actors in collaboration with other groups and corporates will continue to carry out espionage and cyberattacks against targeted organizations and countries. This will lead to changing power equations in the world with many new partnerships mushrooming based on geopolitical needs and wants.

Cyber Warfare will no longer be restricted to nation states, business entities and private players will adopt cyber espionage to advance commercial interest.

Hijacking of mobile devices for ransom

Mobile devices will continue to attract more attention in 2022 by both cybercriminals and nation-state threat actors. They are a perfect spying bug attached to a treasure chest of valuable data.

Unlike desktop platforms, the mobile app lacks mature and robust security checks to prevent and detect phishing, C2 traffic, credential theft, and more.

Voice call (vishing) spamming is on a rise, messaging apps are riddled with phishing and spam aimed at stealing credentials or lure unsuspecting victims into installing malicious or fake apps.

Even mobile device management platforms are targeted in supply chain attacks to get a foothold into an organization’s networks.

Attacks on mobile-based devices and operating systems like Android and iOS will increase in 2022 as cybercriminals look to implant look-alike or malicious applications to exploit legitimate software.

The mobile phone has become an absolute necessity, directing every aspect of our lives. In 2022, cybercriminals will mount attacks to take over mobile devices and demand ransom knowing that many will succumb to the extortion tactics.

Mobile users should uplift cybersecurity knowledge and acquire cyber safe habits such as knowing how to set a secure password, learn about emerging cyber threats like phishing campaigns and other social engineering lures, and be aware of cyber criminals targeting apps they have installed. Do not overlook and neglect mobile security.

As the number and complexity of security breaches continue to rise, we advise organizations to review how they are currently managing their cybersecurity posture. It is time for enterprises to embrace threat landscape management strategies that will give them visibility to emerging threats so they can take proactive measures to protect data and assets.



Views expressed above are the author’s own.



Source link