Our cybersecurity predictions for 2022 predicted trends such as increased regulatory changes and exacerbated talent shortages. Several of these predictions have played out, but at just past the midpoint of the year, it’s worth delving into some cybersecurity predictions for the rest of 2022.
With increased convergence between IT and operational technology (OT) systems, threat actors have started focusing more of their efforts on the environments that monitor and control the equipment, assets and processes used within several critical infrastructure sectors. Examples include industrial control systems, energy systems and transportation systems.
Nation-state actors or groups focused on maximizing their destruction know that they can cause more harm with cyberattacks on OT than IT. Because OT systems have a direct effect on the physical world, cyberattacks can cause threats to human safety. For example, altering signaling systems on a railway line could lead to derailment or collisions.
Even without direct harm to human health or safety, OT cyberattacks can easily lead to a cascading effect of panic and disruption throughout society. Consider the impact of a prolonged power shortage because of an attack on the power grid.
Expect to see newsworthy cyberattacks during the second half of 2022 on OT environments, using one of the following initial access methods:
A shocking report released midway through 2022 found that there are now 24 billion stolen credentials available on the dark web. This figure represents a 65 percent increase from 2020. Many of these credentials are obtained during large-scale data breaches.
Going forward, it’s reasonable to assume that the availability of these credentials will lead to a further increase in account takeover (ATO) attacks. An ATO attack involves threat actors taking control of accounts. These attacks can focus on customer-facing applications, such as e-Commerce sites or online banking. Some ATO attacks break into employee email or cloud accounts.
A huge range of malicious activity is possible when taking over an account. One such possibility is committing financial fraud by ordering goods or services with customer accounts or transferring money. From a business perspective, ATO can result in internal network access, with the outcome being data exfiltration, malware installation or fraudulent payments.
As account takeover increases, businesses need to focus on monitoring their networks 24/7 for signs of threats. The harsh fact is that it takes just one employee’s compromised credentials to potentially provide a network entry point.
While it’s possible to secure logins against ATO through two-factor or multifactor authentication, adoption still lags behind an optimal level. Furthermore, user friction concerns cause businesses to second-guess securing every single app or service with additional authentication factors.
At the time of writing, a delicate geopolitical situation became more unstable after China’s tough reaction to Congresswoman Nancy Pelosi visiting Taiwan. An immediate and notable aspect of China’s reaction was the use of cyberattacks. Reuters reported attacks on 7-11 convenience stores throughout the island, while several Taiwanese government websites were paralyzed for hours.
The deployment of cyberattacks during times of conflict or geopolitical tension is not a new phenomenon. Russia has a history of attacking Ukraine’s government websites and critical infrastructure long before the current war.
The prediction here is that with global geopolitical tensions boiling over in several different regions, nation-state or nation-sponsored cyberattacks will play a prominent role. Perhaps, a major cyberattack on critical infrastructure could stoke tensions to the point of initiating conflict.
The high-profile disbandment of the prolific Conti ransomware group in May 2022 followed the arrest of REvil, another prolific ransomware gang in January. In both cases, these ransomware operations arguably became too well-known for their own good – the attention and limelight undoubtedly played a central role in their demise.
It’s for this reason that ransomware gangs are far more likely to fragment into smaller operations that aren’t as relentless in their pursuit of big sums of money and big fish targets as Conti, REvil and other notorious gangs.
A case-in-point is Cuba, which is a ransomware group that went somewhat under the radar over the last couple of years. Cuba has only been seasonally detected, yet the group amassed profits totaling $43 million before the FBI finally took note of them in December 2021.
The fragmentation of ransomware operations will likely continue as threat actors from larger groups form smaller gangs that are extremely selective with their targets. The goal will likely be to make a healthy profit without attracting unwanted attention from authorities. From a business perspective, vigilance in terms of what’s happening in your environment remains critical because the threat of ransomware is not going anywhere.
One of our predictions from early 2022 was that the Great Resignation would worsen cybersecurity skills shortages. Another factor likely to play out over the coming months is inflation and associated layoffs at some cybersecurity companies. Given widespread industry commentary about cyber skills shortages, the prospect of layoffs at cybersecurity companies is an interesting dynamic to ponder.
The Washington Examiner reported in June 2022 about three prominent cybersecurity companies laying off between 10 to 20 percent of their workforces. However, these layoffs are far more likely to concentrate on sales and marketing staff rather than the experts that directly power the functionality of cybersecurity products and services.
Economic uncertainty driven by inflationary conditions plays an important role in these strategic decisions. With unchecked inflation likely to result in a recession, even industries like cybersecurity need to consider the impact of economic downturns. Spooked investors may sell shares and drive stock prices down, while businesses could consider scaling back their investments in cybersecurity solutions. The result is that these possibilities influence board-level discussions about bottom lines, and could lead to workforces being reduced.
Keep an eye on these cybersecurity predictions and how they play out over the coming four or five months. As we’ve all experienced, a lot can change in cybersecurity in a short period of time, and we’re curious to see what the last half of 2022 will look like.
And while we can’t be completely sure what the future holds, the good thing is, we can be confident that measures like rapid detection and response, frequent patching, employee training and strong passwords go a long way in safeguarding against an ever-evolving threat landscape.