Full predictions
James Alliband, Senior Security Strategist, VMware
- Copycat cyberattacks on critical industries will disrupt human lives. “We are seeing cybercriminals adopt a style of attacks that seek to cause disruption to human lives. The attack on Colonial Pipeline that triggered a fuel shortage along the U.S. East Coast, ranging to the attack on Ireland’s healthcare system that effectively shut down the entire country’s hospitals, are only the beginning. There will be copycats as we see bad actors target critical industries such as energy, healthcare and finance with the intent to cause panic while cashing in on a ransom payment. The results of a successful attack can be expensive and dangerous, ranging from cancelled hospital surgeries and rerouted ambulances to people waiting hours at a gas station for fuel. This will be an area that is of real interest to nation-states looking to cause disruption abroad.”
- “Threat actors will leverage stolen credentials to pull off a double-extortion ransomware attack against a Fortune 500 company. As organizations put network segmentation in place to stop the spread of ransomware, attackers have evolved to leverage trusted credentials to move throughout the network unabated. With a valid set of credentials, attackers can accomplish much of their nefarious activity without raising a single alarm.
Eric O’Neill, National Security Strategist, VMware:
- If 2021 was the year of the Zero Day, 2022 will be the year of Zero Trust: “In 2021, defenders caught the highest number of Zero Days ever recorded. We saw a massive proliferation of hacking tools, vulnerabilities, and attack capabilities on the Dark Web. As a response, 2022 will be the year of Zero Trust where organizations ‘verify everything’ vs. trusting it’s safe. Governments and organizations will adopt a Zero Trust mindset with the assumption that they will eventually be breached. A Zero Trust approach will be a key element to fending off attacks in 2022.”
Tom Kellermann, Head of Cybersecurity Strategy, VMware:
- Supply chain attacks have just gotten started: “In July 2021, as the world was still reckoning with the devastating SolarWinds breach, the REvil ransomware gang exploited a Zero Day in Kaseya VSA to launch a supply-chain attack on its customers. Neither of these attacks occurred in a vacuum, meaning security teams must pay closer attention to the threat of island hopping. In 2022, we can expect that cybercrime cartels will continue to seek ways to hijack the digital transformation of organizations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world. Defenders and organizations will need to monitor networks and services vigilantly for suspicious activities and potential intrusions. Implementing practices associated with Zero Trust philosophy like microsegmentation, threat hunting, and advanced telemetry capabilities can help ensure organizations are not the gateway to or victim of a severely damaging attack”
Rick McElroy, Principal Cybersecurity Strategist, VMware
- Insider threats pose a new challenge for organizations as the job market continues to shift. “As the Great Resignation took shape, we saw growing challenges associated with insider threats. The sheer number of employees leaving their jobs and potentially still having access to the network or proprietary data has created a headache for IT and security teams tasked with protecting the organization. Insider threats have become a new, distinct challenge for organizations as they try to balance employee turnover, employee onboarding and the use of non-sanctioned apps and platforms. In 2022, I expect we’ll see the number of insider threat incidents increase. Attackers will also start targeting employees to carry out their attacks or plant ransomware. As a result, we’ll see new protocols and guidelines established as organizations work to keep networks and sensitive data protected.”
Giovanni Vigna, Senior Director of Threat Intelligence, VMware
- Linux-based operating systems will become a key target for cybercriminals. “Linux powers the majority of cloud workloads and 78% of the websites on the Internet. Because of this, the Linux-based operating system has become the key driver behind nearly all digital transformation projects undertaken by organizations. This makes the security of Linux environments critical, as bad actors have increasingly started to target Linux-based hosts with various threats – from RATs and web shells to cryptominers to ransomware. Many organizations focus their attention on Windows-based malware and might find themselves blind to this emerging threat until it’s too late.”
Chad Skipper, Global Security Technologist, VMware
- Adversaries will move laterally and exfiltrate data from unsecure multi-cloud environments. “With multi-cloud environments on the rise, the attack surface will continue to expand. This will invite greater proliferation of common ports and protocols that will be used by the adversary to move laterally and exfiltrate data once inside an organization’s network. In 2022, we will see the adversary focus their efforts on living and hiding within the common noise of an organization’s networks. Having visibility into this noise to identify the adversary will become more essential than ever before when defending today’s multi-cloud environments.”
-JoziGist