The past year has thrust cybersecurity into the spotlight and created a renewed focus on evolving security strategies for both the private and public sector. This month, we witnessed the critical Log4j vulnerability, which further revealed the fragility of the world’s digital infrastructure. 2021 also saw cyberattacks like Colonial Pipeline, JBS, and Kaseya make mainstream headlines and impact everyday consumers.
With cybercrime predicted to cost the world $10.5 trillion annually by 2025, up from $6 trillion in 2021, defenders are in a race to stay one step ahead of attackers. We interviewed VMware security experts to get their take on predictions heading into the new year as the threat landscape continues to evolve. Here are the attack trends and emerging threats that should be top of mind for all organizations as we approach 2022.
The Log4j Zero Day will motivate organizations to rapidly adopt a Zero Trust approach.
“In 2021, defenders caught the highest number of Zero Days ever recorded. We saw a massive proliferation of hacking tools, vulnerabilities, and attack capabilities on the Dark Web,” said Eric O’Neill, national security strategist at VMware. “As a response, 2022 will be the year of Zero Trust where organizations ‘verify everything’ vs. trusting it’s safe. We’ve seen the Biden administration mandate a Zero Trust approach for federal agencies, and this will influence other industries to adopt a similar mindset with the assumption that they will eventually be breached. A Zero Trust approach will be a key element to fending off attacks in 2022.”
Supply chain attacks have just gotten started.
“In July 2021, as the world was still reckoning with the devastating SolarWinds breach, the REvil ransomware gang exploited a Zero Day in Kaseya VSA to launch a supply-chain attack on its customers,” said Tom Kellermann, head of cybersecurity strategy at VMware. “Neither of these attacks occurred in a vacuum, meaning security teams must pay closer attention to the threat of island hopping. In 2022, we can expect that cybercrime cartels will continue to seek ways to hijack the digital transformation of organizations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world. Defenders and organizations will need to monitor networks and services vigilantly for suspicious activities and potential intrusions. Implementing practices associated with Zero Trust philosophy like microsegmentation, threat hunting, and advanced telemetry capabilities can help ensure organizations are not the gateway to or victim of a severely damaging attack.”
Insider threats pose a new challenge for organizations as the job market continues to shift.
“As the Great Resignation took shape, we saw growing challenges associated with insider threats,” said Rick McElroy, principal cybersecurity strategist at VMware. “The sheer number of employees leaving their jobs and potentially still having access to the network or proprietary data has created a headache for IT and security teams tasked with protecting the organization. Insider threats have become a new, distinct challenge for organizations as they try to balance employee turnover, employee onboarding and the use of non-sanctioned apps and platforms. In 2022, I expect we’ll see the number of insider threat incidents increase. Attackers will also start targeting employees to carry out their attacks or plant ransomware. As a result, we’ll see new protocols and guidelines established as organizations work to keep networks and sensitive data protected.”
In 2022, accelerated delivery of the benefits of 5G infrastructure will highlight IoT security needs.
“The pandemic made it abundantly clear how important 5G infrastructure is for rural areas in the U.S.,” said Karen Worstell, senior cybersecurity strategist at VMware. “The rollout of 5G will enable better access to healthcare, educational innovations, and public services. The Biden administration’s infrastructure bill, which includes provisions for broadband delivery and access, provides the industry with another nudge in the right direction to roll it out. As 5G service delivery expands, there will be a growing demand for IoT security and engineering to ensure that network complexity does not become yet another security liability. We must also focus on securing the far edge much like we handle the data center edge today — this will put new demands on incident detection and response. Future-ready capabilities like EDR (endpoint detection and response) will need to evolve in order to keep an expanding service level and constituency safe.”
Linux-based operating systems will become a key target for cybercriminals.
“Linux powers the majority of cloud workloads and 78% of the websites on the Internet,” said Giovanni Vigna, senior director of threat intelligence at VMware. “Because of this, the Linux-based operating system has become the key driver behind nearly all digital transformation projects undertaken by organizations. This makes the security of Linux environments critical, as bad actors have increasingly started to target Linux-based hosts with various threats – from RATs and web shells to cryptominers to ransomware. Many organizations focus their attention on Windows-based malware and might find themselves blind to this emerging threat until it’s too late.”
Adversaries will move laterally and exfiltrate data from unsecure multi-cloud environments.
“With multi-cloud environments on the rise, the attack surface will continue to expand,” said Chad Skipper, global security technologist at VMware. “This will invite greater proliferation of common ports and protocols that will be used by the adversary to move laterally and exfiltrate data once inside an organization’s network. In 2022, we will see the adversary focus their efforts on living and hiding within the common noise of an organization’s networks. Having visibility into this noise to identify the adversary will become more essential than ever before when defending today’s multi-cloud environments.”
Copycat cyberattacks on critical industries will disrupt human lives.
“We are seeing cybercriminals adopt a style of attacks that seek to cause disruption to human lives,” said James Alliband, senior security strategist at VMware. “The attack on Colonial Pipeline that triggered a fuel shortage along the U.S. East Coast, ranging to the attack on Ireland’s healthcare system that effectively shut down the entire country’s hospitals, are only the beginning. There will be copycats as we see bad actors target critical industries such as energy, healthcare and finance with the intent to cause panic while cashing in on a ransom payment. The results of a successful attack can be expensive and dangerous, ranging from cancelled hospital surgeries and rerouted ambulances to people waiting hours at a gas station for fuel. This will be an area that is of real interest to nation-states looking to cause disruption abroad.”
For the year’s biggest cybersecurity stories, check out these additional blogs:
- Investigating CVE-2021-44228 Log4Shell Vulnerability
- Biden Administration Directs Federal Agencies to Patch Known Vulnerabilities
- REvil’s Modern Island Hop: Crime at Scale
- Disrupting Ransomware and Dismantling the Cybercrime Ecosystem
- Critical Infrastructure Remains at Risk Following Ransomware Attack
- Data Center Threats: Turning Remote Access into Money
For the latest threat research, join the VMware Carbon Black User Exchange where more than 30,000 security professionals share best practices and threat intelligence to improve security postures.