9 key security threats organizations will face in 2022
Supply chain attacks, disinformation campaigns, mobile malware and larger-scale data breaches are just a few of the threats to watch for next year, according to Check Point Software.
For 2021, cybercriminals have taken advantage of the coronavirus pandemic, the ongoing shift to hybrid work, and the vulnerability of organizations to ransomware. For 2022, we can expect more of the same as well as a host of escalating threats to keep us on our toes. A report released Tuesday by cyber threat intelligence provider Check Point examines some of the security challenges organizations are likely to face next year.
SEE: Incident response policy (TechRepublic Premium)
Supply chain attacks will continue to grow. Cyber attacks no longer only impact the targeted organization, but often have a ripple effect that harms partners, suppliers, customers and others throughout the supply chain. For 2022, Check Point expects this trend to intensify with more data breaches and malware infections. However, as supply chain attacks become more common, governments will begin to develop regulations to better protect vulnerable networks. Expect greater collaboration between government officials and the private sector to identify and combat more cybercriminal groups that operate regionally and globally.
The cyber “cold war” will intensify. The cyber cold war between different nations has intensified, and it will intensify next year. More and more nation states and groups operating on their behalf will continue to try to destabilize rival countries and governments. Terrorist groups and activities will benefit from better infrastructure and technological capabilities to launch more sophisticated attacks.
Data breaches will escalate. As data breaches escalate, organizations and governments will be forced to spend more money to recover them, according to Check Point. Following the record $ 40 million ransom payment paid by insurance giant CNA Financial this year, ransom demands are expected to continue rising next year.
Disinformation campaigns will flourish. In 2021, disinformation and “fake news” surrounding the coronavirus pandemic and vaccine effectiveness has spread through social media and other venues. As a result, Dark Web cybercriminals made a nice profit by selling fake vaccine certificates to people who refused to be vaccinated. In 2022, fake news will continue to play a role in phishing campaigns and scams. Additionally, expect to see propaganda and disinformation ahead of the midterm elections in the United States in an attempt to influence voters.
SEE: 27 Ways to Reduce Insider Security Threats (Free PDF) (TechRepublic)
Deepfake technology will be militarized. The tools needed to create fake but compelling videos and audios have become more advanced. Cybercriminals will increasingly use them to steal money, manipulate stock prices and influence people’s opinions through social media, according to Check Point. As an example of 2020, attackers used technology to masquerade as the voice of a manager at a Hong Kong bank to trick a bank manager into transferring $ 35 million to his account.
Cryptocurrency to play bigger role in attacks. As money becomes more and more digital, criminals will find more and more innovative ways to steal it. Following reports of stolen crypto wallets triggered by free aerial NFTs, Check Point discovered that attackers could steal such wallets by exploiting security holes. Expect more cryptocurrency-related attacks in 2022.
Criminals will exploit vulnerabilities in microservices. Microservices have become a more popular application development method supported by more cloud service providers (CSPs). But as with any popular trend, cybercriminals take advantage of vulnerabilities found in microservices to launch attacks. For 2022, expect more of these attacks targeting CSPs.
Mobile malware attacks will increase. As organizations turned to remote and hybrid working in 2020 and 2021, criminals have increasingly turned to mobile malware as an attack vector. In 2021, nearly half of all organizations Check Point examined had at least one employee who had downloaded a malicious mobile app. With the increasing use of mobile wallets and mobile payment services, attackers will continue to exploit the dependence on mobile devices.
Penetration tools will continue to be used in attacks. Although created to help organizations test their security defenses, penetration tools have been exploited by cybercriminals to help them launch more effective attacks. By customizing these tools, hackers were able to target victims with ransomware. As this tactic continues to spread, we’ll see them used to carry out more data exfiltration and extortion attacks in 2022.
“In 2021, cybercriminals have adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid work, to target organizations’ supply chains and networks for maximum disruption,” Maya Horowitz, vice president of research at Check Point Software, said in a blog post.
“Going forward, organizations must remain aware of the risks and ensure they have the appropriate solutions to prevent, without disrupting the normal business flow, the majority of attacks, including the most advanced,” Horowitz added. “To stay ahead of threats, organizations need to be proactive and leave no part of their attack surface unprotected or monitored, or they risk becoming the next victim of sophisticated targeted attacks.