10 Predictions About Cybersecurity Threats in 2022

The number of ransomware attacks continues to grow, and that trend will likely continue in 2022. Organizations will be attacked, files will be encrypted, and victims will need to decide whether to pay ransom or try to implement expensive and painful recovery techniques on their own. 

That much, unfortunately, should come as no surprise, but what will be different is how those attacks are carried out. Egnyte anticipates a broader approach to cyber-extortion in 2022, as criminals experiment with a wide array of attacks that can be combined with basic encryption threats. Attackers will look to expand their impact and increase revenue, so businesses need to be prepared for what's on the horizon.

Here is our list of predictions about how cybersecurity threats will change in 2022.

1. New File Disruption Techniques Will Emerge

Attackers have long used standard encryption algorithms and applied them against files with well-known user extensions (.doc, .xls, .pdf, etc.). To remain undetected for longer time periods, newer attacks encrypt only alternate bytes or sections in a file, or they start by encrypting the older, less used files first. They also re-encrypt after another week goes by to try to make sure the backups are encrypted as well. 

In 2022, this trend will continue as attackers begin to target macros within files, file names, and folder locations in order to disrupt business workflows and the files themselves. This attack model is much more difficult to untangle than when organizations simply try to restore their files from backups. 

2. Supply Chains and Insider Threats Will be a Bigger Focus 

The attack surface will continue to expand into supply chain-focused and insider attacks. We’re already in the midst of a supply-chain crisis that has shown the impacts of disruption, so expect attackers to seize the opportunity to exploit an already beleaguered system.

Insider threats will also be on the rise, as attackers are increasingly trying to persuade (or pay) disgruntled employees to assist in their efforts.  

3. Attackers Will Find New Ways to Hide Logic Bombs

Attackers will use new techniques to implement logic bombs and threaten to delete files if their demands are not met. Code hidden in a machine will be set to “detonate” and delete all files on a certain date and time unless ransom demands are met. As more third-party contractors assist in developing and maintaining internal systems, the opportunity to implant these logic bombs will increase.

4. Expect More Doxing

In addition to encrypting files, cyber attackers threaten to expose sensitive information on the dark web unless a ransom is paid, and that trend will continue in 2022. We have already seen an increase in doxing over the last few months of 2021 because it is an additional way for attackers to extract money from victims. Companies who restore backups to avoid paying a ransom may still pay to keep their information private.

5. ‘Access for Sale’ Attacks Will Pose Extended Risks

Ransomware gangs on the dark web have begun to offer “access for sale” to infiltrated victims’ networks after an attack. This indicates that cyber attackers can maintain persistence in the victims’ networks to launch subsequent attacks, extending their window for extorting victims. This will also introduce new revenue streams for attackers, who can sell access to an organization to other attackers.

6. Copycats Will Turn to Reputational Attacks

In 2021, attackers noticed that major data breaches or ransomware attacks could influence a company’s stock and brand reputation. Furthermore, public announcements could disrupt customers, partners, and business markets. 

In addition to seeking to collect ransoms in 2022, attackers will look to make profits trading on the information or threatening to announce attacks publicly.  Ransomware attacks may even be timed to coincide with quarterly earnings announcements or other events.  

7. DDoS Attacks Aren’t Going Away

While distributed denial of service (DDoS) attacks have declined in 2021, don't expect them to go away in 2022. In fact, many of the attacks will migrate from simple web site disruptions to more sophisticated business process disruptions.

In addition, the first wave of legacy IoT devices are now almost 10 years old. Many have been forgotten or abandoned unpatched devices, thus expanding the attack surface of many organizations.

8. Data Integrity Compromise Attacks Will Increase

Cybersecurity professionals are familiar with the CIA triad in describing data risk: confidentiality, integrity, and availability. Traditional ransomware jeopardized availability by removing access to data. Other attacks impact confidentiality by publishing organizations’ sensitive data. Egnyte expects the third component, integrity, to be exploited by attackers in 2022. 

In this case, attackers use scripts to insert false files and/or transactions into victims’ systems. A determined cyber attacker may even try to change terms in contracts or shipping schedules. These disruptions could be devastating to an organization, because only the attacker knows which data is real and which has been changed.  

9. Attackers Will Embrace AI and Machine Learning

Organized cybercriminals will use cloud-based AI and machine learning services to mount effective attacks more quickly and stealthily. For example, brute-force password spraying attacks will become more “intelligent,” improving their success rate. 

10. Anticipate More Kubernetes and Novel Hypervisor Attacks

As more companies move their computing resources to the cloud, new waves of cyberattacks will be mounted directly against cloud-hosted resources. For example, containers, a popular choice for deploying cloud-based software, often include vulnerabilities or misconfigurations. Expect attackers to target Kubernetes, a container orchestration software, and use other novel hypervisor attacks that prey on IT teams’ assumption that the cloud is a free pass for improved security.

Take the Necessary Steps To Protect Your Assets

No matter what happens, the cybersecurity world is expected to become more complex in 2022. Old attack vectors will fade as new ones emerge, so it’s important that your business remains vigilant.  

Implement highly granular user access permissions. This can help limit the blast radius to only the files where the user possesses ownership rights. You can also use services, including Egnyte, that detect and alert admins to abnormal behavior—such as user accessing or deleting an unusual number of files—and temporarily block user access until the problem is resolved.

You can also look for capabilities, like Egnyte’s forthcoming Content Safeguard, that limit an outsider’s ability to download and expose sensitive information externally. And make sure you’re using multi-factor authentication and backing up files to minimize potential threats.

You can find more information about Egnyte’s security capabilities here. And check out the second part of our 2022 predictions, which addresses potential regulatory changes in the year ahead.