“The only constant in our industry is the uncertainty in the cyber realm. Attackers keep evolving – getting more sophisticated and changing their tactics, techniques and procedures to try get one up on the defenders”, said Gordon Love, VP MEA at Mandiant. “This report provides security leaders with an overview of what to expect in 2022 and beyond, based on the trends we see now. Organisations have a lot to keep in mind for next year, but remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.”
The top cyber security threats identified in the report include –
No end in sight for Ransomware
The ransomware threat has grown significantly throughout the past decade, and it will continue its upward trend. The business of ransomware is simply too lucrative unless international governments and technology innovations can fundamentally alter the attacker cost-benefit calculation.
Threat actors engaged in multifaceted extortion will continue to find more ways to extort payments from their victims. In 2022 Mandiant expects to see actors ramp up new tactics, such as trying to recruit insiders within their victims or targets. More cybercriminals are expected to evolve as threat actors become more business savvy and learn what kind of situations their victims most want to avoid.
Focus on Operation Technology (OT)
Throughout 2021, Mandiant observed low sophistication threat actors learn that they could create big impacts in the OT space—perhaps even bigger than intended. Actors will continue to explore the OT space in 2022 and increasingly use ransomware in their attacks.
Attacks against critical OT environments can cause severe disruption and even threaten human lives, thereby increasing the pressure for organizations to pay a ransom. To compound the issue, many of these OT devices are not built with security at the forefront of the design, and there is a massive uptick in the number of vulnerabilities being identified in OT environments.
Iran to continue their aggressive stance
Iran will use its cyber tools in a much more aggressive manner to promote regional interests. Iran will also continue to target Israel and others in the Middle East. They’ve shown their capability and willingness to use destructive malware, so they are expected to take advantage of any presented opportunities. Ultimately, Iran will try to create more of a power balance shifted to its own interests. Mandiant has seen them targeting abroad, but their targeting will most likely be regional throughout 2022.
Afghanistan events may trigger espionage
With the assertion of Taliban control and departure of U.S. forces from Afghanistan, one can expect further cyber espionage and information operations. The usual information operations actors—Iran, China, Russia—are expected to push narratives to support their interests through the end of 2021 and into 2022. They’ll also play up negative perceptions around the events, notably the perception that the U.S. failed to live up to its commitments to organizations and countries.
Cloud and third parties introduce new chokepoints
Organizations will continue to increasingly rely on the cloud and cloud-hosted third-party providers for primary business tasks, putting more pressure on those third parties to maintain both availability and security. The proportion of Mandiant incident response investigations involving cloud resources has grown over the past several years, and they anticipate that cloud compromise and abuse will continue to grow in tandem with enterprise cloud adoption throughout 2022.
More internet of things (IoT) devices, more vulnerabilities, more attack surface
As the number of IoT devices grow, so will the number of vulnerabilities for bug hunters to track. These devices are connected, and the general attack surface expands with the potential for profound impact. Unfortunately, there hasn’t been enough emphasis on security in fundamental IoT device design to fix these issues, so the situation will only get worse in the years to come.
As we move into 2022, CISOs have a lot on their mind and remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.