Cybersecurity is not an exact science. That’s why we’ve chosen to talk about challenges rather than trends. The year 2021 was also marked by a pervasive cyber threat. The year 2022 is expected to be just as pervasive. Cybersecurity will remain a priority. Here are the big challenges on the cybersecurity front that seem to be emerging for the next year.
- How are cyberattacks evolving ?
- Which sectors are at risk?
- How is the cyberdefense evolving?
- 2022 under the sign of Adaptability
How are cyberattacks evolving?
Ransomware, again and again
No rest for ransomware, we won’t reveal anything by saying that we should expect to see them still threatening businesses in 2022. The big names like Ryuk/Conti will continue to be alarming. In 2021, Acer and Quanta were among the victims of ransomware in 2021. DoppelPaymer/BitPaymer malware made news by targeting government institutions and schools. Clop has had a broad scope, hitting banks, universities, law firms, oil and aviation giants. Even giants like Microsoft have not been spared. In March 2021, attackers exploited a vulnerability in Microsoft’s e-mail software. 30,000 organizations were affected. Same methods, same effectiveness in 2022. However, attacks will become more complex and personalized. The goal of tomorrow’s defenders will still be to understand the attacker’s modus operandi.
On the one hand, this increase in complexity is expressed through the exploitation of vulnerabilities, which is intensifying, but also through the search for new methods of compromise (using access vectors that are increasingly invisible).
On the other hand, it can be predicted by the professionalization of cybercriminals, who now operate in gangs (see our article https://tehtris.com/en/blog/cyber-gangs-the-mafias-of-the-future). Some rent the service of affiliates, others rent the site hosting platforms allowing payment. In short, they operate as a real company.
This will remain unchanged or even increase in 2022. It will not be surprising to see the number of cybercriminals, and consequently the number of attacks, grow. The challenge here will be to ensure that vulnerabilities can be identified as quickly as possible, to correct them, to have a much stricter security management (password management…) and as always, to maintain employee awareness.
Cyber mercenaries is an expression that you should be known, as it will make the headlines in 2022: this method of espionage is not new, the Pegasus affair being one example. This method is fearsome and difficult to detect.
The high technology sectors will have to be vigilant to keep their trade secrets. The use of tools such as Z*Stealer and DroidWatcher will wildly expand in 2022.
States will rely on groups to target countries, as it was the case for Solarwinds. This new form of strategic warfare is expected to develop further. We must start sharpening our defensive weapons now. Collaboration between the public and private sectors will be critical.
Supply chain attack
Solarwinds, Kaseya or Colonial Pipeline, do these names ring a bell? These are some of the major supply chain attacks in 2021. This new form of criminality will require the collaboration of all States to face it. The main challenge will be to be more vigilant about the security of chosen partners and to ensure that good security hygiene is in place. The contractual requirements of our suppliers and their own supply chains must be enforced and monitored.
They never really went away and will be present in 2022. “90% of all cyberattacks against organizations involve social engineering». In 2021, the “PerSwaysion” phishing campaign is the perfect example. The attacker used Microsoft’s file-sharing services (SharePoint and OneNote) to lure users to sites where credentials were stolen. These attacks remain as simple and lucrative as ever. (See our article https://tehtris.com/en/blog/phishing-why-is-it-still-so-effective). However, they will also become more personalized and highly localized, geo-targeted. We must expect much more sophisticated techniques that are difficult to detect, and in particular business email compromise attacks (BEC).
The Cloud under surveillance
With remote work becoming the new norm, the Cloud has become a main topic. After Amazon (in February 2020) and Google (September 2017), it’s Microsoft’s Cloud services that has had quite a fright. In August 2021, they were able to avoid a distributed denial of service attack, one of the most powerful ever known so far. Today, 60% of companies have adopted Cloud computing. However, the data storage is not always in Europe and is a gateway to attacks. Kubernetes targets are those containers that will be in the line of fire of attackers, the latter searching for the slightest vulnerability. Another shortcoming is the lack of encryption, authentication, and secure auditing in some Cloud spaces. Parts of the data are not isolated from others as they share the same space. As a result, IT security will have to be strengthened, as these attacks will certainly join the threat landscape. It is another challenge to be considered in your strategy.
The threat on 5G
The fourth industrial revolution is well underway and attackers know it. In 2021, through a texting campaign, they used a rogue application allowing them to steal credit card information and two-factor authentication codes. This evolution in network capacity will only increase digital usage. This increase in the surface area of attack exposure will lead to more vulnerabilities, more malpractices and more dangers. We pay more and more with our smartphone. These contactless digital transactions will be a godsend for attackers, who will take advantage of them to make money easily.
TRITON or BlackEnergy should sound familiar. These malwares target industrial networks called OT networks. The 2021 Honeywell report reveals that 35% of malware programs are designed to take advantage of USB. Does Stuxnet sound familiar too? This extremely specialized and sophisticated computer worm was used against a nuclear facility to modify the programming of Iranian centrifuge controllers. This attack was one of the most resounding at the industrial level. Tomorrow, home intrusions will be added to the list of threats. Connected objects will continue to multiply, as just seen with cellphones, and will all be affected. Indeed, 125 billion devices will be connected to the Internet, such as vehicles, robots, sensors or tablets, which will necessarily multiply the angles of attack.
These digital wallets will continue to be a favorite of attackers. As proof, they launched a malicious ad campaign, harboring a banking Trojan horse named Cinobi, to attack Japanese crypto-currency owners. The goal was to get the credentials to access digital wallets. Another example is Poly Network, which in August 2021 saw $600 million in Ethereum, BinanceChain and OxPolygon fly away. Last example, 170 fake crypto-currency mining apps on Android were discovered in July 2021.This attack resulted in 93,000 victims and a loss of $350,000. Even though organizations are increasing security checks, there are still a few holdouts. As shown, the interception of financial transfers will remain a source of revenue for tomorrow’s hackers.
The new cyber war will also be fought on the disinformation front. The deepfake campaigns in 2021 (presidential election, disinformation on the COVID), should continue in 2022. The power of information is not to be neglected because it has this capacity to manipulate crowds and behaviors, influence opinions and create chaos. With the power of Artificial Intelligence, which is constantly evolving, maintaining vigilance on fake videos, photos, imitations will be necessary. Social networks will be the vectors of deepfake attacks of all kinds!
Computer attacks are coming from all directions. Managing the attack surface will therefore be one of the main challenges for organizations in 2022. Addressing this will require to:
- provide real-time visibility
- monitor the most common entry points
- monitor these attack vectors to proactively reduce risk
- identify weak points through active threat intelligence
- integrate a dedicated threat intelligence into the protection arsenal, or better yet, directly into security tools
Which sectors are at risk?
All sectors are at risk when it comes to cyberthreats, some more than others. This is the case for the healthcare sector. This sector was highly attacked in 2021 and will also be in 2022.
Data breaches are an ongoing threat. Healthcare companies will have to invest in security, even though they have been the poor relations in cybersecurity until now. Employees and patients remain the primary target of cybercriminals.
The education sector has also seen dark times with the pandemic. The rise of online courses became a gold mine for hackers. This will still be the case in 2022. This sector is often the target of espionage and is unfortunately not secured enough.
Likewise, the financial sector will remain under attack, with phishing, malware and data breaches being the most widespread in this industry.
The distribution sector (retailers) will also be affected. Huge structures like Amazon will have to be ever more vigilant.
How is the cyberdefense evolving?
Cybersecurity companies will need to maintain and accelerate their defense systems and take both emerging threats and new ways of working into account. This is confirmed by Gartner, which has identified twelve strategic technology trends: https://www.gartner.com/en/information-technology/insights/top-technology-trends. As a cyber player, TEHTRIS integrates this evolution by offering appropriate offers, maintaining a technological watch and continuously innovating.
According to the Robert Half 2022 salary guide, the three strategic priorities for CIOs in 2022 will be:
maintaining IT security and protecting company data (44% of respondents)
reducing costs and balancing budgets (39%)
cloud-related projects and initiatives (34%)
Finally, according to the IEEE, 76% of executives believe that innovation issues have never been more important. It is therefore clear that one of the main challenges of 2022 will be to continue innovating. It will come from Artificial Intelligence and Machine Learning.
Artificial Intelligence (AI) and Machine Learning (ML)
Defenders will need to be smarter in dealing with these new or persistent threats. Perfecting tools is one of the actions to be taken. Machine Learning tools are used to detect and anticipate attacks in real time. This technology is crucial in the protection against possible attacks. CYBERIA, the artificial intelligence present in the products of TEHTRIS, offers the undeniable advantage of protection as it provides detailed information for each alert. AI greatly facilitates the prioritization of alerts and the visualization of the level of urgency. Automation aims to speed up execution and transform processes.
These techniques help to better learn about the behaviors of cybercriminals and prevent attacks, will reducing time.
Technological innovation will be driven by Artificial Intelligence. Passwords are replaced by an authentication system based on identification and behavior parameters. Artificial Intelligence takes place through biometric identification.
Meanwhile, Machine Learning has become a proactive method that has made it easier to create more robust cybersecurity protocols, saving time and money.
The race for new technology is becoming a defining point of innovative power. States will have to jump on the bandwagon. In Europe and in France, “gems” are ready to take up the challenge.
New security technologies
Companies will continue to adapt to the threat landscape, offering more solutions, more agile and flexible. At TEHTRIS, our external APIs allow the TEHTRIS XDR Platform to be integrated with partner SOC monitoring systems. The TEHTRIS XDR Platform offers the ability to create a variety of analytical reports to continuously improve the security of IT assets. Doing so, we adapt to the ecosystems of our clients.
XDR technology is already well established on the market and will continue to grow in 2022.
The solutions offered by TEHTRIS are both flexible and scalable. The holistic approach offered by TEHTRIS XDR brings a precise and complete vision of the risk landscape, allowing organizations to no longer get lost between the different cybersecurity solutions implemented. Finally, the concept of zero trust on the information system remain relevant.
TEHTRIS is recognized by Gartner as the only European representative vendor offering XDR technology. “The XDR market is made up of solution providers that offer security product sets tightly integrated by a common threat prevention, detection and incident response capability.”
The multi-layered detection and response approach, improving the security of the various endpoints (servers, Cloud, networks and e-mail agents), increases productivity while significantly reducing costs. With 11 years of R&D in the service of a 360° protection and visibility, TEHTRIS offers a catalog of modular cybersecurity solutions (EDR, EPP, MTD, UES, SIEM, ZTR, NTA…) to protect all endpoints as well as networks and Cloud.
Attackers are always one step ahead, so defenders must focus on high-value tasks.
Hyperautomation is therefore the key to success. It enables processes to be identified, controlled and automated quickly.
The human factor
Awareness: It is crucial to continue to raise awareness about all forms of cybercrime (phishing, social engineering, disinformation, etc.) and highlight the financial losses they cause, but also the impact on the reputation of the company.
Recruitment: The threat landscape is changing and so are the expected profiles. Training budgets will have to be set to ensure that teams become even more qualified to adapt to new threats and vulnerabilities. The imbalance between supply and demand will lead to salary increases, requiring a greater budget.
Another budget that will explode is the one related to cyber insurance, as ransomware attacks increase. Demonstrating good cybersecurity hygiene will be required to get what we all want from insurers: the best coverage and rates.
As shown above, cyberdefense and digital risk will continue to evolve in 2022. Another major challenge will be to allocate sufficient budget to minimize risk. Executives will have to consider the risk-benefit ratio and make the right decisions to protect their organizations.
2022 under the sign of Adaptability
2022 will be the copy of 2021, but in a more powerful way, and vigilance will continue to be required for defenders. Attackers will not weaken, on the contrary. They will sharpen their weapons and multiply them. The race against time will continue to take place. 2021 was the year of resilience, 2022 will be the year of adaptability. “Intelligence is the ability to adapt.” A. GIDE.
The cyber world remains a highly strategic place where all the blows are allowed and where the States will use all the weapons to advance their pawns on the world chessboard. Protection, detection, anticipation will be the order of the day for 2022 as well. TEHTRIS continues to help organizations in this fight for cyber peace.
For more information on our offers, contact us:
 Cybersecurity threatscape: Q2 2021-Positive Technologies-2021
 L’IEEE – Institute of Electrical and Electronics Engineers-2021
 Industrial Cybersecurity USB Threat Report 2021-Honeywell-2021
 L’IEEE – Institute of Electrical and Electronics Engineers-2021