Cyber ​​security: What trends are emerging in 2022?

2021 was a very eventful and moving year in terms of cyber security. What lessons can be learned from this? What threats could arise in 2022?

As every year, Stormshield dares to make some predictions.

Trend 1: Lack of skilled workers also among cybercriminals?

Signals from 2021
If 2021 could be summed up in one trend in terms of cybersecurity, it would be cybercriminal structuring. Alongside the explosion in security incidents and generated revenue, the ecosystem of cybercriminal groups is consolidating into a veritable informal economy with the stated goal of improving the profitability of attacks. In 2021, a variety of cybercriminal contributors (including developers, but also resellers of access or data) created professional infrastructures. The creation of industrialized platforms to manage cyberattack tools, attacked targets, customer service chats, and ransom payments greatly fueled the trend toward ransomware as a service (RaaS).

But 2021 was also the year of the successful takedown of the Emotet botnet and the REvil ransomware group. However, broken organizations tend to regroup quickly. Three new groups were already identified between September and November 2021: Lockean, FamousSparrow and Void Balaur. If you cut off one head, three more will grow – in a situation that still has a 65% global cybersecurity talent deficit (over two million opened Cybersecurity positions remained vacant in 2021).

The 2022 scenario
On the way to a transfer market for cybercriminals? In view of the chronic proliferation of cybercriminal groups and their structuring, the lack of experts may also be noticeable in this area. In the cyber space, where hacker talent is scarce, competition could well lead to recruitment policies that are becoming much more aggressive on the part of cybercriminals. As in the sports industry, agents could emerge in the future who put their protégés in contact with the highest-bidder groups. Agents who would not hesitate to introduce new methods, such as bonuses for signing contracts or “borrowing” staff between groups.

Trend 2: Possible explosion of zero-day vulnerabilities in open source libraries

Signals from 2021
Simultaneously with the 62 percent increase in ransomware attacks, another development took place: the supply chain attack. The prime example is the hundreds of customer networks infiltrated by the Codecov software compromise in April 2021. Even more subtle was the threat posed by the spy software from the high-profile “Project Pegasus” unveiled in July 2021, which compromised the smartphones of journalists, lawyers, activists and politicians worldwide were spied on. Finally, in late 2021, the Log4Shell zero-day vulnerability associated with the Log4j open-source library caused panic. In Canada, the government there preemptively shut down 4,000 government websites. In the same month, Microsoft reported ransomware attacks on Minecraft servers hosted by users of the popular video game. A modus operandi that highlights the vulnerability of applications that rely on pre-existing code building blocks whose robustness has rarely been evaluated before use.

The 2022 scenario
The potential of the Log4Shell vulnerability could inspire several groups of cybercriminals: the nature of free software means that large parts of the internet are maintained by a handful of volunteers. If large companies stop investing in the open source projects they use, patching cannot keep up with the rate at which critical vulnerabilities are discovered. Cyber ​​criminals would therefore have no problem attacking particularly sensitive infrastructure, networks or data. For example, if a vulnerability was found in published code parts of the TousAntiCovid application in France, the most downloaded app in 2021 could offer cybercriminals the opportunity to access a huge amount of health data and health passports. In the midst of the presidential election, the political impact of such a cyber attack should not be underestimated.

Trend 3: The metaverse as a playground for cybercriminals

Signals from 2021
Colonial Pipeline, JBS Food, Log4Shell: All these cyber attacks made headlines in 2021. The only thing they had in common, however, was the media frenzy they caused. A media magnifying glass phenomenon that can lead to a false sense of security in micro and small companies. According to an international study by Forrester Consulting, the proportion of small and medium-sized businesses with fewer than 250 employees affected by cyber attacks ultimately amounted to 33 percent of all cases. Another potential consequence of the media magnifying glass effect also needs to be highlighted: a large media hype can lead to cybercriminals (successfully) looking for poorly secured targets with high visibility. For example, in February 2021, video game maker CD Projekt fell victim to ransomware just before the release of a new game set in the cyberpunk universe. A new episode after Capcom and Electronic Arts, which have also come under attack in recent years, the major video game publishers are already popular targets for cybercriminals. But while reputation damage has been the main consequence so far, the tide could (quickly) turn.

Indeed, in late October 2021, Facebook announced with great fanfare the launch of virtual worlds as the next evolution of the internet and the logical continuation of online video games. Success came quickly: property purchases worth over 1 million US dollars have already been made within this virtual universe.

The 2022 scenario
Popularity, media focus and large sums of money – these virtual worlds could become the new playing field for cybercriminals. And of course her main motivation would still be money. From ransoming digital artifacts bought for exorbitant sums of money to stealing non-fungible tokens (NFTs), the criminal possibilities are many. The publishers of virtual worlds or online games could quickly be overwhelmed by veritable waves of cyberattacks that affect the development of their products. A metaverse police force based on their own investigative tools would then be needed, with the goal of tracking down cybercriminals in the most remote corners of the metaverse. That would be challenging as transactions within these “rooms” are set to increase massively throughout the year.