Ransomware attacks will become more targeted in 2022, according to researchers at Trend Micro, focusing on servers and cloud providers.
The cybersecurity company’s annual predictions report says ransomware operators will use increasingly complex extortion methods, such as exfiltrating data in order to weaponize it. “Their attacks will pose a challenge for security teams, as many enterprises have yet to invest in securing their servers as much as they have invested in securing their endpoints,” says the report.
The infiltration techniques used by ransomware operators will likely stay the same, the report adds, but they will be used to go after more complex targets, ones that will possibly be bigger than the major targets of previous years.
Researchers also believe ransomware operators will also use more modern and sophisticated methods of extortion that will resemble nation-state advanced persistent threat (APT) attacks. “Once attackers are able to infiltrate their victims’ environments, they can opt to just exfiltrate sensitive data and go straight to extorting their victims, skipping the encryption or access blocking step altogether, the report says. “In terms of the primary means of successful extortion, the focus will veer away from denial of access to critical data in favor of leaking and mining stolen data for weaponization.”
Generally, research, foresight, and automation are critical for organizations to manage risk and secure their workforce from any cyber threat, the report says.
“Malicious actors are poised to move in on the opportunities arising from a business landscape still in flux” with new hybrid work models, the report says. “New pain points are bound to arise as the push for digital transformations continues to redefine organizations’ attack surfaces. However, companies will be prepared to curb these threats by hardening their defenses with a multitude of tools and best practices.”
Other predictions include:
- information in IoT devices will become a hot commodity, spurring enterprises to mind security gaps that might lead to data leakage or tampering;
- enterprises and SMBs will need to beware: While all eyes are on ransomware, traditional commodity attacks and attacks-as-a-service will have time to innovate more sophisticated tools;
- more in-the-wild zero-day exploits will be discovered in 2022 than last year’s record number of 66. Bug bounty programs have made great strides toward the early detection of vulnerabilities, but the window for weaponizing vulnerabilities will be whittled down to a matter of days, if not mere hours. The patch gap — the time between the discovery of a vulnerability and when a patch is rolled out to address it — will remain a gold mine for opportunistic actors;
- the coming year will likely see the debut of a botnet-as-a-service designed to compromise and control both cloud-based and IoT platforms simultaneously;
- as enterprises focus on making their supply chains more robust via diversification and regionalization, cybercriminals will use a four-fold extortion model: holding the victim’s critical data for ransom, threatening to leak the data and publicize the breach, threatening to go after the victim’s customers, and attacking the victim’s supply chain or vendors.
The report urges CISOs and CIOs to go back to security basics and prioritize network visibility. Strategies include:
- stringent server hardening and application control policies to tackle ransomware;
- risk-based patching and a high-alert focus on spotting security gaps;
- enhanced baseline protection among cloud-centric SMBs;
- following zero trust principles to secure international supply chains;
- improving cloud security, focused on DevOps risk and industry best practices
- adding extended detection and response (XDR) to identify attacks across entire networks.