Threat actors continue to evolve, putting tremendous pressure on security teams to identify attackers, TTPs, all the while managing their resources to ensure they aren’t victimized by the latest cyber schemes. Now more than ever, it’s essential for organizations to better prepare for what’s to come to ensure they aren’t in the news headline.
Mandiant Security Predictions Report 2022 is launched to give all a glimpse of what organizations can expect in the new year:-
- No End in Sight: Increased Frequency and Expanding Tactics
Threat actors engaged in multifaceted extortion will continue to find more ways to extort payments from their victims. Multifaceted extortion begins with locking victims out of their own files through encryption (classic ransomware), then adding threats such as making sensitive data public.
2. No Honor Among Thieves: More Disputes Between Threat Actors
Ransomware-as-a-service operations regularly involve multiple actors, each one performing a specific element of the attack for a fee or a cut of the proceeds. Mandiant anticipates that there will be increased conflict amongst these actors throughout 2022, and that this conflict may ultimately lead to bad outcomes for victims. In the next 12 months we expect to see many situations where victims will pay a million dollars or more to keep their stolen data from being published.
3. Cyber Physical Systems Increasingly Under Threat from “n00bs”
Threat actors will continue to explore the Operational Technology (OT) space in 2022 and increasingly use ransomware in their attacks. This targeting will occur because of the need to keep OT environments fully operational, especially when the systems are part of critical infrastructure.
4. More Public Breaches in the Asia-Pacific and Japan (APJ) Region
Defying historical trends, breaches being made public in the APJ region are likely to occur more frequently in 2022, as multifaceted extortion becomes more prevalent. APJ organizations must be ready to deal with these types of extortion operators, but unfortunately many in the region lack experience with these types of threats, or
don’t take them seriously. Therefore, we expect to see a lot more breaches of APJ organizations being made public by attackers.
5. Deepfakes: Not Just for Information Operations
As deepfake technology becomes more widely available in 2022 and beyond, Mandiant expects criminal and espionage actors to increasingly integrate manipulated media into their operations to make social engineering more convincing.
6. Cyber Outsourcing Increases Velocity and Impact of Malicious Operations
Outsourcing in malicious operations via mechanisms such as ransomware affiliate programs, exploit vendors, commercial contractors, malware vendors and freelancers contributes to both the increasing frequency and complexity of cyber threat activity. Mandiant sees no signs that this will slow down in 2022.
7. Cloud and Third Parties Introduce New Chokepoints
Organizations will continue to increasingly rely on cloud and cloud-hosted third-party providers for primary business tasks, putting more pressure on those third parties to maintain both availability and security. Mandiant suspects that organizations using cloud and cloud-hosted providers may become more vulnerable to compromises, as well as errors, vulnerabilities, misconfigurations or outages affecting cloud resources in 2022.
8. More IoT Devices, More Vulnerabilities, More Attack Surface
In the coming years, we expect to see a continued growth of Internet of Things (IoT)
devices, many of which will be inexpensive and created without real consideration given to security. The number of vulnerabilities IoT devices will introduce — in software and hardware — will make it hard for bug hunters to keep up. Because all these devices are connected, we’ll see the general attack surface expand with the potential for serious impact.
