2022 Predictions: Supply Chain Cyber Attacks to Increase and Ransom Demands by Hackers to Break Records
October 2021 by Check Point Software
Check Point Software released its cyber security predictions for 2022, detailing the key challenges that organizations will face over the next year.
With 1 out 61 organizations impacted by ransomware each week, Check Point Research (CPR) issues its 2022 Cyber Security Predictions, stating that supply chain cyberattacks will become more common and proliferate next year.
• Expect ransom demanded by hackers to break records next year. In May 2021, US insurance giant paid $40 million in ransom to hackers.
• Mobile malware attacks will increase, as mobile wallets and mobile payment platforms are used more frequently
• Cryptocurrency is anticipated to become a focal point for cyber attacks
Why Supply Chain Attacks?
CPR believes that supply chain attacks will become more common and governments will begin to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sectors as well as other countries to identify and target more threat groups operating on a global and regional scale.
Supply chain attackers take advantage of a lack of monitoring within an organization’s environment. They can be used to perform any type of cyber-attack, such as data breaches and malware infections. The well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April, and most recently, Kaseya. Kaseya provides software for Managed Service Providers (MSPs) and the REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware. The group demanded a ransom of $70 million to provide decryption keys for all affected customers.
Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover. In May 2021, US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022.
Full List of Predictions
• Misinformation campaigns will return and advent of fake news 2.0. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute various phishing attacks and scams.
• Cyber-cold war to intensify. Improved infrastructure and technological capabilities will enable terrorists groups and political activists to further their agendas and carry out more sophisticated, widespread attacks. Cyber-attacks will increasingly be used as proxy conflicts to destabilize activities globally.
• Supply chain cyber-attacks continue to grow, and governments will address the challenge. Supply chain attackers take advantage of a lack of monitoring within an organization’s environment.
• Data breaches will be larger scale and costlier. We can expect ransom demanded by attackers to increase in 2022. Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover.
• Mobile malware attacks are to increase. As mobile wallets and mobile payment platforms are used more frequently, cybercriminals will evolve and adapt their techniques to exploit the growing reliance on mobile devices.
• Cryptocurrency to become a focal point for cyberattacks globally. As reports of stolen crypto wallets triggered by free airdropped NFTs become more frequent, Check Point Research (CPR) investigated OpenSea and proved it was possible to steal crypto wallets of users by leveraging critical security. In 2022, we can expect to see an increase in cryptocurrency related attacks.
• Attackers to leverage vulnerabilities in microservices to launch large scale attacks. With microservices becoming the leading method for application development, and microservices architecture being embraced by Cloud Service Providers (CSPs), attackers are using vulnerabilities found in microservices, to launch their attacks. We can also expect to see large-scale attacks targeting CSPs.
• Attackers to weaponize deepfake technologies. Threat actors will use deepfake social engineering attacks to gain permissions and access sensitive data.
• Penetration tools continue to grow. Hackers will increasingly use penetration tools to customize attacks in real time and to live and work within victim networks.
Maya Horowitz, VP Research at Check Point Software at Check Point Software: “In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations’ supply chains and networks to achieve maximum disruption. The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks. Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones. To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”