Mike Sentonas is CrowdStrike’s Chief Technology Officer. Previously, he served as Vice President, Technology Strategy at CrowdStrike. With over 20 years’ experience in cybersecurity, Mike is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor’s degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.
For many sectors operating in the technology space, the continuing impact of the pandemic brought more challenges, opportunities as well as innovations in 2021. Businesses continued to pivot their strategies offering fully remote or hybrid work environments, increasing reliance on technology, and investing in digital transformation. As we enter the new year, the following cybersecurity predictions focus on the issues that we are likely to see in 2022.
Ransomware double extortion gives rise to “extortion economy”: This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold. However, in 2022, we expect to see the extortion/exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion.
We’re seeing an entire underground economy being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and find other ways to gain access to the data to sell for a profit anyway.
In today’s world, if you get hit by ransomware, you can expect to get hit by double extortion. And, ransomware actors will continue to innovate and evolve to find new ways to monetize their victims.
Contain your containers: In recent years, we’ve seen an explosion in containers and container-based solutions. Naturally, with the exponential rise in containers, we’ve seen a similar uptick in container-targeted threats. However, security for this innovative technology hasn’t quite caught on yet, as we continue to see them being deployed without proper security measures.
With that, the rapid speed of deployment that containers offer will become a double-edged sword. The lack of vulnerability checks and misconfiguration checks, along with disparate teams involved in container deployments all contribute to a lack of security across the board. Attack surfaces are ever changing, and the threats to container deployments are increasing exponentially. Therefore, we will see containers become a potential attack vector for organizations who don’t recognize security as a key component of container deployment.
Adversaries set sights on supply chains: As recent high-profile attacks have shown this past year, supply chains are very much on adversaries’ radar as a low-hanging attack vector. According to the 2021 CrowdStrike Global Security Attitudes Survey, more than 3 out of every 4 respondents (77%) have suffered a supply chain attack to date, and 84% of respondents are fearful of supply chain becoming one of the biggest cybersecurity threats in the next three years.
While supply chain attacks are not necessarily new themselves, the recent rise in these types of attacks has essentially brought the genie out of the bottle. Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. In 2022, we likely haven’t nearly yet seen the end of these attacks, and the implications for each one are significant for not only the victims but the victims’ customers and partners up and down the chain.
China ramps up cyber activity against APJ region: Geopolitical tensions continue to sour to an all-time worst between China and other APJ countries, and these tensions have spilled heavily over to the cyber world. China-based threat actors have remained consistently active, targeting healthcare, defense and other industries in APJ countries to support their 14th Five-Year Plan, Belt and Road Initiative (BRI), Made in China 2025, and other economic strategies.
The 2022 Beijing Winter Olympics could very well be a powder keg of nation-state cyber activity. We’ll likely even see hacktivists come out of the woodworks to engage in disruption and misinformation campaigns. Nation-state leaders will need to catalyze their cooperation with private sector security in order to stay one step ahead of potential Olympics-derived threats and prevent any major breaches to kick off 2022.
Zero-day vulnerabilities cause “patch panic”: The year 2021 has been an especially challenging year for customer trust in legacy vendors. This past year, we’ve seen vulnerability after vulnerability exposed, resulting in devastating attacks with no signs of stopping in 2022. For example, 63% of 2021 CrowdStrike Global Security Attitude Survey respondents admitted their organization is losing trust in Microsoft due to increasing attacks on trusted supply chain vendors.
Zero-day vulnerabilities in particular will continue to drive legacy vendor security teams into “patch panic” mode as they frantically try to react and respond to these threats. This will inevitably drive a larger wedge between legacy vendors and their customers, as the latter will look elsewhere for solutions that can keep them on the front foot in proactively defending against the latest threats.