Cybersecurity threat trends to watch in 2022

Sean Campbell, Director Canadian Channels, Fortinet

It’s getting colder out there for organizations trying to protect against a rising tide of cyber-attacks. The current pandemic has left organizations dealing with rapidly expanding surfaces, fragmented perimeters, and shifts to work-from-anywhere models, meaning organizations are more vulnerable than ever, and cybercriminals are ready to take advantage.

Going into 2022, it’s more important than ever to understand the trends and strategies cyber-adversaries will use in the coming year to ensure you’re set up for success. Fortinet’s FortiGuard Labsannual cybersecurity predictions for the threat landscape can help guide this process. For channel partners in particular, this provides an opportunity to help organizations adapt to this new future, with the products and services that will guard against more frequent, sophisticated, and damaging attacks across a broader range of targets.

The volume of attacks will rise.

Last year’s increase in ransomware attacks will continue in 2022. Growth will be fueled by increasing numbers of attackers, emboldened by previously successful attacks and easy access to “malware-as-a-service” toolkits on the dark web.

Developers and affiliates have earned billions of dollars selling their malware online. Even ransomware services like access to pre-compromised organizations, support for negotiating ransom fees, and money laundering are available. Organizations should expect to see this “crime-as-a-service” portfolio grow beyond ransomware and malware, including Phishing-as-a-Service and Botnet/SMS-as-a-Service.

Organizations will need help choosing and deploying the tools needed to thwart these attacks. A robust endpoint security strategy that includes EDR and advanced antivirus protection is an excellent place to start. Equally important is a recovery strategy that includes off-network backups and devices and preparedness training to test processes, chain of command, and business continuity strategies.

Potential for damage 

With crimeware expanding, another disturbing trend is the escalating damage cyberattacks can cause. Security experts warn that cybercriminals are evolving and becoming more like traditional advanced persistent threats (APTs) groups, and it is only a matter of time before hyper-destructive approaches are also commoditized. For example, ransomware is being paired with distributed denial-of-service (DDoS) or wiper malware to motivate victims to pay faster. Not only can these hybrid attacks ruin data, but they can also damage systems and hardware.

Organizations can help limit the impact of these types of attacks by adding zero-trust controls, along with dynamic network segmentation and micro-segmentation.

New targets to exploit.  

As the market for ransomware grows, some criminals will move to expand their portfolios to include non-traditional targets such as Linux and operational technology (OT) devices. Since OT systems can touch critical infrastructures like traffic control and power grids, attacks can potentially impact people’s lives and safety. Additionally, the convergence of IT and OT networks is accelerating these types of attacks as networks become increasingly interconnected. Criminals can exploit almost any access point — even remote workers’ compromised home networks and devices.

Linux is also becoming a popular target as it runs back-end computing systems for many networks. While not a traditional target, many IoT devices and mission-critical applications rely on Linux. The growth in attacks concerns new edge environments, critical infrastructure, and supply chains alike.

To defend the expanded attack surface, organizations will need to deploy a complete security mesh architecture to manage the endpoint agents, EDR solutions, network-based IPS and anti-malware, firewalls, honeypots, and sandbox solutions required to prevent attacks. Zero-trust strategies are also effective, especially when paired with AI scanning devices to help detect threats earlier, including during the initial reconnaissance phase before the full attack is deployed.

Taking control, edge by edge 

The network edge continues to expand with growing numbers of Internet-of-Things (IoT), endpoint devices, and new applications. As they connect to the network, the risk also increases. Defending against these new edge-based threats requires organizations to upgrade end-user devices with advanced EDR technologies and enhanced access controls with zero-trust network access (ZTNA) and secure web gateways.

Addressing the expanding attack surface requires a Security Fabric platform founded on a cybersecurity mesh architecture. The best defense against attack is a system where endpoint agents, EDR solutions, network-based IPS and anti-malware, and firewalls work together. Combined with effective zero-trust strategies and channel partners that understand the complexity of today’s networks, organizations can build an effective response to the rising tide of cybercrime.

Sean Campbell is Director of Canadian Channels at Fortinet