From supply chain attacks to ‘ransomware’ gangs.
Next year will not be without digital threats and in fact they are expected from ‘ransomware’ attacks to those in the supply chain, through ‘firmware’ exploits and attacks directed at hybrid professionals, as predicted by the HP cybersecurity experts.
Supply chain ‘software’ attacks are one of the four big trends that HP experts have identified by 2022, specifically its commodification, which could lead to more high-profile victims.
As they explain, threat makers look for weak links in ‘software’ supply chains, targeting ‘software’ that is used widely and globally, or used by a specific company. This approach could create economies of scale for cybercriminals.
In this context, both SMEs and large companies can be the target, although some verticals are more likely to become targets of these attacks, such as healthcare and energy and resource companies.
Organizations must also be aware of the threat posed by open source ‘software’ vulnerabilities, as by 2022 there is expected to be an increase in open source ‘software’ packages containing malicious code.
On the other hand, ‘ransomware’ will continue to be a significant risk next year. From HP they believe that something similar to the “attacks of the social networks” will be seen, with victims of ‘ransomware’ attacked repeatedly by the cybercriminals. In some cases, the perpetrators of the attack will attack a company several times with double or even triple rounds of extortion.
The ‘ransomware’ operators will surely intensify the ways of pressuring victims to pay their demands, which will be more varied and will include, in addition to the leakage of data on websites, contact with clients and business partners of the attacked organizations.
Attackers could also target specific verticals and use cases, and target high-risk devices, such as critical medical support systems and their supporting infrastructure.
In 2022 it is also expected to see a trickle of ‘firmware’ attacks developed by the nation-state, which will show the way for gangs of cybercriminals to turn threats into weapons, who will take advantage of the fact that organizations tend to neglect the security of this element.
From HP they understand that policy makers should take note of this trend and resort to the weaponry of ‘exploits’ at the ‘hardware’ level, which forces them to intervene to develop standards that help improve the security of the ‘firmware’.
Finally, for the technology company, too many organizations think that being behind a firewall is enough to keep the ‘endpoint’ secure. But in the age of hybrid work, identity management grows in importance.
Therefore, experts warn that the shift to hybrid work will also continue to create problems for the security of organizations, as each employee remains a target for attackers and the volume of unmanaged and insecure devices creates a huge footprint. attack that must be defended.
In this context, ‘phishing’ attacks targeting both corporate and personal email accounts are likely to increase. And that cybercriminals take advantage of mass and high-level events, such as the Winter Olympics in Beijing and the FIFA World Cup in Qatar, to increase their potential for exploitation.
For the technology company, organizations must adopt a new architectural approach to security that helps mitigate risk and enables resilience. By applying the principles of Zero Trust – least privilege access, isolation, mandatory access control and strong identity management – organizations can reduce the attack surface.
