Every year, businesses face a changing threat landscape. It pays for leaders to know what the experts think will come next. If you’re upgrading your cybersecurity or looking for a new vendor, knowing what attacks are likely in 2022 will help you make the right choice.
It turns out our predictions for 2021 were on the money. So what should you and your colleagues plan for this year? We’re forecasting these four events that could have flow-on effects for other industries.
1. Financial organizations will face more threats around cryptocurrency
Cryptocurrency keeps growing, and people will keep investing in it for many reasons, including its anonymity, which also makes it attractive to cybercrime groups.
State-sponsored groups have already started targeting the financial industry, and we think that will keep happening.
In the scramble for cryptocurrency investment opportunities, cybercriminals will use social engineering campaigns, fabricating and selling rogue devices with backdoors to steal financial assets.
Cyberattacks happen in space more than you might think.
2. Fake medical documentation will trouble healthcare
We saw the trade in faked medical documents like COVID-19 vaccination passports and test results in 2021. Fake vaccines were even spotted for sale on the dark web. As more countries roll out privileges alongside vaccination or test documentation, criminals will roll out more fakes.
Medical-themed bait has long featured in cybercrime. With the pandemic triggering increased use of online medical services, patients watch for notifications about test results and messages from doctors.
Spoofed medical notifications will catch anxious patients off guard, putting their private health data at risk.
3. Governments will conflict and compromise with big tech
Governments are wary of big tech’s growing power and data hoarding. As states build more digital infrastructure for delivering services and deeper insights into their population, they’ll show more interest in what citizen data big business holds.
We’ll see more regulation, such as privacy and data localization laws, and regulation around how law enforcement can access data. Apple’s new system that scans devices for child abuse images shows the challenges of balancing user privacy against stopping crime.
4. Industrial attacks will become more focused
In many parts of the world, a rapidly snowballing trend is laser-focused attacks, particularly on Industrial Computer Systems (ICS.) We’ve seen increasing theft of authentication data using spyware, with each attack directed at only a handful of targets. We think these kinds of attacks will make up an even greater portion of the threat landscape in 2022, and we’ll see the tactic used more widely.
These attacks show why industrial shop floors must be protected. Industrial internet of things (IIoT) devices are easily overlooked and often vulnerable.
5. Ransomware attacks will get more targeted
2021 was a big year in ransomware, with a 30 percent growth in Ransomware 2.0, also known as double extortion. These attacks go beyond demanding a ransom to de-encrypt systems to using stolen sensitive data as leverage to pressure victims to pay up.
In November 2021, the US FBI warned ransomware actors are “using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.” At these times, any leaked information could have devastating consequences, making victims more inclined to pay ransoms. In 2022, this type of extortion will become more common.
Regular, high-quality cybersecurity training for all staff is one of the best ways of avoiding falling victim to ransomware. Kaspersky is one of several organizations behind the No More Ransom initiative, providing free decryption tools and advice for ransomware victims.
As your strategic plans for 2022 take shape, improving cybersecurity will no doubt be among them. Your business must adapt as cybercriminals’ ways and means change. These predictions will help you and your team be forewarned and forearmed.