PHOTO
Dubai, UAE : “The only constant in our industry is the uncertainty in the cyber realm. Attackers keep evolving – getting more sophisticated and changing their tactics, techniques and procedures to try get one up on the defenders”, said Gordon Love, VP MEA at Mandiant. “This report provides security leaders with an overview of what to expect in 2022 and beyond, based on the trends we see now. Organisations have a lot to keep in mind for next year, but remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.”
The top cyber security threats identified in the report include –
No end in sight for Ransomware
The ransomware threat has grown significantly throughout the past decade, and it will continue its upward trend. The business of ransomware is simply too lucrative unless international governments and technology innovations can fundamentally alter the attacker cost-benefit calculation.
Threat actors engaged in multifaceted extortion will continue to find more ways to extort payments from their victims. In 2022 Mandiant expects to see actors ramp up new tactics, such as trying to recruit insiders within their victims or targets. More cybercriminals are expected to evolve as threat actors become more business savvy and learn what kind of situations their victims most want to avoid.
Focus on Operation Technology (OT)
Throughout 2021, Mandiant observed low sophistication threat actors learn that they could create big impacts in the OT space—perhaps even bigger than intended. Actors will continue to explore the OT space in 2022 and increasingly use ransomware in their attacks.
Attacks against critical OT environments can cause severe disruption and even threaten human lives, thereby increasing the pressure for organizations to pay a ransom. To compound the issue, many of these OT devices are not built with security at the forefront of the design, and there is a massive uptick in the number of vulnerabilities being identified in OT environments.
Iran to continue their aggressive stance
Iran will use its cyber tools in a much more aggressive manner to promote regional interests. Iran will also continue to target Israel and others in the Middle East. They’ve shown their capability and willingness to use destructive malware, so they are expected to take advantage of any presented opportunities. Ultimately, Iran will try to create more of a power balance shifted to its own interests. Mandiant has seen them targeting abroad, but their targeting will most likely be regional throughout 2022.
Afghanistan events may trigger espionage
With the assertion of Taliban control and departure of U.S. forces from Afghanistan, one can expect further cyber espionage and information operations. The usual information operations actors—Iran, China, Russia—are expected to push narratives to support their interests through the end of 2021 and into 2022. They’ll also play up negative perceptions around the events, notably the perception that the U.S. failed to live up to its commitments to organizations and countries.
Cloud and third parties introduce new chokepoints
Organizations will continue to increasingly rely on the cloud and cloud-hosted third-party providers for primary business tasks, putting more pressure on those third parties to maintain both availability and security. The proportion of Mandiant incident response investigations involving cloud resources has grown over the past several years, and they anticipate that cloud compromise and abuse will continue to grow in tandem with enterprise cloud adoption throughout 2022.
More internet of things (IoT) devices, more vulnerabilities, more attack surface
As the number of IoT devices grow, so will the number of vulnerabilities for bug hunters to track. These devices are connected, and the general attack surface expands with the potential for profound impact. Unfortunately, there hasn’t been enough emphasis on security in fundamental IoT device design to fix these issues, so the situation will only get worse in the years to come.
As we move into 2022, CISOs have a lot on their mind and remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.
-Ends-
About Mandiant, Inc.
Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
Contact
Varun Joshi | Active DMC
varun@activedmc.com
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
