In part two of our 2022 cybersecurity predictions series, Devo Security Engineering Director Sebastien Tricaud explained Web3 and new security testing trends.
While cybersecurity tools and approaches are certainly evolving quickly, so are cybercriminals. Here are my insights on cyberthreats and attacks we should expect to see more of this year:
1. Ransomware as a Service Expands Further
2020 and 2021 were turning points for the ransomware industry, as the number of ransomware-as-a-service (RaaS) platforms significantly increased. The RaaS model is like software as a service (SaaS) — hence the similar name. It’s subscription-based and enables criminal affiliates to execute ransomware attacks. With each successful ransom payment, affiliates earn a commission.
This model makes it simple for inexperienced cybercriminals to conduct ransomware assaults, enabling illicit organizations to easily expand their businesses. Now, pretty much anyone can launch ransomware attacks simply by signing up for RaaS, which is a very scary reality.
In 2022, this new industry will continue to grow in a more specialized manner. RaaS providers will try to remain unnoticed by identifying market niches that enable them to avoid drawing attention to themselves. We should also expect RaaS providers to impose more and more restrictions and control over their affiliates.
2. Cybercrime Rises in Africa
Africa isn’t typically top of mind when it comes to cybersecurity concerns — except for everything related to the infamous Business Email Compromise scam that targeted South Africa a few years ago. However, research from Kenyan IT cybersecurity company Serianu found that cybercrime reduced GDP within Africa by more than 10%. Further, the report found that the impact on the economy surpassed $4 billion in 2021.
In the face of this rising threat, INTERPOL is tapping UK funding to create a new cybercrime operations desk to bolster the ability of 49 African countries to fight cybercrime. “The Africa desk will help shape a regional strategy to drive intelligence-led coordinated actions against cybercriminals and support joint operations,” INTERPOL said.
In 2022, the increase in cybercriminal activity in Africa will be significant. I predict the damage to Africa’s GDP will reach $10 billion in 2022. As a result, cybercrime will become a more prominent threat to the development of African countries and their companies.
3. Supply Chain Attacks Take the Spotlight
During the past two years, supply chain attacks have increased in both number and sophistication. The cybersecurity industry has taken notice, too. ENISA predicted four times more supply chain attacks in 2021 than in 2020. What’s more, the complexity and resources of attacks of this type greatly exceed those of more common non-targeted attacks. In fact, ENISA also found that approximately half of supply chain attacks were attributed to advanced persistent threat (APT) actors.
As the cost of direct attacks against well-protected organizations increased, attackers moved on to targeting supply chains. This migration has resulted in a larger-than-usual number of reported supply chain attack cases.
To deal with this rising threat, the industry needs to implement more security in the supply chain, and it’s become necessary to carry out controls on suppliers. Vendors should now supply potential customers with a security rating to aid in risk management.
In 2022, security rating solutions based on real and empirical data will lead the way to risk rating solutions based on compliance. This will result in more alliances between organizations that currently carry out security qualifications and companies that process the volume of data necessary to conduct valid risk assessments.
Security teams will have to stay vigilant to keep their organizations safe from malicious threat actors, especially as new attack methods and vulnerabilities continue to crop up. We have one final piece of advice to wrap up this series: Continue to expect the unexpected!