Smart glasses looking at city showing ransomware and insider risks

Insider Risks, Ransomware and Nation-state Attacks Could Worsen the Risk Landscape in 2022

As enterprises look forward to a more optimistic business outlook in 2022, it is also time for them to re-evaluate their security posture and effectiveness in responding to new and fast-changing threats.

Ransomware became the most talked-about external threat for organizations in 2021. Will they dominate the threat landscape again this year?

Planning for resilience requires making assumptions about the future as well as anticipating trends and developments that could gain significance over time.

For 2022, Securonix has uncovered some of these trends that could potentially dominate headlines and outlined them below.

Malicious insider activity, especially IP theft, will become the top risk for businesses

The COVID-19 pandemic has fast-tracked digital transformation and remote work across various industries in Asia Pacific and globally.

Now, almost two years into the pandemic, hybrid work arrangements have become the norm for many organisations even though countries across Asia have sped up their vaccination efforts.

As a result, the attack surface will continue to increase for organisations as the new normal continues to drive workforce redistribution. In some cases, these changes will cause employees to leave and seek new employment opportunities elsewhere where they may exfiltrate data to their new organisation.

Ransomware – 25 per cent of ransomware attacks in 2022 will be deployed by insiders, compared to less than 2 per cent in 2021

Ransomware continues to be a significant threat vector for enterprises and businesses as it remains the easiest threat for less technical insiders to monetise.

Mandatory vaccination programmes, resentment from employees not being able to work from home, and increasing living costs in combination with financial incentives from criminals, will lead to an uptick in insiders being tempted to collaborate with criminal operators.

Ransomware operators will offer large incentives to gain access, driven by decreasing success compromising larger enterprises due to companies increasing investment in security, and the growing adoption of behavioural detection technologies.

On the other hand, the increase in scrutiny and action by lawmakers makes it more difficult for cybercriminals to conduct ransomware attacks.

To counteract improved security controls, ransomware operators will leverage new attack vectors and modes to extort victims. For example they may use digital platforms and environments such as APIs, cloud, mobile, supply chains, and others.

Yet the adoption of new defences may not be happening fast enough, which may allow attackers to continue using some of the old methods for some time.

Bitcoin may be replaced as the reserve currency for cybercrime, falling to less than 50 per cent of all ransomware transactions from 98 per cent in 2021

The decline of Bitcoin as the currency of choice for cybercriminals will be the result of increased scrutiny by law enforcement on ransomware operators, including active takedowns and raids.

Improved cryptocurrency transaction tracking and attribution, combined with expanding global financial sanctions that target money laundering and terrorist financing, will force cybercriminals to use a larger basket of digital currencies to evade scrutiny.

However, as rogue nation-states continue to provide a safe harbour, the increasing adoption of Bitcoin by some states as legitimate currency coupled with the lack of enforcement of sanctions could extend the benefits of using Bitcoin for ransom demands.

Ransomware will continue to be a viable cybercriminal endeavour due to the uncoordinated response by cybersecurity teams to high-profile ransomware attacks. This will likely result in attackers adopting new and creative ways to extort victims, including triple/quadruple-extortion and expanded selling of victim data on specialised underground markets.

2022 will see the first direct nation-state versus nation-state cyber battle, taking place over a series of days, with multiple targets including telecommunications, transport, media, and utilities

We saw evidence in 2021 of nation-states posturing and taking offensive positions, but the real risk lies in two non-superpower nation-states squaring off openly.

Many countries have or are in the process of building out offensive “hack back” cyber operations and will be keen to demonstrate the effectiveness of the investment.

The deterrents to the rise of nation-state attacks and escalations depend on the quick international response pressuring the combatants to pull back and resolve their issues through diplomatic means.