The rising threat of cyber criminals targeting cloud infrastructure in 2022
In the world of cybersecurity, combating threats is like playing endless, hyper-advanced, multidimensional Whack-A-Mole: new threats are always emerging, often from unexpected sources, and trying to keep up can feel impossible.
The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the coming year.
Linux and cloud infrastructure will continue to be a target
For threat actors, there is a simple calculus at play – namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. With cloud adoption increasing because of the pandemic, this has the potential to be a massive problem.
In just the last few months, ransomware gangs like BlackMatter, HelloKitty, and REvil have been observed targeting Linux via ESXi servers with ELF encryptors. And we have recently seen the PYSA ransomware gang adding Linux support. Meanwhile, experts are identifying new and increasing complex Linux malware families, which adds to the already-mounting list of concerns. Working pre-emptively against these threats is more essential than ever.
The next target of nation-state attackers? The security community
Over the last year, we’ve started to see nation-state hackers target vulnerability researchers, attempting to acquire their zero-days. These attacks were, thankfully, unsuccessful, but that is little cause for celebration. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant. Information, tools, and threat intel belonging to private sector security companies is of ever-increasing interest to cybercriminals. Accordingly, increased value will be placed on offensive research products, which will in turn become a bigger target for attackers.
Initial access brokerage and cryptojacking techniques will continue to be leveraged
Information is a crucial target, but the fact remains that many cloud attacks are purely financially motivated. As we enter 2022, we can expect a continuation of the two primary methods of monetization on the part of cybercriminals: cryptomining and initial access brokerage (IAB).
Each method comes with its own advantages and disadvantages. With cryptojacking and cryptomining, profit can be realised in real time – if an attacker can remain undetected in the cloud environment. On the IAB side, it may take longer for an attacker to achieve their desired profit. At the same time, IAB is a more risk-averse approach: it doesn’t matter how long their customer persists in the cloud environment. As long as cryptomining remains lucrative, crypto attacks will persist, as will the initial access brokers who can enable these activities.
Insider threats are poised to increase
The last year has seen a drastic uptick in hackers targeting individual employees. Often, these hackers will attempt to recruit these employees for insider efforts. Given the record number of resignations in the technology sector in 2021, which indicates high levels of employee dissatisfaction, internal defection is now more than ever a serious, increasing risk.
Hackers will continue to target software supply chains
Supply chain attacks are not as frequent as the ones outlined above, but they have the potential to cause more harm (look no further than the 2020 SolarWinds hack for proof). The “one-to-many” opportunity that a successful supply chain compromise affords makes it an attractive option, one more than worthy of attackers’ time and resources. For this reason, we believe 2022 will see more software supply chain attacks perpetrated by both criminal and nation-state actors.
No one can predict with perfect accuracy what disasters might loom on the horizon, but by studying the recent past we can prepare ourselves to defend against what’s most likely coming. 2022, in that sense, will be like any other year: cybercriminals will attempt to break through, while their would-be victims, deploying advanced technology and the best threat-analysis available, will attempt to stop them. Here’s to hoping the good guys win.