Top threat activities this year

ZeroFox published a threat intelligence forecast for 2022, detailing expected cybercriminal behavior trends including ransomware, malware-as-a-service, vulnerabilities and exploits.

Within the report, the ZeroFox Intelligence team reviews 12 months of threat actor activity from 2021 and provides go-forward recommendations for security teams as we continue into 2022. Key takeaways include an assessment of increasing ransomware threats targeting the financial, manufacturing, retail and healthcare sectors, a predicted surge in data kidnapping attacks, and a continued upward trajectory of third-party compromises targeting vendors within larger supply chains.

Threat actors around the world made 2021 an extremely stressful year for security teams—perhaps the most challenging year on record. There were record-setting ransomware incidents, more supply chain compromises, and increased geopolitical tensions in Europe and Asia.

Looking towards 2022, it is imperative that security teams understand the growing external cybersecurity threat landscape and criminal underground to appropriately resource their teams and employ strategies to effectively address emerging threat tactics, techniques, and procedures; not last year’s TTPs.

Key external threat trends and forecast for 2022

• Ransomware: A continued increase in ransomware attacks and extortion activities is anticipated, particularly targeting the financial, manufacturing, retail, and healthcare sectors
• Third-party compromises (TPC): There will be an increase in the use of third-party compromises as a means to distribute ransomware. The continued expansion of software supply chains will also likely contribute to a rise in TPC attacks
• Malware-as-a-Service: In 2022, there will be an increase in the use of information stealers within underground criminal markets, providing a lucrative outlet for various cybercriminals to peddle stolen credentials from various stages of an organization’s network compromise
• Initial access brokers: The demand for initial access brokers services will continue to thrive in 2022, with more threat groups or individual actors attempting to sell access given the relatively low risk and high demand from various malicious groups
• Vulnerabilities and exploits: Nefarious actors will research more Java-based exploit avenues, focusing on common libraries exposed to attacker control content
• Phishing-as-a-Service: Cyber criminals will continue to use automation to fuel the growth of sophisticated Phishing-as-a-Service kits for sale and license
• Cryptocurrency: Remittance-heavy economies are expected to move towards digital currencies in 2022 at a faster pace, especially in the Middle East and Central Europe