Cybereason has made available its industry predictions for 2022 and urged the GCC region’s businesses, employees, and consumers to be ever-watchful in making the new hybrid ecosystem a safe environment in which to work, shop, and live. “For our 2022 predictions, we wanted to go beyond the usual hot topics and buzzwords lists that normally pass for insights,” said Lior Div, co-founder and CEO, Cybereason. “While it’s important for our customers to prepare for more of the same when it comes to things like skills gaps and the use of cloud and AI in cybersecurity, we believe they do not need domain experts to inform them of the obvious. We prefer to focus on the future shape of the threat landscape and what current threat research tells us about risks that may be just over the horizon.”
RansomOps replaces ransomware
Ransomware has swept the region anew since the pandemic created more complexity in infrastructure and a disconnect between remote-working employees and the IT function. According to recent Cybereason research, 63% of UAE businesses paid bad actors between US$350,000 and US$1.4 million following ransomware incursions in the two years prior to June 2021.
Relatively simple repurposed malware strains have been replaced by RansomOps. Cartels like REvil, Conti, and DarkSide are conducting comprehensive campaigns in which the payload is just the final link in an attack chain. Against this backdrop, 2022 will demand a refocusing of anti-ransomware tactics away from the encrypting malware itself and onto the Indicators of Behavior (IOBs) associated with RansomOps, allowing the defending organization to circumvent encryption entirely.
Supply-chain attacks will reach further
Regional CISOs may be familiar with the SolarWinds incident, in which the compromise of one resource led to the compromise of many of its owner’s customers. But Cybereason research into espionage campaigns such as DeadRinger and GhostShell reveals different approaches with similar outcomes. By gaining access to telecommunications providers, state actors were able to monitor communications for customers of those operators.
In 2022, criminal gangs will adopt the successful strategies of the state actors seen in DeadRinger and GhostShell. This will likely lead to a reassessment of risk profiles by companies that are suppliers of digital services, as well as similar reassessments by their customers of how to establish trust in their suppliers.
The Microsoft risk
Microsoft’s dominant role in the OS, cloud, and applications market means much of the cybersecurity threat domain is focused on the company’s offerings. As more and more organizations migrate to Microsoft environments, understanding the risks will be essential.
Lines blurring between cybersecurity and national security
This year, we have seen everything from oil to food supply chains affected by ransomware attacks. In 2022, criminal and state actors will likely collaborate and align objectives for optimal impact. In response, regional governments are likely to escalate their preparedness strategies through entities such as the Computer Emergency Response Team for the United Arab Emirates (aeCERT) and Saudi Arabia’s National Cybersecurity Authority (NCA).
Standardization of XDR
Hybrid work models, 5G rollouts, and the increased experimentation with the Internet of Things will lead to a connected world that will be difficult to protect. However, the productivity and convenience benefits of the technologies it provides will ensure its prevalence and therefore demand measures such as Extended Detection and Response (XDR).
While the cybersecurity industry is in broad agreement on its importance, there is not a uniform definition on what XDR does or should do. In 2022, when clear leaders in the XDR field have been established, the role AI should play in cybersecurity will become more defined.
“Everybody today needs to be thinking about cybersecurity,” continued Div. “While the CISO and their team will undoubtedly bear the brunt of responsibility and accountability, we all have a part to play. We can educate ourselves. We can be suspicious. We can change our relationships with devices and ecosystems to ones of ‘verification first’ rather than ‘trust by default’. As the new year rolls in, we should remember that we live digitally more than we ever have, so we should all pull together to make ourselves safer.”