In 2022, too, the number of cyberattacks will hardly decrease. CyberArk names four attack vectors that are becoming increasingly important and require more robust or additional security precautions for companies and authorities.
Security expert CyberArk sees increasing and additional security threats, especially about open source, new technologies, ransomware, and the supply chain.
Open Source – Pretty Open To Attacks
The use of open-source software (OSS) is clearly in vogue. The advantages are the high flexibility and scalability and the innovative power. Almost all current developments related to cloud computing, the Internet of Things, autonomous driving, big data, or artificial intelligence are open source-based. But countless “open” and “free” OSS libraries also mean a dramatically expanded attack surface.
The Codecov attack in April 2021 showed how a simple change in one line of code could turn a completely harmless library into a malicious one – putting every company that uses it at risk. The Log4j vulnerability is also likely to keep the industry in suspense for some time to come.
Compromising open-source libraries generally represents a significant security risk – and the possibilities for attackers are manifold. For example, you’ve already created code packages with nifty name changes, such as atlas-client versus atlas-client. These are trojan versions of the original boxes that implement backdoor or credential-stealing features. And, of course, including the OSS libraries is a bet on the security of the foreign code itself: Even if the code is publicly available, not every line can be checked without losing the productivity advantage of OSS again.
In the future, companies will have to pay more attention to these attack scenarios, which are difficult to detect – especially if libraries are automatically fed into internal processes in daily operation or are brought in indirectly via standard software and hardware. As these automated attacks become easier and faster to execute in the future, they will become even more frequent and damaging.
Field Of Attack New Technologies
More and more companies are using cloud virtualization and container technologies. As a result, security risks are also increasing. For example, micro-virtualization offers attackers the ability to isolate malware in virtual systems, hiding it from host-based security controls.
Such attack techniques are not yet widespread. However, it has already become public that attackers are looking for ways to use components such as the Windows Subsystem for Linux (WSL) – a subsystem for securing login information and authentication processes – to compromise end devices.
The main problem is that endpoint detection and response ( EDR ) and other host-based endpoint security tools fail to detect ransomware running on a Linux infrastructure. Attackers can easily encrypt data in this way, in secret.
The Blackmailers Are Among Us
The development of ransomware-as-a-service (RaaS) has only just begun. The range of illegal services will continue to grow in 2022, and specialized hackers will work more closely together. Most known ransomware families share identical techniques, tactics, and behaviors, such as deleting backup encryption functions or initial execution.
This enables current security tools to detect and block ransomware cyberattacks. The increasing adoption of such security tools will force ransomware authors to find new and innovative methods that bypass today’s standard detection capabilities. Here, too, it will remain a game of cat and mouse between security researchers and cybercriminals.
Supply Chains Are Particularly Vulnerable
Phishing attacks, in particular, have increased significantly in recent years. Attackers are often aimed at the supply chain of a company. The networking of many companies characterizes today’s economy, and external parties often receive privileged access – sometimes indirectly – to internal IT systems, such as sensitive data in the context of production forecasts or quality controls. Attackers can also use these access options to achieve their goals.
Mainly attacks on digital supply chains have increased recently; the SolarWinds and Kaseya cyberattacks are just two examples. It can be assumed that this trend will continue in 2022. Even if such cyberattacks cannot be prevented entirely, companies should still take central security precautions. These include code signature checks, multi-factor authentication ( MFA ) for application access, or the use of threat detection solutions.