Mike Sentonas, CTO at CrowdStrike shares security predictions for 2022
Ransomware double extortion gives rise to “extortion economy”
This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold. However, in 2022, we expect to see the extortion/exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion.
We’re seeing an entire underground economy being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and find other ways to gain access to the data to sell for a profit anyway.
In today’s world, if you get hit by ransomware, you can expect to get hit by double extortion. And, ransomware actors will continue to innovate and evolve to find new ways to monetise their victims.
Contain your containers
In recent years, we’ve seen an explosion in containers and container-based solutions. Naturally, with the exponential rise in containers, we’ve seen a similar uptick in container-targeted threats. However, security for this innovative technology hasn’t quite caught on yet, as we continue to see them being deployed without proper security measures.
With that, the rapid speed of deployment that containers offer will become a double-edged sword. The lack of vulnerability checks and misconfiguration checks, along with disparate teams involved in container deployments all contribute to a lack of security across the board. Attack surfaces are ever changing, and the threats to container deployments are increasing exponentially. Therefore, we will see containers become a potential attack vector for organisations who don’t recognise security as a key component of container deployment.
Adversaries set sights on supply chains
As recent high-profile attacks have shown this past year, supply chains are very much on adversaries’ radar as a low-hanging attack vector. According to the 2021 CrowdStrike Global Security Attitudes Survey, more than 3 out of every 4 respondents (77%) have suffered a supply chain attack to date, and 84% of respondents are fearful of supply chain becoming one of the biggest cybersecurity threats in the next three years.
While supply chain attacks are not necessarily new themselves, the recent rise in these types of attacks has essentially brought the genie out of the bottle. Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. In 2022, we likely haven’t nearly yet seen the end of these attacks, and the implications for each one are significant for not only the victims but the victims’ customers and partners up and down the chain.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]
