With the new year underway, I decided to put together some of the cybersecurity trends I’m expecting to come to fruition over the course of 2022. I was about to say I’m looking forward to these, but this implies that these predictions will all be positive, and some are certainly not. It’s a bit like saying, “I’m looking forward to visiting the dentist for a double root canal” – which no one ever does.
So, I suppose it’s more appropriate to say that these are some of the trends that I think will have a significant impact in the world of cybersecurity this year.
Continued Development of Web 3.0
Web 3.0 is a broad term and encompasses many different technologies such as cryptocurrency, NFTs, DAOs and so forth.
While some may argue that cryptocurrency as a whole is a scam – and that may turn out to be true and one of the biggest causes of financial losses to people – broadly speaking, we’ve seen many cyber-criminals migrate to attacking the cryptocurrency infrastructure and its users.
According to the FBI’s annual crime statistics, 2021 saw over 20 incidents where at least $10m was stolen in digital currencies from a crypto exchange or project. In December, crypto-exchange BitMart lost over $150m.
Users are also increasingly targeted, mainly through social engineering attacks. For example, in October of last year, Coinbase disclosed that a threat actor stole cryptocurrency from 6000 customers after exploiting vulnerabilities in its SMS multi-factor authentication service.
New platforms and offerings built on Web 3.0 will improve their security over time; perhaps even regulators will help speed up this process. Yet, alongside them, people must remain vigilant at all times. While the landscape may be new, the threats manifest themselves in very much the same way. As the adage goes, if something appears too good to be true, it usually is. Therefore, it is important to remain vigilant and look out for red flags.
Extortion on Steroids
Ransomware has dominated the headlines for the last couple of years, and there shows no signs of it slowing down.
The problem seems to have just gotten worse over the years, with basic ransomware evolving to double, triple and in some cases, quintuple extortion. I wouldn’t be surprised if this continues to grow.
During the time that cyber extortion has almost become an accepted business practice, we will likely see criminals adopt more innovative ways to extort organizations, and probably without even having to deploy ransomware. Therefore, it's high time businesses take a proactive stance with security before it's too late.
Eye for an Eye; Hack for a Hack
An overly-eager security researcher will think they have identified the culprit behind a major attack. Then, in the act of retaliation, they will hack back only to discover they did not attribute the attack correctly. This will cause a major international incident, and the organization responsible will be placed under extreme scrutiny.
While that may be a slightly exaggerated scenario, organizations have a growing appetite to get back at criminals that attack them. Unfortunately, attribution is tough even in the best of circumstances, and an over-eager response could impact an innocent party or a partner in their own supply chain.
The Rise of a Dark Economy (Mergers & Acquisitions)
A lot of criminal gangs have become extremely wealthy. In fact, some shady organizations are large enough to be listed on a stock exchange. So, we will see a more formalized dark economy emerge with some M&A activity taking place as some gangs will look to cash in by selling their organization while others look to grow in capability and reach.
At the end of the day, a dark FTSE 100 trading platform may finally become the best place for people to invest their cryptocurrencies in.
Of course, I do not profess to be a psychic, not just yet... I’m still waiting to be accepted into the guild where I will receive my crystal ball. Yet, having been a keen observer of the cybersecurity landscape for over 30 years, I’ve quickly realized that, in this industry, almost anything is possible.