Lacework Labs Security Predictions for 2022

Lacework LabsDecember 8, 20214 min read


If 2020 and 2021 taught us anything, it’s to expect the unexpected. This is especially true with respect to cyber threats which can make predicting the future difficult. Additionally the threat landscape is often influenced by numerous macro-trends (pandemic, geopolitics, cryptocurrencies) which can further complicate forecasts. We know that the landscape shifts each year, which is why we write an annual predictions report from the experts on our research team. This list is based on what we expect to see happen in 2022 and what we think you should do to prepare and protect yourself.

Here are our security predictions for 2022:

    • Linux and cloud infrastructure are emerging targets of malware and ransomware attacks:


    • Threat actors are looking for the path of least resistance – the easiest way to break through with the greatest return. The traditional methods of enterprise network intrusions to obtain data (or other valuable company information) is still resulting in success. However, cloud infrastructure is heavily Linux-based (80+ percent) and with cloud adoption increasing, especially as a result of the pandemic, threat actors are turning their focus to cloud-based targets. The Lacework team found that PYSA Ransomware Gang added Linux Support, which indicates that ransomware gangs and other attackers may be pivoting to cloud strategies. Furthermore, continued identification of new linux malware families are growing increasingly complex, adding to the mounting concerns.
    • Insider threats are poised to increase:


    • Malicious or innocent, insider threats open the door for threat actors to gain access to critical information. Over the past year, there has been a sharp increase in demand for direct access to business environments in the underground markets. To meet this demand, we’ve seen an uptick in hackers targeting employees directly or through posts on hacking forums in hopes of recruiting them for insider efforts. The high dollar offers often entice susceptible employees or rogue employees to drop ransomware, and we predict that this will continue in the future. Additionally, 2021 saw record resignations in the technology sector indicating disgruntled employees are at an all time high. It’s possible this trend may also have an effect on insider threats activities going into 2022.
    • Nation-state attackers will target the security community:


    • This past year, we saw some initial attempts from nation-state hackers who targeted vulnerability researchers in an effort to acquire their zero-days. While the attacks were not successful, this is a trend that will continue into 2022. Cybercriminals are recognizing the value of the information, vulnerabilities, tools and threat intel coming from private sector security companies. As a result, there will be increased value placed on offensive research products and they will become more of a target for attackers.
    • Crimeware actors will continue leveraging initial access brokerage and crypto jacker techniques:


    • Since many cloud attacks are financially motivated, we can expect a continuation of the two primary methods of monetization: cryptomining & initial access brokerage (IAB). There are advantages and disadvantages to both methods. For cryptojacking and cryptomining that profit can be realized in real-time so long as an attacker persists in the cloud environment undetected. On the IAB side, it may take longer for an attacker to realize their profit however it is a more risk-averse approach and it doesn’t matter how long their customer persists in the cloud environment. As long as cryptomining remains lucrative, then we will see a continuation of crytojacking attacks in the cloud as well as the Initial access brokers who can enable these activities.
    • Hackers will continue to target software supply chains:


    • Supply chain attacks are not as frequent as others however they have the potential to cause exponentially more harm. This was evidenced in the 2020 SolarWinds hack and 2021’s codecov and NPM project attacks. The “one-to-many” opportunity afforded by a successful supply chain compromise makes it an attractive option and worthy of attackers’ time and resources. For this reason we believe that 2022 will see more attacks against software supply chains by both criminal and nation state actors.

So there you have it. Time will tell if our predictions are accurate. If you agree or disagree then please let us know! Be sure to follow Lacework Labs on LinkedIn, Twitter, and YouTube to stay up-to-date on our latest research.

Copyright 2021 Lacework Inc. All rights reserved.


Suggested for you