Top 7 cybersecurity threats for 2022

Be the first to know the latest cybersecurity threat predictions

We are overwhelmed by the sophistication, volume, and impact of breaches in 2021. Threat actors launch new innovative techniques, sometimes even disruptive innovation, and take advantage of new vulnerabilities every year. And every year, we must evolve and adapt our defenses to protect against the next wave of large-scale threats we will face.

This blog aims to share our experiences in creating a secure enterprise in 2022. To do so, we will outline the top seven cybersecurity threats over the coming year. We will give you a high-level overview of each threat and explain:

  • What the threat is
  • How it will play out in 2022

While each of these threats contains numerous sub-threats and attack patterns, we aim to give you a strategic perspective on what to expect.

Threat 1: Ransomware

What It Is

Ransomware was the biggest threat of the past year. It is a highly complex attack pattern that takes many forms and follows many steps to achieve its objectives. We typically deal with five types of ransomware:

Attack TypeGoalsTargetAcces
Crypto ransomware or encryptorsMost popular ransomware. It encrypts valuable files and data so that users cannot access them.
Attackers demand payment to decrypt the files and make them accessible.
Endpoints, NAS, and ServersRead/ Write
Lockers or Nonencrypting RansomwareLocker does not encrypt files but locks users out of their devices. A lock screen displays the ransom demand and how to make a payment for unlocking the device.Primarily endpoints can extend to serverRead/ Write
Doxware or LeakwareAlso known as extortion ware, this type exfiltrates sensitive data and threatens to release them if a ransom is not paid (a combination with Crypto is also seen these days).Endpoints, NAS, and ServersRead-only
ScarewareClaims to have detected a virus on your device and floods the screen with pop-ups. It asks for payment to resolve the issue. It sometimes locks the device but does not damage files.Endpoints and NASRead-only
Ransomware as a Service (RaaS)RaaS is a market with people specializing in different activities. Each person gets a share. This ransomware is sophisticated, and the attack is well planned out.Endpoints and NASRead / Write

Atos’ 2022 Predictions

We predict ransomware will remain a significant threat in 2022. We see ransomware evolving along a few tracks:

  • Attackers will find more and more initial exploits to quickly reach high-value targets and increase the size of their ransom demands substantially. As an example, cloud admin accounts are targeted for compromise as the beach head.
  • Critical infrastructure will become the battleground of nation-states. Targeting the critical infrastructure of a rival nation will become a common pattern. Well-organized cybercriminals will also eye critical infrastructure for high-value ransom.
  • Data exfiltration will evolve as a significant method for ransom in addition to encryption and hence target trade secrets, intellectual property, and sensitive databases.
  • Cloud console capture and locking out the entire organization from their cloud, thereby threatening business operation shutdown will also evolve as ramsomware. This type of attack will not involve any data or encryption.
  • Organized cybercriminals and nation-states will continue to target supply chains to scale their campaigns— in particular; they will continue to target Managed Service Providers (MSPs) and service providers to large enterprises, government.
  • Their attacks will target ICS environments. Our researchers have identified at least seven variants, some of which were programmed to terminate 100+ ICS processes.
  • Ransomware attacks will continue to use remote services including VPN, terminal services, phishing emails, cloud access as the first vector for finding patient zero for ransomware. Hence it is crucial to prioritize fixing vulnerabilities and configuration lapses in these technologies.

Threat 2: Supply Chain Threats

What It Is

These attacks are simple to understand. With a supply chain attack, a threat actor will target and compromise a 3rd party provider as a means of gaining a foothold into the larger organizations that they serve— for example, a SaaS company.

From there, the attacker can spread through the company’s products and compromise their hundreds or thousands of customers.

Now that every organization depends on a large, sophisticated, and highly-interconnected supply chain, cybercriminals can use this threat to break into any network they want — from the smallest group to the largest government agency.

Atos’ 2022 Predictions

Unfortunately, we predict more large-scale supply chain attacks like SolarWinds in 2022. We agree with Forrester’s findings that organizations are even more vulnerable to these threats — now that they have practically doubled their supply chains to improve their resilience — and that 60% of upcoming security incidents will involve supply chain issues.

We also predict that the sophistication, persistence, and scale of the SolarWinds attack will become commonplace. In SolarWinds, the attackers performed reconnaissance for eight days before injecting the malware, waited six months to replace source files with backdoor code, and waited another month before deploying malware to target systems within an update.

So, if organizations lack visibility and governance over their vendors’ security, SolarWinds-scale attacks will become a regular occurrence in 2022.

Threat 3: Vertical Specialized Threats

What It Is

Cybercriminals are developing customized attack patterns that exploit the unique security challenges faced by specific industries. This specialization is not a new trend; attackers have always adopted their attacks to geography or a particular sector. What we are seeing now is increased customization of TTPs.

Every vertical — in every geography — is now a rich target, and cybercriminals are developing highly specialized attacks to target everyone from retail to healthcare to non-profit.

Atos’ 2022 Predictions

We predict an increase in these attacks, and attackers specialize further. For example, more attacks will specifically target Operational Technology (OT) in healthcare, manufacturing, and utilities. Attacks will intensify in these sectors, with OT becoming the new threat vector.

FSI will continue to be a key target, but attacks will more and more pivot towards business applications, including SWIFT, ATMs, Internet Banking, payment gateways, customer billing, and transactional software.

IoT is becoming an integral part of new innovative solutions in many industries. But the use is higher in specific sectors, for example, transport with automotive and aerospace taking the lead. IoT-based threats are still not mainstream but will start becoming so in the light of business use cases in these sectors.

Deepfake type of innovative attacks will be predominantly used for political interference and influence. The potential for deepfake to be used for fraud in multiple industries remains a future possibility, but large-scale use is still a couple of years away.

Threat 4: Cloud Threats

What It Is

Organizations have moved a lot of their infrastructure to the cloud over the last two years. Cloud technologies are evolving rapidly, and change is the only constant.

This leads to many security gaps in the deployments. Cloud threats typically exploit weak configurations and poor security practices in these deployments.

This allows cybercriminals to compromise cloud-based assets even when security tools are layered over them.
In addition, most organizations also leverage multiple clouds to run their workloads. This further increases the threat exposure.

Atos’ 2022 Predictions

Cloud will become the primary attack vector for initial infiltration into an organization. We are already seeing this trend in ransomware attacks. Most organizations are still learning to secure all aspects of cloud infrastructure. This leads to security gaps in storage, console, and workloads that are easy for an attacker to compromise and establish a presence in the customer cloud infrastructure.

We predict that most breaches will happen from misconfigurations, and many organizations will suffer an incident with one or more cloud services they adopted over the past year. Specifically, we predict organizations must defend themselves against the following cloud threats:

  • Cloud consoles will be heavily targeted for account take-over. Once the cloud console is compromised, the threat actors gain complete control of the infrastructure. Azure AD, AWS IAM, GCP IAM, etc., will become focus areas for threat actors.
  • We will start seeing hybrid and multi-cloud attacks: Here, attackers use hybrid or multi-cloud infrastructure first to compromise one of the clouds or on-prem infrastructure and then laterally move into other parts of the organization.
  • Container Exploitation will evolve into a high-impact threat vector. There are numerous ways that containers can be compromised. An easy way for attackers to compromise containers is by exploiting misconfigurations. There have been attempts to compromise the base image in the docker container repository. Compromising the Kubernetes orchestration layer is yet another path. Containers can become the beach head for major security incidents in 2022.
  • Crypto-Jacking from the Cloud: Here, attackers compromise cloud servers and use their CPU to mine cryptocurrencies (not new but growing).

Threat 5: API Threats

What It Is

API protection mechanisms are at a nascent stage today, but business use of API is becoming mainstream – leading to the classical gap threat actors seek. Threat actors have therefore begun to exploit API vulnerabilities and configuration weaknesses.

In an API threat incident, the attacker exploits an unsecured API and takes advantage of the fact that communications through APIs can potentially bypass all other security controls (due to the encryption at the application layer).

Atos’ 2022 Predictions

2022 could be the year of infancy for innovative API attacks, which will become mainstream in 2023. It will not be surprising if a few significant breaches occur riding on API threats. We predict API threats will grow in sophistication and begin to bypass traditional controls that are API blind. In addition, we expect more threat actors will start to target APIs in their attacks directly and become a more common and standard attack technique by 2023.

API attacks in 2022 will focus on a few patterns. API threats are expected to exploit misconfigured authentication and authorization controls as easy initial vectors. Threats will take advantage of the excess user authorizations that might be granted by default. Threats will also exploit unsecured API endpoints with injection flaws, including SQL, NoSQLcommand injections.

Threat 6: External Remote Services Threats

What It Is

Remote work is here to stay, and cybercriminals continue to target the wealth of remote access services that make the new workforce possible. Security Researchers have also recently identified that threat actor groups are even selling access to hacked networks through compromised VPN, RDP credentials, and the like.

Atos’ 2022 Predictions

Because the remote work infrastructure is not changing, we predict attackers will continue to use the attacks they focused on throughout 2020 – 2021. That includes attacks targeted Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), Virtual Network Computing (VNC), Citrix Virtual Desktops, Windows Remote Management, and the like. Attackers will continue to exploit these vectors for initial intrusions, lateral movement, and persistence.

We also predict they will continue to access these services through the same general techniques. Namely, they will perform credential pharming or target exposed services that do not require authentication, exploit vulnerabilities in these services, or gain direct access to internal systems through tools like VPNs that tunnel directly into the heart of the organization’s digital infrastructure.

Finally, we predict a related increase in mobile device threats. More employees continue to work remotely and use their mobile phones and tablets to do their jobs. As a result, these devices are now more likely to carry sensitive company data, and they have begun to come under attack with targeted threats by criminals. Mobile devices also provide the collateral benefit of breaking into homes, automobiles, banking accounts through compromising respective applications running on the running on the mobile device.

Threat 7: Conventional Attacks

What It Is

Finally, we must remember that conventional attacks — like phishing, social engineering, network security attacks, DDOS, web application attacks, and common malware — will always be in play. Ultimately, cybercriminals continue to refine and deploy these attacks for one simple reason – they continue to work.

Atos’ 2022 Predictions

We expect that conventional attack patterns and techniques will continue to play a significant role in the cybersecurity landscape. Cybercriminals will continue innovating and improving these attacks and leveraging new technologies to launch them with increasing speed, scale, and sophistication.

For the most part, cybercriminals will use conventional attacks as one step in a more significant and complex attack pattern. For example, they might exploit known asset vulnerabilities to create an initial intrusion at the start of a ransomware campaign.

We expect to see conventional threats used in more modern expressions of cybercrime. For example, we expect criminals to use attacks like social engineering to grab credentials and access to an organization and then sell that access to more significant threat actors (instead of taking advantage of it themselves).

Start Now: Stop These 7 Threats Before They Strike

As we conclude, a reminder — the cyber threat landscape moves fast.

We know this list is not exhaustive, even though we feel confident that these seven threats are some of the most significant cybersecurity challenges your business will face in 2022. The threat landscape is vast. Attackers constantly develop new techniques, and new vulnerabilities emerge every day.

However, focusing on protecting your organization from these seven threats will go a long way to staying safe in the year to come. To learn strategies to stop these threats, speak to an Atos Digital Security Expert. Our experts will also provide the most up-to-date view of the threat landscape.

Share this article

About the authors

Vinod Vasudevan

Global CTO for MDR & Deputy CTO for Cybersecurity services at Atos

Vinod Vasudevan is currently Global CTO for MDR & Deputy CTO for Cybersecurity services at Atos.

He brings more than 20 years of cybersecurity leadership and product innovation. He co-founded Paladion in 2000 and has acted in the role of CTO. During his tenure, he has led technology development and made Paladion an industry leader in managed Detection and Response.

He currently holds two U.S. patents in AI & Cybersecurity and has directly serviced global enterprises in the U.S., Europe, and the Asia Pacific. Vinod is a prolific writer and has authored multiple books, articles, and presentations in leading cybersecurity forums.

Before co-founding Paladion, Vinod worked with Microsoft and helped drive the adoption of Windows 2000 in the Asia Pacific. He is also a CISSP since 2001.

Zeina Zakhour

Vice President Global CTO – Digital security, Atos
Member of the the Atos Scientific Community

Zeina has twenty years of experience in the Cybersecurity field covering the end-to-end spectrum of cybersecurity from security advisory, to security integration, Managed security services/Managed Detection and Response, to securing digital innovations (Cloud, IoT, Edge, AI etc…) as well as risk management, compliance and privacy.

She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom SudParis and an Executive MBA focused on Innovation & Entrepreneurship from HEC School of Management.

Zeina is a member of the Atos Scientific community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. She was the recipient of Atos Innovation trophy in 2013, was named in 2019 among the “100 fascinating Females Fighting cybercrime”, was listed in the CTO/CIO/CDO French top 10 influencers and was recognized as 2020 Cyber security leader by the Cyber Security Observatory.

Download our complete cybersecurity threat predictions
and stay ahead of attackers