We predict two trends emerging: (1) modern ransomware will become increasingly targeted and prominent and (2) ransomware operators will use more complex extortion tactics such as exfiltrating data to weaponize it.Ĭommonly used attack vectors like VPNs, spear-phishing emails, and exposed RDP ports will remain in play, but we predict the cloud will become a bigger target as more companies continue to migrate their data. Unfortunately, ransomware will continue to evolve and remain prevalent.
Enterprises were targeted for lucrative payouts, while small and medium-sized businesses (SMBs) were exploited by ransomware as a service (RaaS) groups. Perhaps one of the most covered security issues of 2021, ransomware wreaked havoc across businesses of all sizes. Next, look out for the rise of quadruple extortion model: holding the victim’s critical data, threatening to leak and publicize the breach, threatening to target their customers, and attack the victim’s supply chain or partner vendors. Particularly, we predict access-as-a-service (AaaS) brokers will take special interest in gaining residence and selling it to the highest bidder. Supply chain attacks will be especially prevalent, as ongoing economic shortages and disruptions will create opportunities for malicious actors to strong-arm targets for big payouts. Since developers’ tokens and passwords hold the key to an organization’s operations, using their credentials helps attackers stay under the radar while penetrating multiple layers of an enterprise’s network.
We’ll see more malicious actors compromising DevOps tools and pipelines to target supply chains, Kubernetes environments, and infrastructure as code (IaC) deployments. But what does an increasingly agile and hyper-connected world mean for an organization’s security? Trend Micro Research predicts the biggest threat and security challenges for the new year, enabling a more resilient, forward-thinking security strategy.Īlthough cybercriminals will continue to use tried and true methods, such as phishing emails, unsecured secrets, and exploiting known flaws, they will also explore new technologies like Java, Adobe Flash, and WebLogic to gain access.Ĭybercriminals will also mimic the DevSecOps “shift left” approach by going to the source of an enterprise’s infrastructure. And there doesn’t seem to be any signs of slowing down. You’ve heard it before: the pandemic accelerated digital transformation.