As tradition in the InfoSec world dictates, it’s time for us to prognosticate what 2022 is going to look like with cyber attacks and other issues.
As of right now, Log4j will be the gift that keeps on giving. To catch up on Log4j/log4shell stuff, check out our article that we’ve been updating. Because of how widespread the use of Apache Software Foundation’s logging service is, and Java, there are going to be some interesting exploits that have some unintended consequences. TrendMicro has already set up a proof of concept showing that electric vehicles and charging stations are vulnerable to Log4shell (The source for this is linked above in our article). For the organizations that haven’t remediated the Log4j issues at all, we may see lawsuits coming down the pipeline if an incident is proven to be connected with the vulnerability. We’ll also see any exploitable vulnerabilities be used to carry out ransomware and supply chain attacks. For example, if an organization is using an unpatched version of Log4j, launching these attacks to install ransomware may be easier than sending out a phishing email or text. We’ll also see organizations who aren’t directly affected by this vulnerability get popped by a vendor they use who hasn’t patched things up.
Ransomware is still lucrative
If 2021 showed us anything, it’s how incredibly lucrative ransomware is. In May of 2021, we saw Colonial Pipeline ransomed for nearly $5 million USD. JBS USA was also ransomed in May too and paid roughly $11 million USD. Kaseya, an IT solutions software company, was held ransom for $50 million USD. It’s unknown if Kaseya paid. These are just a few of the headline-grabbing incidents and it’s as of yet unknown to what extent how many victims there are and what the monetary loss is. We’ll have to wait for the FBI’s annual report to come out to see.
A contributing factor to why ransomware is so lucrative is that the operators are targeting larger organizations who have the money to pay up, which we also discussed in another article that you can read here. Depending on the industry the organization is in, the effects of ransomware are disruptive at best and incredibly dangerous (life-threateningly dangerous) at worst. This leads us to our next prediction.
We will see more disruptive and dangerous cyber attacks
With the Colonial Pipeline and JBS USA ransomware attacks affecting critical infrastructure, energy and food supply respectively, this is also a shot across the bow showing how cyber attacks affect the physical space. With Colonial Pipeline, there were was panic buying at the gas pumps because no one was sure what would happen if the pipeline providing fuel for the East Coast would come back online. We also saw in February of 2021 the Oldsmar Florida water treatment facility get hacked where the intruder attempted to change the levels of sodium hydroxide which, if it wasn’t caught, could have caused mass poisoning of Florida residents. More recently, this December, time tracking and payroll company Kronos experienced a ransomware attack that has impacted thousands of employers’ ability to pay their employees. Kronos released a statement that it may take them several weeks to recover from this attack and for their customers to seek alternate services immediately.
We feel that we’ll also have more disruptive attacks resulting from poorly developed IoT devices. It’s happened in the past with the Mirai Botnet in the late 2010s and in recent weeks it’s been tweaked to look for Log4shell vulnerabilities, which we’ve included in the link in the Log4j section.
Let’s wrap this up with ole faithful (social engineering).
We’re going to continue to see social engineering as a successful attack vector. You’re going to read about it in all the organizations publishing their annual analysis on cyberthreats and cybercrime.
As the metaverse begins its evolution, there is no doubt it will experience social engineering, but in what form will it come from is yet to be seen. This is true for any emerging Augmented and Virtual Reality(AR/VR) applications and the virtual communities users will immerse themselves in. Are we beyond your typical phishing tactics at this point? Will we see social engineers employing “in-person” social engineering skills in digital format? What will be the valuable info that’s sought? What impact will the victim experience both in the virtual world and in real life? What are the unintended consequences to someone exploiting the metaverse?
Where else do you think social engineering will pop up that we won’t traditionally expect (e.g. emails, texts, phone calls, social media)? Shoot us an email with your thoughts on this and your cybersecurity predictions for 2022.