Security Experts:

A New Year Will Bring New Targets: What to Look for in 2022

There’s no way to put it nicely: cybercrime just continues to get worse as we become increasingly connected. 2020 was a banner year for ransomware – and by all accounts, it’s almost certain that 2021 will top it. And as we move into 2022, not only do defenders need to put more scrutiny on the attack vectors they’re already focused on, but now they will need to expand that view to new targets. 

While the sky just may be the limit (or actually, it may not be), when it comes to cybercriminals, three key areas where we expect to see more activity in the coming year are space, digital wallets and esports.

The sky’s not the limit?

Attacks from space? Well, sort of. In 2022, as satellite-based internet access continues to grow, researchers at FortiGuard Labs expect to see new proof-of-concept (POC) threats targeting satellite networks. New low earth orbit (LEO) satellite systems have become a viable option not just for remote users but for more mainstream business customers as they become faster and increasingly less expensive.

These systems represent a viable option for attackers, too; they will target organizations that rely on satellite-based connectivity. These activities include online gaming or delivering critical services to remote locations, pipelines, field offices or cruises and airlines. This will also expand the potential attack surface as organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their portfolio of interconnected environments.

New attack types are already surfacing. For instance, ICARUS is a POC DDoS attack that uses direct global accessibility to satellites to launch attacks from numerous locations. Every satellite, and its base stations, is a potential network entry point. And there will be millions of terminals from which to launch an attack. Living-off-the-edge tactics will soon expand to include LEO satellite networks.

It’s game on for cybercriminals 

The esports industry is booming; it’s predicted to bring in more than $1 billion in revenue this year. Esports are organized, multiplayer video gaming competitions, often involving professional players and teams. Because they require constant connectivity and are often played out of inconsistently secured home networks or in situations with large amounts of open Wi-Fi access, they make an inviting target for cybercriminals. The real threat risk will be the platforms and infrastructure itself. Attack types include ransomware, financial and transactional theft, DDoS or social engineering attacks. This last attack type is particularly alluring due to the interactive nature of gaming. Given their rate of growth and increasing interest, esports and online gaming are likely to be significant attack targets in 2022.

It's the responsibility of service providers and esports providers to offer secure gaming environments that are safe from DDoS and other attacks. They should also leverage AI-based hunting tools to detect threats lurking in gaming environments. And connected gaming consoles need to have encrypted connections and endpoint protections such as Endpoint Detection and Response (EDR). 

Hand over your (digital) wallets

Hijacking wire transfers just isn’t as easy as it used to be, bad actors are finding. That’s partially because more financial institutions now encrypt transactions and require multi-factor authentication (MFA). But digital wallets are still a fairly nascent technology and one that’s often less secure and less regulated. You can guess what that means – bad actors are on it. Individual wallets don’t have as big a payoff usually, but as more businesses start to use digital wallets as currency for online transactions, that won’t always be the case. And we can expect to see more malware designed specifically to target stored credentials and to drain digital wallets.

A new phishing threat documented by FortiGuard Labs uses a phony Amazon gift card generator to steal cryptocurrency. This malware monitors the victim’s clipboard for wallet addresses and replaces them with the attacker’s wallet. It also uses false documents to lure victims into potentially giving out confidential information like home addresses, credentials for online shopping sites and credit card numbers. 

Last summer, FortiGuard Labs also discovered a new phishing campaign that included malware designed to steal crypto wallet information and credentials from a victim’s infected device. ElectroRAT is another new tool targeting digital wallets. It combines social engineering with custom cryptocurrency applications and a new Remote Access Trojan (RAT) targeting multiple operating systems, including Windows, macOS and Linux. 

Comprehensive, centralized security

Cyber criminals continue to expand their targets to everything and anything – even satellite connections. Protecting assets from these new attacks requires an integrated and comprehensive security strategy. Point products must be exchanged for security devices designed to interoperate as a unified solution regardless of where they are deployed. They need to defend application, device and user with a unified policy that can follow data and transactions from end to end. Centralized management will also help ensure consistent enforcement of policies, prompt delivery of configurations and updates, and central collection and configuration of suspicious events that may occur anywhere across the network—including to, between and within cloud environments.

RelatedWhat to Expect in 2022: Microservices Will Bring Macro Threats

Related: Planning for the Future: What's Ahead in 2022

view counter
Derek Manky is Chief of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.