Security predictions for 2022

Attackers will find routes into the cloud that start on your on-premises server 

On-premises Active Directory (AD), Windows’ directory service, remains a wide open weak spot in most companies. As the core of Windows operating systems, AD manages user permissions and holds the key to numerous business-critical processes and services – but its default configuration makes it an easy target. While businesses are increasingly shifting workloads from on premises to the cloud, AD remains a foundational piece of infrastructure for both environments for 90% of organisations, and it’s not going anywhere anytime soon. Cybercriminals know this and are increasingly using AD weaknesses as an inroad for attacks against data and applications in the cloud, thus bypassing classic cloud protection systems.

Attackers will increasingly target identity systems 

As the recent Facebook outage showed, when core identity providers go down, those applications that depend on them for user authentication are affected too. The more users rely on shared infrastructure, the more impactful outages will be. This makes large identity providers a perfect target for hackers. For the fast-growing number of businesses around the world that depend on the Microsoft Azure cloud, Azure AD acts as a major identity provider, authenticating countless users every minute. Hackers compromising Azure AD could therefore take out several apps at once and do damage on a large scale.

Zero trust will become the default in many organisations 

With hybrid workspaces here to stay, organisations need to ensure safe identity management in the cloud. More businesses will adopt zero-trust authentication and access models as the necessity for the protection of cloud identities increases.

 Sophisticated ransomware attacks will come from unsophisticated attackers 

Sophisticated ransomware attacks are no longer the preserve of nation states. In 2022, anybody can access the tools to carry them out. Ransomware-as-a-service is another way that unskilled actors are getting the job done—by contracting out to groups like LockBit 2.0 to do the dirty work. As attackers seek to make maximum profit, campaigns that steal and threaten to reveal information gain popularity. Once data has been extorted, attackers may then come back asking for regular payments.

The ransomware crisis will reach fever pitch before governments take significant action – fuelled by the fact that there is no shortage in vulnerable systems that can be attacked. What’s worse, any remaining morality filter has been removed. Attackers no longer care about the physical impact they cause, for example by attacking critical infrastructure and hospitals where lives could be at risk. As a result, critical everyday services could become unavailable, prices could go up and we could find ransomware affecting our daily lives.

A rise in intellectual property theft 

Large companies will have a hard time protecting their intellectual property against digital espionage. Businesses are having to manage increasingly complex IT systems with the same or fewer staff, and are finding it difficult to fill highly skilled security positions. Cybercriminals will continue to find easy ways into an organisation by attacking a smaller or newer company higher up the supply chain that hasn’t got strong cyber defences in place, so there is no doubt that we will see more supply chain attacks in the new year. We may see bad actors deploying artificial intelligence as they have the money and resources to do so.

About the Author

Guido Grillenmeier is Chief Technologist with Semperis. Based in Germany, Guido has been a Microsoft MVP for Directory Services for 12 years. He spent 20+ years at HP/HPE as Chief Engineer. A frequent presenter at technology conferences and contributor to technical journals, Guido is the co-author of Microsoft Windows Security Fundamentals. He’s helped various customers secure their Active Directory environments, and supported their transition to Windows 10/m365 and Azure cloud services.