In 2021, cybercriminals, old and new, inundated the security landscape with one major attack at a time.
This international deep value fund wins on value stocks that are also growth stocks
There has been a lot of discussion about whether value investing is dead, but it seems that this year has shown that value investing is still very much alive. In late 2020 and for some parts of this year, there were periods when value stocks outperformed growth stocks. Q3 2021 hedge fund letters, conferences Continue reading
James Carder, chief security officer & vice president of Labs
The supply chain of a leading country that manufactures semiconductor chips will be at risk, resulting in a significant shortage of critical materials
As we saw with that pandemic, Cybercriminals will take advantage of times of social disruption to manipulate companies and governments for financial reasons. The global chip shortage, showing no signs of slowing down as some experts estimate it could last through the end of 2022, is another period of disruption that hackers will soon be exploiting. When countries try to increase production, a country is caught trying to corner the market through fraudulent methods in order to gain access to the production and supplies of the leading chip-producing countries. This will lead to bottlenecks in critical deliveries and rising prices for basic goods.
The supply chain of a large vaccine manufacturer is stopped by ransomware
In 2021, ransomware attacks crippled Colonial Pipeline and JBS. In 2022, cyber criminals will be conducting a Ransomware Attack on one of the pharmaceutical companies that make the COVID-19 vaccine. This will disrupt the production of critical booster syringes and keep many other life saving drugs from reaching patients. The resulting consequences will fuel the flames for foreign and domestic disinformation campaigns about vaccines.
Cyber criminals will exploit API vulnerabilities to break into multiple corporate networks at the same time
Cyber attackers typically use sideways motion techniques to move through an organization’s network after the initial attack. We have already seen Russia-affiliated ransomware-as-a-service group REvil use Kaseya’s network management and remote control software to not only move within the Kaseya network but also to extend its reach to their customers. In 2022, hackers will try to improve the lateral movement concept for internal networks and apply it to an entire partner network with misconfigured APIs, which serve as a gateway from the Internet into the environment of a company.
Hackers blackmail Olympic athletes during the Beijing Olympics
Hackers crack accounts of various athletes and find incriminating email exchanges regarding performance-enhancing drug use and insights into an individual’s private life. This will result in athletes being blackmailed to aid hackers in cyberattacks on their home countries or to face incriminating evidence.
Individuals, not infrastructure, will be the main threat at the 2022 FIFA World Cup in Qatar
Joanne Wong, Vice President for International Marketing
Qatar has made significant investments in Online Safety before the 2022 FIFA World Cup. Much of the travel and ticketing for the event has been digitized and is susceptible to attacks by cyber criminals. We predict that in addition to large-scale failures or organizational attacks, Cyber criminals will also appeal to the large number of high profile visitors to the tournament. The organizers will be prepared to handle the huge attack surface surrounding the tournament, but what about individuals?
Phishing and social engineering are used to steal personal and financial information that criminals can monetize. We believe that promotional emails or fake websites related to the World Cup from the travel and hospitality industries will be used to collect personal information and put individuals at risk. Cyber criminals will recognize the work Qatar has done to prepare for the tournament and may focus on exploiting human nature rather than digital infrastructure. “
There will be a successful large-scale attack using open source software
Matt Sanders, director of security
Malicious actors have repeatedly demonstrated their technological ability to infiltrate and compromise organizations. The same skills are increasingly being applied to the open source software ecosystem (which welcomes all contributors), where attackers can intentionally inject vulnerable code into widely used open source software components.
This would make it possible Cyber criminals to exploit vulnerabilities on a large scale and is aimed at companies that have developed products using open source technology without reviewing the code before it is copied and pasted into their platforms. Such attacks can be extremely difficult to detect. It is likely that there are several instances of such attacks already today in widespread open source software that will be found in the coming year.
#Experts #share #cybersecurity #predictions #ValueWalk