One cyber training firm hopes so: its many predictions include ‘nuclear’ ransomware 3.0, metamorphic malware, and the rise of dark-economy mergers.

In the year ahead, three trends are expected in the Asia Pacific region, as security awareness advocate Jacqueline Jayne of KnowBe4 explained.

In terms of security awareness, Jayne noted that many of cybersecurity e-conferences in the region had a greater focus on the ‘human element’ of cybersecurity than in 2020.  This is expected to remain in a positive direction in 2022. Maybe that will be the year that company-wide KPIs related to cybersecurity expectations (training, behavior and reporting) will be implemented.

In terms of global skills shortages, the world should and may move away from the focus on Science, Technology, Engineering and Math, and instead embrace the emphasis on ‘cyber life skills’.  As the general public begins to understand Industry 4.0 there will be greater opportunities for non-technical people to move into the field of cybersecurity.

In terms of the general cybersecurity landscape, there will continue to be a silo mentality (“cybersecurity is IT’s responsibility”) plus lack of internal collaboration in most organizations globally. Until everyone accepts that cybersecurity is everyone’s responsibility, we will see the same results of the previous years—with cyberattacks increasing in quality and quantity.

For the cybersecurity landscape the firm’s global team of security awareness advocates predict nine trends are heading our way:

  1. Nuclear Ransomware 3.0
    Ransomware gangs are morphing into ‘everything gangs’. Instead of just doing ransomware and data exfiltration, they are doing crypto-mining, botnet creation, DDoS attacks, etc. The attack gangs of the future will look at every new victim as a pot of gold and try to figure out what to do and in which order to maximize financial value extraction.
  2. New metamorphic malware
    A new dangerous and persistent malware family called Tardigrade is a new strain of Windows malware. It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. This ‘metamorphic’ ability prevents the malware from leaving a consistent signature behind, making it very hard for programs to spot. It contains the sneaky ability to spread both via phishing emails and USB devices.
  3. Virtually Pwned
    Meta, (formerly known as Facebook) will entice masses to join the Metaverse. This will spawn a rush to establish dominance in the virtual world. As a result, hackers will also be drawn into this world, and we will see virtual attacks against both individuals and organizations. We will see an explosion of bad things happen to people and resources in the virtual world: virtual looting, virtual theft, account takeovers and more creative criminal exploits. 
  4. Political/Financial circuses from deep fakes disinformation
    In 2022, we will see a coordinated disinformation campaign that will rely heavily on deep fakes and manipulated footages to cause political/financial circuses. Deep fakes could be used to manipulate a certain political party’s views by stating false opinions, promises or beliefs of a particular candidate. This could cause a chain reaction of certain organizations pulling funds from a political campaign based on statements made by the deep fake.  
  5. Attacks against cryptocurrencies will hit real world economies
    A major cryptocurrency will be attacked, causing billions of dollars in lost value either through direct theft or in value loss. Many individuals and organizations will be severely impacted and it will be referred to as the Black Crypto Day.
  6. Major EU utility provider will be crippled in a novel way other than via ransomware
    Most likely somewhere in Eastern Europe, we will see some bad actors cut off the power grid, gas and water systems. Then we will watch in horror as phones, tablets and laptop batteries die, and hackers will hand out an olive branch that many will be ready to accept, but at what cost? 
  7. Someone will hack back bad actors and trigger an international incident 
    An overly eager security researcher will think they have identified the culprit behind a major attack. In an act of retaliation, they will hack back, only to discover they did not attribute the attack correctly. This will cause a major international incident and the organization responsible will be placed under extreme scrutiny.
  8. The rise of Dark Economy mergers and acquisitions 
    Many criminal gangs have become extremely wealthy. In fact, some shady organizations are large enough to be listed on a stock exchange. So, we will see a more formalized dark economy emerge with some M&A activity taking place as some gangs will look to cash-in by selling their organization while others look to grow in capability and reach.   
  9. When AI goes wrong In 2022
    We will see the first wave of intelligent attack bots. The future is ‘good threat hunting bots’ versus ‘bad bots’—and the best algorithm wins.

According to Stu Sjouwerman, CEO, KnowBe4: “I think we are starting to see more of a focus on the human element, including human behavior, of cybersecurity protection measures. This is a positive shift in direction because people can implement all of the technical tools and controls in the world, but if they do not focus their efforts on the human layer of security, they are going to run into challenges. At the end of the day, a strong security culture is what truly matters and what we will see organizations focused on as we move into 2022.”