Cybersecurity for 2022

Merry Christmas to ALL ... hope the heartily feast with family and friends delighted 2021. Well, new year (2022) is just round the corner and there have been a lot to learn from breaches, vulnerabilities, and attacks this year (2021). What would we be expecting for in year 2022 and how can we help to solve ? Let's read on in my personal blog ...

What has happened in 2021 ?

Recently, I have read into DarkReading article about 7 of the Most Impactful Cybersecurity Incidents of 2021, with summarized descriptions of these cyber vulnerabilities and attacks to stage a good learning experience for us to pro-actively plan for preventive cyber strategies and mitigation response.

7 of Most Impactful Cybersecurity Incidents of 2021 from DarkReading:

1. Log4j Vulnerability That Shook the Industry
2. Colonial Pipeline Attack Elevated Ransomware to a National Security Issue
3. Kaseya Breach Focused Attention (Once Again) on Supply Chain Risks
4. Exchange Server (ProxyLogon) Attacks Fueled a Patching Frenzy
5. PrintNightmare Highlighted the Persistent Risks of Windows Print Spooler Technology
6. Accellion Intrusion Served as an Example of the Breach-Once/Compromise-Many Attack Trend
7. Florida Water Utility Hack Was a Reminder of Critical Infrastructure Vulnerability to Cyberattacks

Many organizations started this year with the struggle of addressing the SolarWinds supply chain attack, and now the Log4j vulnerability has given us a signal to embark urgently on a long-term risk-management strategy to mitigate Zero-Day threats.

About Apache Log4j Java Library Zero-Day Vulnerability

Log4j vulnerability has shaken industries. Earlier this month (Dec 2021), Apache disclosed and patched a remote code execution vulnerability in its popular Java logging library, which is used in nearly every enterprise app and service from vendors.

NTT Global Threat Intelligence Center (GTIC) also reported that recently discovered the Log4j vulnerability is now being exploited to infect Windows devices with the Dridex banking Trojan and Linux devices with Meterpreter.

• Dridex is known for targeting online banking users to steal their credentials. More recent variants of Dridex have additional capabilities such as conducting surveillance activities, uploading additional malware, and propagating to other devices.
• Successful deployment of either Dridex or Meterpreter could allow attackers to deploy further payloads or remotely execute commands on an affected device.

NTT's Bruce Snell, VP of security strategy and transformation at NTT Security, shared in LightReading Podcast on 'wide sweeping ramifications' of Log4j vulnerability.

"A vulnerability as core as Apache has huge impact ... If you look at Kaseya this last year and SolarWinds previously – all these things illustrate a bigger issue that's building and will come to heads pretty soon, which is vulnerabilities in the overall supply chain," said Snell

The past year has thrust cybersecurity into the spotlight and created a renewed focus on evolving security strategies for both the private and public sector. The matter of fact is that Log4j’s vulnerability is just the wake-up call where software bugs may result with significant potential consequences (weaken the digital infrastructure) and the SolarWinds hack reminded organization that “you're only as good as the weakest link in your supply chain".

In 2022, we can expect cybercrime cartels will continue to seek ways to hijack the digital transformation of organizations to deploy malicious code, infiltrate networks, and gain persistence in systems globally.

How would we help to secure 2022 & beyond ?

Open source is here to stay and the cloud is catalyzing its growth. As such, 2022 will be a year of Zero Trust where organizations would 'verify everything' versus trusting it’s safe.

Biden administration also mandate a Zero Trust approach for federal agencies, and this will influence other industries to adopt a similar mindset with the assumption that they will eventually be breached.

A Zero Trust approach will be a key element to fend off new attacks in 2022, while also mitigating the fallout from the Log4j vulnerability and other hidden fallout threats. Organization will be better prepare proactively, instead of panicking over Zero Day cyber threats.

Below-mentioned are some of the potential threats to be surfaced in 2022... need to be aware and be prepared:

New dawn of Supply Chain Attack

In my personal perspective gained from past engagements, Log4j, Colonial Pipeline, JBS, Kaseya, etc Zero Day threats will continue to motivate organizations to rapidly adopt a Zero Trust approach. In 2021, organizations have been battling against Zero Day threats with massive proliferation of hacking tools, vulnerabilities, and advanced attack capabilities that caught many organization/defenders by surprises. As such, in 2022, organizations will need to monitor networks and services vigilantly for suspicious activities and potential intrusions. Implementing practices associated with Zero Trust philosophy like microsegmentation, threat hunting, and advanced telemetry capabilities can help ensure organizations are not the gateway to or victim of a severely damaging attack.

Insider threats may pose a new challenge for organizations as the job market continues to shift

As I have read on Singapore Straits Time business article published on 10 Dec 2021 on Great Resignation, we will be expecting a new growing challenges associated with insider threats.

The sheer number of employees leaving their jobs and potentially still having access to the network or proprietary data has created a headache for IT and security operation teams tasked with protecting the organization valuable asset (data). Insider threats have become a new, distinct challenge for organizations as they try to balance employee turnover, employee onboarding and the use of non-sanctioned apps and platforms.

In 2022, we would expect to see the increase of insider threat incidents cases. Attackers will be planning to start targeting employees to carry out their attacks or plant ransomware. As a result, new protocols, guidelines, and security controls such as DLP will be established as organizations work to keep networks and sensitive data protected.

Linux-based operating systems will become a key target for cybercriminals

Linux has been used for majority of cloud workloads and website hosting on Internet. As such, Linux-based operating system will become the key driver behind nearly all digital transformation projects undertaken by organizations. Hence, the security of Linux environment has become critical as hackers may have started to target Linux-based hosts with various threats – from RATs and web shells to cryptominers to ransomware.

Many organizations are focusing their attention on Windows-based malware and might find themselves blind to this emerging threat in Linux until it's too late. Hence, it would be advised to continue monitor both Windows and Linux Environment -- this would put new demands on incident detection and response such as EDR to ensure the safety of the infrastructure.

Raising threats due to unsecure multi-cloud environments

With multi-cloud environments on the rise, the attack surface will continue to expand and allowing greater proliferation of common ports and protocols to be used by the adversary to move laterally and exfiltrate data once inside an organization’s network.

In 2022, we may notice adversary focus their efforts on hiding within the common undetected cross multi-cloud networks. Having visibility into cross multi-cloud enivornment to identify the adversary will become more essential than ever before when defending today’s multi-cloud environments.

In 2022, the use of CASB will be highly adopted by organization to protect cloud-based data by means of control and protect organization's applications on the cloud, along with the usage of SaaS applications, IaaS, and PaaS.

Cyberattacks on critical industries disrupting human lives

In case of Colonia Pipeline, Ireland Healthcare, Florida Utility, etc hacks, cybercriminals have been adopting a style of attacks that seek to cause disruption to human lives.

The attack on Colonial Pipeline that triggered a fuel shortage along the U.S. East Coast, ranging to the attack on Ireland’s healthcare system that effectively shut down the entire country’s hospitals, are only the beginning. Bad actors will continue to based on past success case to target critical industries such as energy, healthcare and finance with the intent to cause panic while cashing in on a ransom payment. The results of a successful attack can be expensive and dangerous, ranging from cancelled hospital surgeries and rerouted ambulances to people waiting hours at a gas station for fuel. This will be an area that is of real interest to nation-states looking to cause disruption abroad.

Takeaway Notes

Enterprise access and security have become more complex and constantly changing. Today’s cloud environments can be hostile as they are hosting business-critical applications and data, making them ripe for attack by hackers who would enjoy their championship to steal, destroy, or hold hostage sensitive data, such as personally identifiable information (PII), intellectual property (IP), and financial information for personal gain.

While no security strategy is perfect and data breaches will never be totally eliminated. But Zero Trust reduces the attack surface and limits the blast radius to reduce the impact and severity of a cyberattack. As such, Zero Trust approach also help to reduce the time and cost of responding to and cleaning up after a data breach. 

A personal note to share for cyber awareness ... in the meanwhile, wish all readers a safe, secured, blessed 2022 ahead.

Much Appreciated.

Your Sincerely, Philip