Experts Share Their Predictions For Cybersecurity

Published on

Cybercriminal groups old and new inundated the security landscape with one major attack after another in 2021.

Get The Full Henry Singleton Series in PDF

Get the entire 4-part series on Henry Singleton in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q3 2021 hedge fund letters, conferences and more

James Carder, Chief Security Officer & Vice President of Labs

A Leading Country Producing Semiconductor Chips Will Have Its Supply-Chain Compromised, Resulting In Major Shortages Of Critical Materials

As we have seen with the pandemic, cybercriminals will take advantage of periods of societal disruption to manipulate companies and governments for financial gain. The global chip shortage, which shows no sign of slowing down as some experts estimate it could last through the end of 2022, is another period of disruption that hackers will soon exploit. As countries seek to ramp up production, one country will be caught attempting to corner the market by using fraudulent methods to gain access to the production and supply of the leading chip-producing countries. This will result in shortages of critical supplies, as well as soaring prices for basic goods.

The Supply Chain Of A Major Vaccine Manufacturer Will Be Halted By Ransomware

In 2021, ransomware attacks crippled Colonial Pipeline and JBS. In 2022, cybercriminals will set their sights on carrying out a ransomware attack against one of the pharmaceutical companies producing the COVID-19 vaccine. This will interrupt the production of critical booster shots and keep many other lifesaving drugs from reaching patients. The resulting fallout will fan the flame for foreign and domestic vaccine disinformation campaigns.  

Cybercriminals Will Leverage API Vulnerabilities To Breach Multiple Company Networks At Once

Cyberattackers commonly use lateral movement techniques to move through an organization’s network after carrying out the initial breach. We have already seen the Russia-linked REvil ransomware-as-a-service group leverage Kaseya’s network management and remote-control software to move not only within Kaseya’s network but extend its reach to its customers. In 2022, we will see hackers seek to up-level the lateral movement concept for internal networks and apply it to an entire partner network using misconfigured APIs, which serve as a doorway from the internet into a company’s environment. 

Hackers Will Blackmail Olympic Athletes During The Beijing Olympics

Hackers will breach various athletes’ accounts and find incriminating email exchanges regarding the use of performance-enhancing drugs and insight into the individual’s personal life. This will result in athletes being blackmailed into helping hackers carry out cyberattacks on their home countries or face the release of incriminating evidence.  

Individuals, Not Infrastructure, Will Be Top Threats At The 2022 FIFA World Cup In Qatar

Joanne Wong, VP of International Marketing

Qatar has made significant investments in cybersecurity ahead of the FIFA 2022 World Cup. Much of the travel and ticketing for the event have been digitized and are vulnerable to attack from cybercriminals. We predict that in addition to large-scale outages or organizational attacks, cybercriminals will also be targeting the large number of high-value visitors to the tournament. Organizers will be prepared to manage the large attack surface surrounding the tournament, but what about individuals?

Phishing and social engineering will be used to steal personal and financial information that criminals can monetize. We predict that promotional emails or fake websites related to World Cup from the travel and hospitality industries will be used to capture personal data and compromise individuals. Cybercriminals will recognize the work that Qatar has done to be prepared for the tournament and may focus on exploiting human nature rather than digital infrastructure.”

There Will Be A Successful Large-Scale Attack Delivered Through Open-Source Software

Matt Sanders, Director of Security 

Malicious actors have repeatedly demonstrated their technological aptitude at infiltrating and compromising organizations. Those same skills will be increasingly applied to the open-source software ecosystem (which welcomes all contributors), where attackers can intentionally introduce vulnerable code to widely used open-source software components.

This would allow cybercriminals to exploit vulnerabilities on a massive scale, targeting companies that have built products using open-source technology without reviewing the code before copying and pasting it into their platforms. Such attacks can be extremely difficult to detect. It is likely that several instances of such attacks are already present in widely used open-source software today, which may be found in the year to come.