Paris – Mandiant publishes its prediction report – 14 cybersecurity predictions for 2022 and beyond.

“The only constant in our industry is uncertainty in the cyber realm. Attackers are constantly evolving: they are becoming more sophisticated and changing their tactics, techniques and procedures to try to get a head start on defenders,” said David Grout, Chief Technology Officer, EMEA at Mandiant. This report provides security leaders with an overview of what to expect in 2022 and beyond, based on the trends we are currently seeing. Organizations have a lot to keep in mind for next year, but staying vigilant will allow them to defend themselves against future threats – and respond to those that inevitably pass.”

The main cybersecurity threats identified in the report are:

France at the centre of attention:

2022 and the years that follow will put France at the heart of geopolitical but also sporting attention. Events such as President Macron’s assumption of office as President of the European Union or the French presidential elections in the first half of the year could catalyze the risks for the country of being targeted. Mandiant can envisage for 2022 new attempts by cybercriminals to influence or discredit as observed during the last elections, when one candidate was the victim of Russian APT groups. 

The role of France in the preparation of the 2024 Olympic games and in the organization of the Rugby World Cup 2023 will also be risk accelerators for the country, and the companies working in the field. Recent news such as the Ghostwriter campaign (UNC1151) only serve as a reminder of the importance of combating disinformation in democratic countries.

Iran maintains its aggressive stance

Iran will use its cyber tools much more aggressively to advance its regional interests. Iran will also continue to target Israel and other countries in the Middle East. Iran has shown its ability and willingness to use destructive malware, so it is expected to take advantage of every opportunity that arises. Ultimately, Iran will try to create a balance of power for the benefit of its own interests. Mandiant has seen Iran target abroad, but Iran’s targeting will most likely be regional in 2022 with a risk of geographical spread via companies with local interests.

No end in sight for ransomware 

The threat of ransomware has increased significantly over the past decade, and this upward trend will continue. The ransomware business is simply too lucrative, unless international governments and technological innovations fundamentally change the cost-benefit calculation of attackers.

Criminal operators engaged in increasingly complex extortion campaigns will continue to find more ways to force their victims to pay (e.g. blackmail, pressure, data theft). In 2022, Mandiant expects actors to adopt new tactics, such as recruiting moles/collaborators within their victims’ organizations. Cybercriminals are expected to evolve their techniques, operations and organizations to best target their victims.

Focus on Operational Technologies (OT)

Throughout 2021, Mandiant observed that unsophisticated threat actors learned that they could have a significant impact in the OT space, perhaps even greater than expected. In 2022, cybercriminals will continue to explore the OT space and will increasingly use ransomware in their attacks. 

Attacks on critical OT environments can cause serious disruption and even threaten human lives, increasing the pressure for organizations to pay a ransom. To compound the problem, many of these OT devices are not built with security at the forefront of the design, and there is a massive increase in the number of vulnerabilities identified in OT environments.

Cloud and third parties introduce new choke points

Organizations will continue to rely increasingly on the cloud and cloud-hosted third-party providers for key business activities, increasing the pressure on these third parties to maintain both availability and security. Mandiant’s proportion of investigations into responses to incidents involving cloud resources has  increased in recent years, and the company expects cloud compromise and abuse to continue to grow alongside enterprise cloud adoption throughout 2022.

More Internet of Things (IoT) devices, more vulnerabilities, more attack surface

As the number of IoT devices increases, there will be more vulnerabilities to be spotted by bug hunters. These devices are connected, and the overall attack surface extends with the potential for significant impact. Unfortunately, there has not been enough focus on ‘security by design’ of IoT devices to address these issues, so the situation could worsen in the coming years.

To read in detail the report on Mandiant’s predictions, click here.

About Mandiant, Inc. 

Since 2004, Mandiant® has been a trusted partner for security-conscious organizations. Effective security relies on the right combination of expertise, intelligence and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of front-line experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cybersecurity programs and gives them confidence in their ability to defend against and respond to cyber threats.