By Guido Grillenmeier, Chief Technologist, Semperis
Attackers will find routes into the cloud that start on your on-premises server
On-premises Active Directory (AD), Windows’ directory service, remains a wide open weak spot in most companies. As the core of Windows operating systems, AD manages user permissions and holds the key to numerous business-critical processes and services – but its default configuration makes it an easy target. While businesses are increasingly shifting workloads from on premises to the cloud, AD remains a foundational piece of infrastructure for both environments for 90% of organisations, and it’s not going anywhere anytime soon. Cybercriminals know this and are increasingly using AD weaknesses as an inroad for attacks against data and applications in the cloud, thus bypassing classic cloud protection systems.
Attackers will increasingly target identity systems
As the recent Facebook outage showed, when core identity providers go down, those applications that depend on them for user authentication are affected too. The more users rely on shared infrastructure, the more impactful outages will be. This makes large identity providers a perfect target for hackers. For the fast-growing number of businesses around the world that depend on the Microsoft Azure cloud, Azure AD acts as a major identity provider, authenticating countless users every minute. Hackers compromising Azure AD could therefore take out several apps at once and do damage on a large scale.
Zero trust will become the default in many organisations
With hybrid workspaces here to stay, organisations need to ensure safe identity management in the cloud. More businesses will adopt zero-trust authentication and access models as the necessity for the protection of cloud identities increases.
Sophisticated ransomware attacks will come from unsophisticated attackers
Sophisticated ransomware attacks are no longer the preserve of nation states. In 2022, anybody can access the tools to carry them out. Ransomware-as-a-service is another way that unskilled actors are getting the job done—by contracting out to groups like LockBit 2.0 to do the dirty work. As attackers seek to make maximum profit, campaigns that steal and threaten to reveal information gain popularity. Once data has been extorted, attackers may then come back asking for regular payments.
The ransomware crisis will reach fever pitch before governments take significant action – fuelled by the fact that there is no shortage in vulnerable systems that can be attacked. What’s worse, any remaining morality filter has been removed. Attackers no longer care about the physical impact they cause, for example by attacking critical infrastructure and hospitals where lives could be at risk. As a result, critical everyday services could become unavailable, prices could go up and we could find ransomware affecting our daily lives.
A rise in intellectual property theft
Large companies will have a hard time protecting their intellectual property against digital espionage. Businesses are having to manage increasingly complex IT systems with the same or fewer staff, and are finding it difficult to fill highly skilled security positions. Cybercriminals will continue to find easy ways into an organisation by attacking a smaller or newer company higher up the supply chain that hasn’t got strong cyber defences in place, so there is no doubt that we will see more supply chain attacks in the new year. We may see bad actors deploying artificial intelligence as they have the money and resources to do so.