Three regional cyber conflicts could lead to infrastructure attacks and damaging cyber espionage in 2022, a new report from cyber analytics company CyberCube says.
Cyber hostilities between Israel and Iran, India and Pakistan, and China and Japan could spill into other regions or lead to the development of new attack vectors, according to the report titled “Global Threat Briefing: threat actor activity update and predictions for H1 2022.”
The report said close monitoring of regional cyber conflicts was important for wider cybersecurity as these smaller-scale hostilities were often a breeding ground of “adversarial innovations.”
“We monitor these regional cyber conflicts for indications that the boundaries of acceptable behavior have been pushed past historic precedent. We’ve seen how this played out in the past with Russia’s critical infrastructure attacks on Ukraine,” commented William Altman, CyberCube’s principal cybersecurity consultant.
“Common activities to observe in these hotbeds include espionage, disruption and destruction. They’re real breeding grounds for new modes of attack,” he added.
“Espionage attacks are currently still more prevalent than destructive attacks. However, increasingly there are nation state threat actors who are financially motivated and focused on intellectual property theft as well as ransom. In particular, researchers have noted the rise in ransomware operations emanating from North Korea and Iran,” he said.
Russia is the source of the lion’s share of nation state cyber attacks observed in the past year (58 percent), followed by North Korea (23 percent), Iran (11 percent) and China (8 percent), said the report, quoting Microsoft.
The report identifies four industries that CyberCube believes will be targeted by cyber criminals—especially ransomware actors—in 2022. These are: healthcare, education, manufacturing and utilities. CyberCube expects to see ransomware threat actors targeting software supply chains.
CyberCube noted that the global proliferation of ransomware has now reached the scale at which claims are outpacing premiums, thus threatening the profitability of the cyber insurance and reinsurance markets.
“Since early 2020, emerging threats such as ransomware-as-a-service (RaaS) have matured into systemic issues, dramatically changing the market for cyber re/insurance,” said the report. “The cyber market is currently being driven by a demand and supply imbalance, with the classic hard market showing little sign of abating any time soon.”
The report noted that ransomware actors “learn from each other’s (often leaked) playbooks and experiences, and the chances of their success increase with each subsequent attack.”
“This year will certainly be an active one for cybersecurity and the insurance industry. New levels of cooperation between nation state actors and criminal gangs will likely be emerging and new thresholds of acceptable tolerances will be tested at the nation state level,” said Darren Thomson, CyberCube’s head of Cyber Security Strategy.
“This will certainly lead to collateral damage that will impact business. The big question is: How can a company grapple with a complex threat landscape and maintain profitability amidst what is a hardening market for cyber insurance?” Thomson continued.