How will the cybersecurity landscape twist and turn during 2022? Wade Lance, Field CTO at deception and identity risk company Illusive tells Digital Journal that the main issues will stretch from arrest excitement to ransomware rebrands.
Lance expects 2022 will be quite the year when it comes to security.
Digital Journal: Will cybercriminals and ransomware operators see recent arrests as disincentives or incentives?
Wade Lance: Law enforcement has been making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. While some of these efforts have been successful and may prevent more damage from being done, it is important to realize that headline news is a lightning rod for more attacks.
Successful attacks breed copycats, and their arrests make room for replacements. Malicious actors are opportunistic. Of course they don’t want to get busted and they don’t want authorities taking down their infrastructure, but these arrests are an incentive to get into the ransomware market and a learning experience on how to adapt their tactics. I expect a new wave of ransomware operators that use tier 2-3 cryptocurrency to avoid tracking, remotely-located operations to avoid extradition and arrest, and the hardening of operational security to avoid infrastructure takedown.
DJ: What tactics are ransomware groups engaging in? Have many gone to ground?
Lance: Don’t believe the hype. REvil and BlackMatter are not “shutting down” due to external pressure from the government and law enforcement agencies. We’ve seen these groups disappear and then pop back up a few months later, sometimes with a new name. Before BlackMatter it was DarkSide. It’s like Soundgarden breaking up, only to come back with some adjustments as Audioslave, then going solo as Chris Cornell. These transformations for ransomware groups will become the source of new attacks. This isn’t just re-branding, it’s re-architecting.
There will be new methods of initial attack and penetration, and enhanced approaches to move laterally in the network. There will be new methods of operation to avoid arrest and infrastructure takedown. And there will be loosely affiliated networks of solo operators that pick and choose who they work with through a robust cybercrime underground, just like rotating new drummers through a band. In 2022 we expect to see more aggressive and complex ransomware efforts.
DJ: How important is zero trust?
Lance: If 2021 was the year that Zero Trust security reached mainstream IT — and it was — then 2022 will become the realization that it cannot be done without identity first. At its core, Zero Trust is all about authenticating and authorizing access policies that have been designed to provide the least privilege, for the least amount of time, to the least amount of assets. After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory, and there are volumes of exploitable identity risks at every organization. The only companies that are going to successfully operate with a Zero Trust framework are those that start by sorting out their actual identity risks. And it is going to take more than Active Directory (AD), privileged access management (PAM), multi-factor authentication (MFA) and single sign-on (SSO) solutions to manage the risk.
DJ: How will business change?
Lance: Privileged access management (PAM), Active Directory (AD) and single sign-on (SSO) solutions have historically been the responsibility of the IT team. IT teams have a different perspective than security teams; they want to make sure that things go fast, so they try to remove any source of friction. But when AD and PAM are all about making things go fast, then security takes a back seat — and identity has become too important to leave these risks up in the air.
Organizations need to assign security teams to manage these identity solutions, and hire a director to manage the team (and they all report to the CISO), or there will never be a change in that high-risk mindset, and there will never be Zero Trust because the identity is exploitable. In 2022 we expect to see organizations increasingly moving identity management systems into the CISO organization.