Chimara Bygold
Security experts and advisors at HP Inc. have warned there could be increased supply chain and ransomeware gang attacks putting lives at risk in 2022.
In their top cybersecurity predictions for the year, tech experts and advisors at HP Inc. foresee threats ranging from ransomware pile-ons to increasingly commoditized supply chain TTPs, weaponized firmware exploits and targeted attacks on hybrid workers.
Join our WhatsApp Channel
The projections say the threat landscape is set to evolve at a worrying pace in 2022.
As 2021 drew to a close, HP security experts and advisors reflected on what the year 2022 could have in store and presented insights from Michael Heywood, Supply Chain Security Lead; Joanna Burkey, CISO; Dr. Ian Pratt, Global Head of Security for Personal Systems; Patrick Schläpfer, Malware Analyst; Alex Holland, Senior Malware Analyst; Julia Voo, Global Lead Cybersecurity and Tech Policy; and Michael Howard, Head of Security and Analytics Practice; alongside HP Security Advisory Board member and Partner at Deloitte, Robert Masse.
They identified four key trends to look out for in 2022.
They said that increasing commoditization of software supply chain attacks could result in more high-profile victims targeted.
According to the forecast, supply chain attacks are likely to continue to present new opportunities for threat actors in 2022. According to Michael Heywood: “We’ll see supply chain attacks continue to rise in 2022 as threat actors search for weak links in software supply chains, targeting software being used widely and globally, or used by a specific company.”
Joanna Burkey explains that, “this approach could create economies of scale for threat actors: “With the Kaseya breach – which impacted over 1,500 companies – we saw that supply chain attacks can be financially rewarding. This could lead to the continued commoditization of the tactics, techniques, and procedures (TTPs) used to conduct such attacks. This only adds fuel to the fire, giving threat actors more than enough motivation to exploit software supply chains this year.”
,
Ian Pratt says both SMBs and high-profile victims may be targeted: “Kaseya demonstrated a pathway to monetization for independent software vendor (ISV) breaches. This should be a wakeup call to all ISVs that even if their customer base doesn’t consist of enterprise and government customers, they can still be caught in the crosshairs of attackers looking to exploit their customers. Now that this blueprint is in place, we could see these types of attack become more widespread this year, targeting both SMBs and high-profile names.”
Some verticals are more likely to be targets of supply chain attacks than others, as Robert Masse explains: “Healthcare firms, as well as those in Energy and Resources (E&R), that use lots of different hardware and software from various vendors will be interesting targets for software supply chain attacks. Supply chain integrity will be vital in 2022, as attackers begin launching attacks quicker than organizations can invest in secure software development cycles.”
The cybersecurity experts urged organizations to be aware of threat posed by vulnerabilities in open-source software. According to Patrick Schläpfer: “We’ll see an increase in open-source software packages containing malicious code. Attackers will proactively inject new threats into open-source libraries that feed into software supply chains. This could lead to more companies being compromised, regardless of whether they have a secure perimeter or good overall posture.”
