Trends and Forecasts - Malware in 2022

Security researchers with FortiGuard Labs recently published a lengthy blog post and a report on their expectations for the shape and development of the cyberthreat landscape going into 2022. The prognosis includes a heavier focus on cryptocurrency wallets and an increase in the capabilities and reach of threat actors at large.

The report mirrors sentiments shared by other security researchers looking specifically into ransomware and how it might develop in the future. What FortiGuard focuses on is the dangerous increase of the toolkits and capabilities of cybercriminal groups.

The expectation for 2022 is to have cybercrime groups who have access to resources and tools that were previously only available to what infosec calls APTs - advanced persistent threat actors, usually state-sponsored groups of hackers.

However, researchers are noticing a trend that even non-state-backed threat actors are gaining resources, mostly through successful ransomware hits, that allow them to purchase zero-day exploits - something that was considered a "privilege" of APTs.

FortiGuard also expects a gradual shift from trying to target banking and regular money operations to trying to pull off "localized wallet heists". The expectations are for an increasing number of tools showing up on the malware landscape, specifically designed to steal crypto credentials and ultimately - empty digital wallets.

On the ransomware landscape, FortiGuard expects bad actors to keep adding to their ever-expanding toolkit of thumbscrews and additional ways to extort ransom, in addition to file encryption. Threats to leak sensitive information have been around for a long time now, but ransomware gangs are expected to start piling on additional attacks along with the ransomware, such as DDoS, in an attempt to simply create too much work for the victim's IT team or any additional help brought onboard.

Researchers expect hackers to also start zeroing in on less common targets, such as Linux systems. This is all part of a bigger plan to expand the viable attack surface as much as possible and create as many opportunities as possible for the bad actors.

November 24, 2021