2022 Cyber Predictions: Attackers Will Increasingly Target Identity Systems

This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.










Sean Deuby, 15-year Microsoft MVP and Director of Services at Semperis and Guido Grillenmeier, Chief Technologist at Semperis:


Attackers will find routes into the cloud that start on your on-premises server


On-premises Active Directory (AD), Windows’ directory service, remains a wide-open weak spot in most companies. As the core of Windows operating systems, AD manages user permissions and holds the key to numerous business-critical processes and services – but its default configuration makes it an easy target. While businesses are increasingly shifting workloads to the cloud, AD remains a foundational piece of infrastructure for 90% of organizations, and it’s not going anywhere anytime soon. Cybercriminals know this and are increasingly using AD weaknesses as an inroad for attacks against data and applications in the cloud, thus bypassing classic cloud protection systems.

Attackers will increasingly target identity systems


As the recent Facebook outage showed, when core identity providers go down, those applications that depend on them for user authentication are affected too. The more users rely on shared infrastructure, the more impactful outages will be. This makes identity systems a perfect target for hackers. For the fast-growing number of businesses around the world that depend on the Microsoft Azure cloud, Azure AD acts as a major identity service, authenticating countless users every minute. Hackers compromising Azure AD could therefore take out several apps at once and do damage on a large scale.


Zero trust will become the default in many organizations


With hybrid workspaces here to stay, organizations need to ensure safe identity management in the cloud. More businesses will adopt zero-trust authentication and access models as the necessity for the protection of cloud identities increases.


Sophisticated ransomware attacks will come from unsophisticated attackers


Sophisticated ransomware attacks are no longer the preserve of nation states. In 2022, anybody can access the tools to carry them out. As attackers seek to make maximum profit, campaigns that steal and threaten to reveal information gain popularity. Once data has been extorted, attackers may then come back asking for yearly payments.

The ransomware crisis will reach fever pitch before governments take action – fuelled by the fact that there is no shortage in vulnerable systems that can be attacked. What’s worse, any remaining morality filter has been removed. Attackers no longer care about the physical impact they cause, for example by attacking critical infrastructure and hospitals where lives could be at risk. As a result, critical everyday services could become unavailable, prices could go up and we could find ransomware affecting our daily lives.


A rise in intellectual property theft


Large companies will have a hard time protecting their intellectual property against digital espionage. Businesses are having to manage increasingly complex IT systems with the same or fewer staff, and are finding it difficult to fill highly skilled security positions. Cybercriminals will also find easy ways into an organisation by attacking a smaller or newer company higher up the supply chain that hasn’t got strong cyber defences in place, so there is no doubt that we will see more supply chain attacks in the new year. We may see bad actors deploying artificial intelligence, as they have the money and resources to do so.


###