2022 Cyber Predictions: Personalized Phishing Will Require More Defense Specificity

This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.





Troy Gill, Senior Manager of Threat Intelligence at Zix I App River


Beware Manufactures: Sector Will Experience Double-Digit Increase in Cyberattacks


Manufacturing is already a rich target for those seeking to carry out attacks on critical infrastructure. As supply chain issues continue well into 2022, this period of disruption will provide ample opportunities for attackers, who thrive in times of increased uncertainty. This will make the manufacturing and distribution industry the most targeted industry for cybercriminals next year.


Personalized Phishing Will Require More Defense Specificity


Spear-phishing attacks, which involve cybercriminals personalizing emails to fit a smaller group of individuals than traditional tactics and appear more authentic, are not going anywhere. As the rise in personalized phishing gives way to new customization tactics in 2022, organizations will respond by prioritizing building more specificity into their email defenses.


SMBs Must Be Prepared for Ransomware-as-a-Service Proliferation


In 2022, the Ransomware-as-a-Service model will see continued growth as it has proven to be an incredibly efficient vehicle for maximizing profits. While the growth trajectory is staying the same, the primary target of ransomware attacks will not. Government involvement in defense of critical infrastructure will motivate ransomware groups to target SMBs in order to draw less attention than larger, high-profile targets.



There Will Be Greater Coordination and Collusion Between Threat Groups

As we have seen with the evolution of Malware-as-a-Service and Phishing-as-a-Service, threat actors are willing to join forces for mutual success. This was further demonstrated in the aftermath of the Emotet cybercrime services takedown earlier this year. After Emotet services were disabled by law enforcement, Trickbot malware operators stepped in and began re-seeding Emotet infections to get them back into operation. As a result, we saw malicious email traffic from Emotet in [insert date] for the first time since the takedown in January 2021. Even threat actors competing for profits see the value in having a greater variety of threat actors in operation. They can leverage them as a service or even to better hide their activities in the noise. That is why in 2022, we will see cybercriminals form even more robust working relationships to facilitate their continued success.


###