2022 Cyber Predictions: The Line Between Cybercrime and Nation-State Attacks Will Continue to Blur

This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.









Kevin Hanes, CEO, Cybrary


Ransomware attacks will continue to increase and someone finally pays the full price for meeting demands.


Even though ransomware attacks over the past couple years have been bad, they were only the tip of the iceberg. Given the extensive financial motivations for ransomware gangs and their utilization of insider threats, even current legislation and the Biden Administration's cybersecurity executive order aren’t going to prevent companies from trying to discreetly meet their demands. That being said, as organizations weigh the risks of guaranteed pain now versus potential repercussions later, someone is going to be made an example of by the federal government in short order. Not knowing the law won’t be an excuse and, although jail time is unlikely, there will be organizations that are indicted in order to make them think twice about paying these criminals in the future.


The line between cybercrime and nation-state attacks will continue to blur.


Following a cyber attack or data breach a couple of years ago, threat intelligence companies could often assess the breadcrumbs left behind by attackers and make a reasonably accurate determination of who was behind it. This was largely in part because certain threat actors often have a “playbook” that drives how to operate. However, given the common rebranding of ransomware gangs and criminal organizations using the same tactics, techniques, and procedures (TTPs) as nation-states, some of these attacks are becoming indistinguishable from each other. Additionally, a single threat actor isn’t solely responsible for various attacks, but rather a group that all have a hand in it.


The cybersecurity workforce shortage and skills gap won’t improve.


Following the Biden Administration’s cybersecurity executive order in May, there was hope throughout the industry that the increased resources and emphasis placed on the growing threat would lead to closing the cyber workforce and skills gap. However, it’s not going to be an immediate fix and it’s also one that needs to be assisted by private companies that invest in more hands-on training programs that focus on building transferable technical skills rather than purely professional development. This way they make their respective security teams more efficient instead of having to rely on expensive security products. Also, in terms of geographies, organizations based within countries with allocated resources, such as the U.S. aren’t going to see this issue get worse, but places without the same prioritization and funding are going to encounter even more difficulties on this front.


OT environments will be subject to the cyber “perfect storm.”


Centers that control the entire manufacturing process for organizations are going to be at even greater risk in the new year. Since implementing new technology and infrastructure can disrupt their entire environment and supply chain, these centers often have old security systems that can be vulnerable to attacks. This perfect storm of outdated technology and a lack of adequate patching capabilities, combined with the fact that it’s the closest thing to an organization’s cash register, makes it an ideal and easy target for threat actors.


COVID’s impact on phishing attacks and WFH security is more bark than bite.


Over the past couple years, many have been talking about the impacts that COVID could have on phishing campaigns and remote work. However, there’s always going to be a current event or newsworthy item that threat actors can exploit or leverage when it comes to phishing campaigns. Additionally, even though remote work used to be a concern at the onset of the pandemic, organizations and employees have adapted at a rapid pace, leaving a majority of the security concerns in the dust.


###