McAfee Enterprise and FireEye on Wednesday released its report on the top cybersecurity threats it foresees during 2022.

According to the report, nation states leveraging social media, hackers for hire and ransomware are among the significant cyberthreats that enterprises face in 2022.

It states that cybercriminals have taken note of successful tactics from 2021, including making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce.

“We expect them to pivot those into next years’ campaigns and grow in sophistication, wielding the potential to wreak more havoc across the globe,” the report said.

“Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes — from ransomware to nation states — and we don’t anticipate that changing in 2022,” said Raj Samani, fellow and chief scientist of the combined company.

Weaponising social media

“With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information,” Samani added.

As per the report, nation states are likely to weaponise social media to target more enterprise professionals, looking to infiltrate organisations for criminal gain.

Cyber-attacks in the past year cost 62% SMBs in India over ₹3.5 crore: Report

“While this approach is not new, it is relatively uncommon. After all, it does demand a level of research to “hook” the target into interactions and establishing fake profiles is more work, but targeting of individuals has proven to be a very successful channel, and we predict the use of this vector could grow not only through espionage groups, but also other threat actors,” the report explained.

They are also likely to turn to hackers for hire, it says.

“Nation states will increase their offensive operations by leveraging cybercriminals. With the predicted increase of blurring between cybercrime and nation-state actors in 2022, companies should audit their visibility and learn from operations conducted by actors targeting their sectors,” as per the report.

Enterprise-level threat

As for ransomware, there is an expected power shift among those who control the ransomware to those who control the victim’s networks.

71 per cent organisations attribute recent cyberattacks to vulnerabilities in technology: Report

Additionally, in the ‘ransomware as a service’ ecosystem, smaller affiliates are like to grow into competent cybercriminals with a mind of their own.

Enterprises should also keep a close watch on their application programming interface or API, it advises.

“5G and IoT [internet of things] traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information,” the report said.

“The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks. In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls,” it further explained.

Expanded exploitation of application containers and vulnerable applications is also a major concern. It will lead to endpoint resource hijacking such as crypto-mining malware, spinning up other resources, data theft, attacker persistence, and container-escape to host systems.

“The scale of this year’s exploitations coupled with the consequences of ransomware will renew diligence in patch management,” it further said.