Zero Trust networks, attacks on the metaverse, cooperative threat hunting, and more. Faculty members in the School of Cybersecurity & Information Technology offer their forecasts for the year ahead.
The Metaverse Will Become More Vulnerable to Ransomware Attacks
Jason M. Pittman, Sc.D., collegiate faculty, School of Cybersecurity & Information Technology
We will begin to see ransomware attacks push into the metaverse, the burgeoning iteration of the internet that supports online 3-D virtual environments accessed through conventional personal computing, as well as virtual and augmented reality devices such as headsets. Specifically, these attacks will target social media influencers on Facebook, Instagram, and other platforms. Augmented reality brings with it a host of truly novel vulnerabilities. Cybercriminals will seek to exploit weaknesses in the devices that enable access to the metaverse, or even from within augmented reality itself.
An Increase in Zero-trust Frameworks Will Help Security Architects Protect Cloud and On-site Premises
James Robertson, Ed.D., Program Director, Cyber DevOps, School of Cybersecurity & Information Technology
As the number of cloud migrations increase, understanding the shared responsibility model—between the security team and provider—continues to be problematic. Cloud migrations and environment updates happen on an increased timeline which, if not handled, can cause security controls to be missed or weakened. Authorization boundaries are often blurred or ill-defined in cloud development efforts leaving additional security gaps. Adopting a Zero Trust model, which incorporates many mechanisms, including the monitoring and logging of all network traffic at those authorization boundaries, will enforce controls for system and application access and protects data.
Threat Intelligence Sharing and Cooperative Threat Hunting Activities Will Rise
Valorie King, Ph.D., Program Director, Cybersecurity Management and Policy, School of Cybersecurity & Information Technology
Threat intelligence sharing and cooperative threat hunting activities will increase in importance as businesses and government organizations seek to improve collaboration and proactively identify potential threats and sources of threats. Stand-alone defenses of an organization’s assets and infrastructures are no longer sufficient to prevent and deter attacks against digital assets and business processes. Additionally, phishing will become more subtle and focused as attackers increase their use of data analytics to target and manipulate specific individuals within organizations.
Innovative Attack Methods Using Artificial Intelligence Will Expand the Threat Landscape
Philip Chan, Ph.D., Adjunct Professor, School of Cybersecurity & Information Technology
In 2022, the use of Artificial Intelligence (AI) will expand the cybersecurity threat landscape, bringing new dangers and altering the typical characteristics of threats. Attackers will employ new and highly innovative methods, notably Machine Learning (ML), which will enable cybercriminals to use AI to carry out more cyber and ransomware strikes. AI/ML techniques will generate more sophisticated phishing intrusions, pervasive ML email attacks and zero-day attacks on top of other well-known ransomware deployments. In the hands of cybercriminals, AI/ML can create significant harm as machine-learning and deep-learning techniques will make cyberattacks more accessible. The result? Faster, better-targeted, and more destructive assaults.
Attacks on the Software Supply Chain Will Ramp Up, as Will Demands for Transparency
Chris Hughes, Adjunct Professor, School of Cybersecurity & Information Technology
Due to several high-profile software supply chain attacks, most notably SolarWinds, we will continue to see an increased focus on the software supply chain. With the Cybersecurity Executive Order, the evolution of the Software Bill of Materials, the Cybersecurity and Infrastructure Security Agency and emerging guidance from the National Institute of Standards and Technology, the software supply chain is one of the most talked-about subjects—and will continue to be so for the coming year. Software consumers are demanding increased transparency from software producers who, in turn, are eager to gain consumer trust. Organizations such as the Cloud Native Computing Foundation are hosting entire conferences that focus on the software supply chain. Emerging technologies and practices are being honed to provide never-before-seen levels of transparency in the software ecosystem.