Towards a new momentum: the cloud unleashes cybercriminals

By Laura Del Rosario 01/27/2022

In its new cybersecurity 2022 report 'Towards a new momentum' Trend Micro predicts that the cloud will increasingly be a service accelerator for people and companies, but also for cybercriminals

In the last two years, driven by the health emergency, our habits have profoundly changed and there has been a strong acceleration in the adoption of technology and an ever stronger push by companies towards the realization of digitization projects that largely rely on cloud adoption. Good news, of course, but it opens the door to new challenges. If it is true, in fact, that more and more companies today 'travel' on the cloud, it is also true that cybercrime has undergone a parallel evolution and is equipped to put cloud services in the crosshairs. This was revealed by the new Trend Micro report on cybersecurity forecasts in 2022 "Towards a new momentum" (AVAILABLE HERE), presented during the now traditional appointment with the company's "Security Barcamp", now in its seventh edition, the second completely online. Towards a new momentum: the scenario for 2022 The adoption of the cloud has given companies the flexibility, agility and speed they need, also enabling smart working, but this has opened the door to a very wide range of problems from a security point of view. Trend Micro researchers predict that this year cybercriminals will focus their efforts on ransomware attacks on cloud workloads, data centers and all those services exposed, to take advantage of the number of employees who continue to work remotely. Cybercriminals will be innovators and traditionalists at the same time, adopting a shift-left approach to follow the latest technological trends and continuing to use more than proven techniques to target cloud users and especially ambient DevOps and APIs, used to carry out attacks on large scale. Furthermore, the vulnerabilities will be exploited in record time and used together with privilege escalation bugs, thus achieving maximum success in the attack. “We are not talking about the revolution in cybercrime but about evolution - begins Robert McArdle, director of Ftr Cybercrime Research -. Cybercrime has undergone professionalization and is committed to exploiting innovative technologies that create increasingly interconnected scenarios. In this context, the cloud is essential for companies but also for cybercrime. But the cloud is not the only target because the efforts of cybercriminals are now also aimed at IoT environments, supply chains and DevOps functions, while the most sophisticated malware will be destined for SMEs. "

Speaking of ransomware, this is increasingly connoted from an as-a-service perspective with servers that will be their main target. "Cybercriminals wishing to access corporate targets will focus on exposed services and server compromises, rather than endpoints, and attacks will be even more targeted," the report explains. From the point of view of exploitation of vulnerabilities we will see evolutions because in 2022 even more zero-day vulnerabilities will be discovered in-the-wild. The window available to turn a vulnerability into a weapon will be reduced to a few days, if not hours, and exploits will be written for bugs fixed in beta before the related patches can be released to consumers. In 2022, there will be a segment of cybercriminals dedicated to keeping an eye on companies, in view of any announced vulnerabilities and patches. Commodity malware attacks are also on the rise: SMBs will be exposed to attacks by Ransomware-as-a-Service (RaaS) affiliates and petty cybercriminals who exploit commodity malware while maintaining a low profile. In particular, the IoT devices used by SMEs will be the main targets of these attacks. The IoT will increasingly become an ideal target with the information associated with it that will become an increasingly demanded commodity in the criminal underground. The IoT proves to be interesting for cybercrime not so much and not just to take control of IoT gadgets but to turn them into a convenient base of attack for further criminal activities or to be able to move sideways within a network. Finally, as we mentioned, supply chains around the world will be targeted by quadruple extortion techniques. To make the most of cyberattacks, cybercriminals will force their victims to pay large sums of money through an extortion technique that runs along four lines: holding a victim's critical data hostage until a ransom is paid, threatening the dif information is disclosed and the breach is publicized, threaten attacks on the victim's customers and ultimately attack the victim's supplier supply chain.

The situation in Italy

Focusing on Italy, one of the countries most affected by cybercrime, the scenario proves to be substantially identical to what we will see unfolding globally. "Italy is the victim of many attacks also due to the fact that its entrepreneurial fabric is mainly made up of SMEs, which invest little in cybersecurity and if we add to this the fact that with the outbreak of the pandemic, companies have opened up their area of attack with the implementation of remote work systems removed in whole or in part from the control of the company IT, we can easily understand how the perfect storm was created to allow cybercrime to move at full speed - says Gastone Nencini , Trend Micro Country Manager for Italy -. Cybercrime is always in constant evolution and indeed tries to always be one step ahead to anticipate the moves that companies will implement. Reason why companies can no longer postpone investments in cybersecurity and above all they must understand that security is constantly evolving and is a process that must be updated continuously to try never to be caught unprepared and be able to stem the moves of cybercrime " . Nencini then underlines how even today that of security is a delicate issue and that requires a strong effort in terms of awareness not only in employees but also in those who are seated at the tables of the company board. Help could come from the PNRR even if, according to Nencini, it is necessary to clarify what is meant by the term cybersecurity. “In the PNRR 42 billion of funds are foreseen to be invested in digitization but only 620 million euros are allocated to cyber security. I personally strongly hope that investments in digitalization include projects that are already safe by design because cyber security must be understood as a component that is born together with the project and develops in parallel, not as something distinct from the project and which must then be incorporated. along the way". Giancarlo Cecchetti, systems manager and IT security manager for Puntozero (formerly Umbria Digitale) and Massimo Ravenna, CISO of Acea also participated in the discussion panel.


Docks are of 2 types, either ransomware where they encrypt and only ask for a ransom or when cybercriminals intend to spread the documents. The fact that they only ask for a ransom by threatening the non-use of encrypted data has been overcome.The defense against the encryption of cybercriminals must be made by encrypting all data with an inviolable system like our CRIPTEOS. So the possibility of having the risk that the data will be published on the dark web disappears. Furthermore, a backup system must be activated on devices that are excluded from the internet commission. This is absolutely feasible for SMEs. As far as smart-working is concerned, it must be replaced with principals in small offices "close to home" where there are all the safety devices of both an IT and an organizational type, as required by the legislation on safety at work. for example the existence of a fire extinguisher or the worker safety manager. The so-called smart working that has been adopted is an arrangement that is not at all intelligent (smart).