In 2022, attackers are broadening both their targets and techniques, moving beyond traditional IT environments into areas that were previously less exposed. Key emerging threats include: 1. **AI-powered deep fakes for social engineering** - Deep fakes use artificial intelligence to mimic human voices and faces. - As advanced tools become more commercialized, it becomes easier for non-experts to create convincing fake audio and video. - These can be used to impersonate executives or employees in real time over voice and video calls, potentially bypassing biometric checks like voiceprints or facial recognition. 2. **Targeting of digital wallets** - Digital wallets are often less secure than traditional wire transfers. - As businesses increasingly use digital wallets for online transactions, they become more attractive to attackers. - Expect more malware designed specifically to steal stored credentials and drain digital wallets. 3. **More destructive ransomware campaigns** - Ransomware remains highly profitable, so it will continue. - Attackers are combining ransomware with distributed denial-of-service (DDoS) attacks to overwhelm security teams. - The addition of **Wiper malware**—which can destroy data, systems, and even hardware—raises the stakes and pressure to pay. This type of destructive capability was seen in attempts to disrupt the Tokyo Olympic Games. 4. **Living-off-the-land and edge-based attacks** - Living-off-the-land attacks use legitimate tools and processes already present in the environment to avoid detection. - When combined with **Edge-Access Trojans (EATs)**, attackers can “live off the edge,” abusing increasingly powerful edge devices that have more native capabilities and privileges. - Edge malware can monitor activity, steal data, hijack systems, or hold edge workloads for ransom while staying under the radar. 5. **Commercialization of advanced attack tools** - Malware is now sold “as a service,” lowering the barrier to entry for less sophisticated attackers. - This includes toolkits for operational technology (OT) environments, which historically required specialized skills. - As IT and OT converge, more attackers can target critical infrastructure, including healthcare environments where locked systems can directly impact patient care. 6. **Linux and WSL (Windows Subsystem for Linux) as new targets** - Linux underpins many back-end systems and OT devices but has not been a primary cybercrime target until recently. - New malicious binaries now target Microsoft’s WSL, and botnet malware is being written specifically for Linux platforms. - This shifts attacks deeper into the core of networks and supply chains that rely on Linux. Overall, the trend is clear: attackers are diversifying targets (Linux, OT, edge, digital wallets, esports, satellite networks) and combining techniques (ransomware + DDoS + Wiper, social engineering + deep fakes) to increase impact and leverage.

Several sectors and platforms are expected to see increased attention from cybercriminals due to their growth, connectivity requirements, and security gaps. 1. **Digital wallets and online payments** - As more businesses adopt digital wallets for transactions, the potential payout for compromising them grows. - Individual wallets may be small targets, but at scale—especially in B2C and marketplace environments—they represent meaningful financial opportunity for attackers. - Malware is increasingly being tailored to steal wallet credentials and empty accounts. 2. **Satellite-based internet and connectivity** - Satellite internet is expanding to support low-latency services such as online gaming, remote field operations, pipelines, cruises, and airlines. - As organizations connect previously off-grid OT devices via satellite, the attack surface grows. - FortiGuard Labs expects new proof-of-concept threats targeting satellite networks, with familiar attack types like ransomware likely to follow. 3. **Esports and online gaming** - Esports is projected to surpass **$1 billion in revenue**, making it a sizable and visible target. - The sector depends on constant connectivity and often relies on home networks or public/open Wi-Fi, which are inconsistently secured. - The interactive nature of gaming makes it fertile ground for social engineering, scams, and account takeovers. 4. **Operational technology (OT) and critical infrastructure** - As IT and OT converge, OT systems (e.g., in utilities, manufacturing, healthcare) are more exposed to internet-based threats. - Attack kits that once required specialized expertise are now being packaged and sold on the dark web, making OT attacks more scalable. - Ransomware against OT can have real-world safety implications, such as emergency rooms struggling to operate with locked systems. 5. **Edge devices and edge computing environments** - Edge devices are becoming more powerful and are granted more privileges to process data locally. - Attackers can deploy edge-focused malware and Edge-Access Trojans (EATs) to monitor, steal, or ransom data and services at the edge. - Because these attacks often use legitimate tools (living-off-the-land), they can be harder to detect with traditional security controls. 6. **Linux-based systems and supply chains** - Linux runs many back-end systems, OT devices, and components in supply chains. - New botnets and malicious binaries targeting Linux and Microsoft’s WSL extend the reach of attackers into core infrastructure. - Compromising Linux-based components can have cascading effects across dependent services and partners. In short, any environment that combines high connectivity, rapid growth, and uneven security practices—such as esports, satellite networks, digital wallets, and converged IT/OT—will likely see more focused and sophisticated attacks.

To keep pace with the predicted threat landscape, organizations need to move away from isolated point solutions and toward an integrated, adaptive security strategy. Key actions include: 1. **Adopt a holistic, integrated security architecture** - Replace siloed tools with a platform approach where network, endpoint, cloud, OT, and edge security share intelligence. - Ensure visibility across traditional IT, OT, Linux-based systems, and edge devices so threats cannot hide in blind spots. 2. **Baseline normal behavior and detect anomalies** - Use tools that can learn what “normal” looks like for users, devices, applications, and network traffic. - Apply analytics and machine learning to flag deviations—such as unusual access patterns, data transfers, or process behavior—that may indicate living-off-the-land attacks or early-stage intrusions. 3. **Automate detection and response where possible** - Implement automated playbooks for common incidents (e.g., isolating endpoints, blocking IPs, disabling compromised accounts). - Automation helps security teams cope with combined attacks like ransomware plus DDoS, where speed is critical. 4. **Strengthen identity, authentication, and anti-social-engineering controls** - Prepare for deep fake–enabled social engineering by tightening verification processes for high-risk actions (e.g., payments, credential changes, access approvals). - Use multi-factor authentication (MFA) that does not rely solely on biometrics like voice or facial recognition. - Train employees to recognize social engineering attempts across email, chat, voice, and video. 5. **Harden high-risk environments: OT, edge, Linux, and satellite-connected assets** - For OT and critical infrastructure: segment networks, restrict remote access, and ensure backups and incident response plans account for safety and operational continuity. - For edge devices: apply least-privilege principles, keep firmware and software updated, and monitor for unusual local processing or data flows. - For Linux and WSL: include them in vulnerability management, endpoint protection, and logging strategies, not just Windows systems. - For satellite-connected assets: treat satellite links as part of your attack surface, with encryption, access control, and monitoring. 6. **Prepare specifically for ransomware and destructive malware** - Maintain tested, offline backups and clear recovery procedures. - Plan for scenarios that combine ransomware, DDoS, and Wiper malware, including communication, legal, and business continuity steps. - Regularly run tabletop exercises that include OT, executive leadership, and key business units. 7. **Align people, process, and technology** - Ensure security awareness training reflects current threats like deep fakes, digital wallet scams, and gaming-related lures. - Update incident response runbooks to cover new platforms (esports environments, satellite links, edge deployments). - Engage leadership so cybersecurity is treated as a business risk, not just an IT issue. By reimagining security as a fast, automated, and adaptive system—rather than a collection of disconnected tools—organizations can better withstand the evolving threats expected in 2022 and beyond.