Byte-size Bulletins

Cyber crime in 2022: What the experts expect

Written by Rachael Brown | Jan 10, 2022

Last year was not an easy year by any stretch of the imagination.

The continuation of the covid-19 pandemic, political and economic strife, and the ongoing effects of climate change made 2021 challenging to navigate. 

But 2021 was a very promising year for one aspiring group of people: cyber criminals. The rise of mobile wallets, deepfakes, cryptocurrencies and mass scale supply chain attacks led to exponential opportunities for attacks. 

In 2021, cyber criminals exploited vaccination mandates, elections and took full advantage of the rapid shift to remote working. They targeted organisations networks and supply chains to devastating effect, breaking records in terms of ransoms demanded and recovery times needed. 

It’s a trend that inevitably, will carry on to this year.

Here are the biggest predictions experts are making for cyber crime in 2022, and how they are likely to impact your organisation. 

 

Deepfake technology will be greater weaponised

 

You probably know what a ‘deepfake’ is. It is a piece of video, audio, or an image, which has been deceptively edited or just outright simulated to portray a ‘fake’ reality.

The utility of deepfake technology to cyber crime has already been demonstrated. A bank manager in the United Arab Emirates last year was tricked into transferring $35 million over to cyber criminals after they used an AI voice cloning trick to pretend to be their boss. 

We predict threat actors will increasingly utilise deepfake social engineering attacks, specifically through pretending to be high ranking members of an organisation, to gain permission to and access sensitive data. 

 

The cyber ‘cold war’ will intensify

 

The cyber crime ‘cold war’ will continue to intensify, as improved technologies capabilities and infrastructure enable more terrorist groups and political actors to carry out sophisticated, targeted attacks.

Cyber attacks will frequently become proxy conflicts, designed to destabilise the activities of nation-state actors globally. 

 

Mobile malware attacks will increase

 

Mobile malware attacks will increase as we use more online payment platforms.

97% of organisations faced mobile threats during the Covid-19 pandemic. Which saw most of us move to remote working, and depend professionally more on our phones.

With the move to paperless currency during the pandemic to reduce the risk of spreading the infection, mobile wallets and mobile payment platforms, which were already growing in popularity, are now a staple of how most of us interact with our money.

Cybercriminals know this and will evolve and grow their techniques to exploit this, meaning we need to develop our security and authentication methods. 

 

Data breaches will grow in scale and cost

 

In 2022, data breaches are going to cost organisations and governments even more time and money to recover from. 

In 2021, a record was set by a US insurance giant paying $40 million in ransom to hackers. We can expect this record to be surpassed by attackers in 2022. 

 

Cryptocurrency becomes a focal point for cyber attacks globally

 

Continuing on from our previous point about money moving to your mobile, the popularisation of money as software in the form of Cryptocurrency is going to play a greater role in cyber attacks.

Many cyber criminals already demand ransoms in the form of bitcoin. Attacks that steal and manipulate various forms of Cryptocurrency are going to grow and evolve in dangerous ways.

There are already reports of stolen crypto wallets triggered by free airdropped NFT’s (Non-fungible Tokens). NFT’s are unique and non-interchangeable units of data, typically taking the form of a photo, video and audio, which are stored on a blockchain. 

In 2022, we can expect to see an increase in cryptocurrency-related attacks.

 

The move to the Cloud will influence the methods of cyber criminals

 

As more and more companies move to the cloud, new forms of cybercrime which exploit microservices are going to grow. 

Microservices are the architecture that allows large complex applications to be quickly and efficiently delivered to users. For example, when you visit an online shop, the account service, the shipping service, the inventory service etc, are all microservices. 

Microservices have been strongly embraced by Cloud Service Providers (CSPs) and cyber criminals will use the vulnerabilities within them to stage attacks. 

 

Cyber attacks targeting supply chains will increase

 

Cyber attacks against supply chains, like those large scale attacks targeting SolarWinds and Codecov, are likely to increase this year.

A supply chain cyber attack can consist of anything from malware infections to data breaches and takes advantage of a lack of security monitoring within an organisation’s environment. 

Governments are going to need to establish regulations to protect networks and adequately address these kinds of attacks. To do this, they should consult with private sectors both domestically and internationally to understand their current security, and how groups are currently operating. 

 

Penetration tools are going to grow 

 

Penetration tools, which are the engine behind some of the biggest ransomware attacks of 2021, are going to continue to grow in sophistication and popularity. Attackers will use this form of attack to carry our data exfiltration and extortion, targeting companies that can afford to pay ransoms and customising attacks in real-time. 

Globally in 2021, 1 out of every 61 organisations was impacted by ransomware each week. We expect this number to grow in 2022. 

 

There you have it, experts biggest predictions for cybercrime in 2022. While the situation looks increasingly dire, companies and governments can and must continue to fight back by investing time, thought and money into their security. 

To stay ahead of threats, organisations must be proactive and leave no part of their attack surface unprotected or unmonitored or otherwise risk becoming the next victim of sophisticated, targeted attacks.

They must also make a concerted effort to educate their staff, regularly review their processes and security regulation, and do penetration testing on their networks and applications.

Most of all, organisations must be ready, for a year where cyber attacks are going to grow exponentially in sophistication, frequency and scale. 

 

Photo by Virgil Cayasa on Unsplash