Crypto fraud, ransomware-as-a-service and deepfakes -- cybercrime predictions for 2022
Cybercrime has increasingly become a feature of the modern world and its perpetrators are getting ever more professional.
But what can we expect to see next year in terms of the types of attack and how they're delivered? Here's what the experts think.
Ransomware and supply chain attacks will continue to escalate says Deepen Desai, CISO and vice president of security research and operations at Zscaler. "In the last two years, the RaaS marketplace has really begun to mature, with networked affiliates and ready-made malware payloads accessible to any willing buyer. The average ransomware payout has gone way up as threat actors have started targeting larger enterprises, and as they've incorporated layered double- or triple-extortion tactics. Supply chain ransomware is a particular concern due to the ability for a single breach to impact hundreds or thousands of end companies. Tech companies experienced a 2,300 percent increase in attacks in 2021, and we don't foresee any relief in 2022."
Benoit Grangé, chief technology evangelist at OneSpan believes we'll see an increase in cryptocurrency fraud. "Crypto exchange platforms have been developed very rapidly from open source without taking security seriously. Since the platforms are unregulated and not secure, there's no guarantee that customers get their money back after a hack. At least 32 incidents of hacks and fraud have already taken place in 2021, for a total value of almost $3 billion. Without a doubt, the number of cryptocurrency hack incidents will break records in 2022."
Ziv Mador, vice president, security research at Trustwave SpiderLabs, sees no let up in the spread of ransomware-as-a-service:
The advent and increasing frequency of attacks that use a ransomware-as-a-service (RaaS) offering indicate that such attacks will not slack off during the coming year. RaaS is extremely profitable, with the REvil RaaS gang generating about $100 million per year in 2018 and 2019, according to Trustwave SpiderLabs. The gang has created a program that highly incentivizes others to use its malware to launch attacks.
A typical RaaS program sees a gang handling malware development and negotiations while leaving the task of infecting the targets up to its affiliates. And for accomplishing this activity, the affiliates are allowed to keep 70 – 80 percent of any ransom amount collected.
We should anticipate the efficiency of RaaS gangs to increase unless law enforcement and geopolitical forces unite to slow their progress -- a coordinated effort we have begun to see promising results from in the last months of 2021.
Saket Modi, CEO of SAFE Security, thinks we'll see more consumerization of attacks. “The attack perimeter is becoming more personal, and the consumerization of attacks will rapidly increase. For example, the last iOS update alone had 11 zero-day attacks. Hackers will amplify attacks on mobile apps and people. This issue will proliferate because as zero-day attacks are rising, consumer cyber awareness and the steps people need to take to protect themselves have not increased in tandem.”
We'll see an explosion of attacks against cloud security and outsourced services according to researchers at Kaspersky. "Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year."
Kevin Hanes, CEO of Cybrary sees a blurring of the line between crime and nation state attacks. "Following a cyber attack or data breach a couple of years ago, threat intelligence companies could often assess the breadcrumbs left behind by attackers and make a reasonably accurate determination of who was behind it. This was largely in part because certain threat actors often have a 'playbook' that drives how to operate. However, given the common rebranding of ransomware gangs and criminal organizations using the same tactics, techniques, and procedures (TTPs) as nation-states, some of these attacks are becoming indistinguishable from each other. Additionally, a single threat actor isn't solely responsible for various attacks, but rather a group that all have a hand in it."
Deepfakes and voice synthesis will open up new avenues for fraudsters says Dr. Nikolay Gaubitch, director of research at Pindrop:
Deepfakes are not just image and video related, voice synthesis (making a machine sound like somebody) and voice conversion (making a human talker sound like someone else) are growing trends and fraudsters are increasingly taking advantage of innovative tools. These techniques are not so well-known to the public because of the limited real-word applications available today, however it is a very real threat and a tactic we have already seen fraudsters adopt, for example, the recent $35 million bank heist.
With fraudsters looking to hone their skills and capabilities to create both deepfakes and voice synthesis I predict they will only increase in popularity as we move into 2022. It is therefore vital that businesses be aware of these new techniques and adopt the appropriate technology to combat them.
Lavi Lazarovitz, head of research on CyberArk's Labs team believes increasing professionalization will lead to problems for cybercrime actors. "…as these criminal groups start to appear more and more like 'real' businesses, they'll also open themselves up to new risks. Just like any other enterprise, they'll face new security challenges in managing multi-tenant SaaS applications, securing remote access to sensitive systems and data and more. While being forced to ramp up their own security protections, adversaries will increasingly get caught by defenders using their own offensive tactics against them."
There will be greater collaboration between crime groups according to Troy Gill, senior manager of threat intelligence at Zix | App River. "As we have seen with the evolution of Malware-as-a-Service and Phishing-as-a-Service, threat actors are willing to join forces for mutual success. This was further demonstrated in the aftermath of the Emotet cybercrime services takedown earlier this year. After Emotet services were disabled by law enforcement, Trickbot malware operators stepped in and began re-seeding Emotet infections to get them back into operation. As a result, we saw malicious email traffic from Emotet for the first time since the takedown in January 2021. Even threat actors competing for profits see the value in having a greater variety of threat actors in operation. They can leverage them as a service or even to better hide their activities in the noise. That is why in 2022, we will see cybercriminals form even more robust working relationships to facilitate their continued success."