From deep fakes to crypto scams - six cybersecurity predictions for 2022
As we approach the holiday season, it is worth remembering that hackers never sleep.
They love public holidays and quiet periods when no human is actively monitoring IT systems. That's when previously deposited payloads are deployed and probing of networks has less chance of being noticed.
Security companies publishing their predictions for cybersecurity trends in 2022 paint a picture of more nefarious activity than ever before taking place in 2022. Security software firm Check Point has fingered one in particular that has already emerged out of the pandemic - the black market for vaccine certificated.
"Fake 'vaccine passport' certificates were on sale for US$100-120 and the volume of advertisement groups and group sizes publishing sellers multiplied within the year. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute various phishing attacks and scams," notes Check Point in its list of predictions which also point to an intensifying cyber cold war, more software supply chain hacks and infiltration of micro services developed for cloud computing platforms.
The focus on ransomware won't go away in 2022, according to network security company Fortinet:
Adding a "ticking time bomb" of wiper malware, which could not only wreck data but destroy systems and hardware, creates additional urgency for companies to pay up quickly," says FortiGuard Labs' Derek Manky.
"Wiper malware has already made a visible comeback, targeting the Olympic Games in Tokyo, for example. Given the level of convergence seen between cybercriminal attack methods and advanced persistent threats (APTs), it is just a matter of time before destructive capabilities like wiper malware are added to ransomware toolkits. This could be a concern for emerging edge environments, critical infrastructure, and supply chains."
But wait, there's more! Just out today is another set of ominous predictions from Norton Labs.
Prediction #1: Democratisation of cryptocurrencies leads to "Oh no" moments for consumers
Many companies enable the buying and selling of cryptocurrencies. Now that some of these companies are regulated and listed on the NASDAQ, trust and transparency in those companies is rising and the barrier to entry to use cryptocurrencies is getting lower.
This will likely lead to more casual investors who do not fully understand the nuances of how cryptocurrencies work. Scammers have been using those misunderstandings to separate people from their coins, and with this new set of new users, we expect a big increase in the number of scams out there. They will likely look like some of the old scams, but also, we expect to see new and creative attempts to target this new, larger set of potential victims.
Prediction #2: Consumer online tracking will take a turn
Tracking users' online behaviour has fueled the internet economy for years, through targeted advertisement and personalisation services. This has been met with mixed feelings by users - some enjoy targeted content, and some don't - but it has also triggered numerous privacy-related concerns, among consumers, technologists, and legislators.
Consumers generally don't mind some cookies, at least those known as first-party cookies. These cookies are limited to a site you are visiting. If you are visiting an online clothing store that you log onto often, a cookie might remember your log-in information so that you don't have to retype it at the site.
Third-party cookies, though, are more troublesome for consumers. These cookies are known as tracking cookies because they follow you as you move around the web. For instance, these can be the ones that send targeted ads to the sites that you visit. Their goal is to persuade you to return to sites you've visited in the past or buy products that you've recently shown interest in.
As a result, some consumers feel as if tracking cookies are an example of companies spying on them. Big tech companies are noticing this and are reacting. Recent developments in the space, such as Google's announcement of FLoC and the increased popularity of server-side tracking/tagging, indicate that the online tracking landscape is evolving. Some governments, too, have passed legislation to create civil and criminal penalties for companies that don't inform consumers that their websites use cookies.
During research conducted by Norton Labs [2] for the purposes of Norton AntiTrack, we were able to observe this fast-moving ecosystem of trackers, whose current coverage of the internet and users' behaviour is staggering.
We expect that in 2022 and beyond, the developments around online tracking will continue both on the technical and legislative front. In the meantime, privacy-minded consumers may seek peace of mind by relying on Norton AntiTrack to help keep them protected from online tracking.
Prediction #3: Your digital identity will grow. Hello, eID?
Working from home? Talking with your doctor through Zoom? Ordering your groceries and take-out orders from your laptop screen? You're not alone. The Covid-19 pandemic has forced the entire planet to work, communicate, take care of their health, and perform a variety of transactions remotely and online.
You might have already had to use your mobile phone to take a picture of your driver's license and then send that image through email or text to verify your identity, open a bank account, or apply for a job. As the pandemic continues, a wider deployment of digital vaccination passports is expected.
There is now a greater need for a secure, unforgeable, privacy-protecting set of credentials that can be issued, transmitted, and verified with confidence and ease. Recent developments in computing such as blockchain technology, modern cryptography, and advances in secure hardware provide a solid foundation for the development of the next generation of identity standards.
At the same time, governments across the globe are pushing for progress to be made on developing electronic identification - or eID - that citizens can use to quickly and easily prove their identities. We expect rapid progress in the world of digital identities in 2022 and beyond.
One thing is for certain: Life will become more digitised.
Prediction #4: Expect more protest, vigilantism, and terrorism
The primary goal of cybercriminals is to make money; they might carry out phishing campaigns to steal your login credentials or tech support scams to separate people from their money.
But the motivation of hacking isn't always so straightforward. Sometimes it bends toward using cyber intrusion as a form of protest. Hacker activists, or hacktivists, apply their craft to achieve political outcomes. They do this by disrupting governments, spreading fear, or bringing some information to light.
Hacktivism and cyber terrorism were alive and well in 2021, revealing information governments would have preferred to keep secret. We expect to see these attacks continue, if not increase, given their reach and potential influence.
Prediction #5: Disasters will be a disaster for your wallet when scammers follow the money
Disasters have always been big business for scammers. We don't expect that to change in 2022, but we do expect more disasters and more money to be moving around.
We've already seen that scammers never let a good crisis go to waste, with scammers swinging into action after devastating storms, fires, and throughout the COVID-19 pandemic. Whenever there is money flowing from insurance companies or the government to the victims of natural disasters, there is someone who will try to exploit that situation, either by committing fraud with stolen identities or scamming people directly.
If the trend continues, and there are more and more natural disasters and extreme weather events, we expect to see more scammers ready to cash in.
Prediction #6: Artificial intelligence and machine learning will make life easier for everyone, including criminals
Artificial intelligence and advanced machine learning are becoming more accessible to more people. Access to easy-to-use tools makes it simpler to do many things, including manipulate some forms of media and extract value from large datasets.
Deepfakes: Deepfake videos generated lots of buzz in 2018 when Jordan Peele was putting words in Barack Obama's mouth, and this year people on TikTok were treated to several very convincing videos of a young Tom Cruise. While creating truly realistic videos is still difficult, it's getting easier and more approachable each year. And this is also true for image and audio deepfakes.
As deepfake technology gets better and easier to use, it will become a useful tool for criminals, scammers, stalkers, and activists. And this means - even though we're not there yet - that it might one day become more difficult to believe your own eyes and ears.
In the meantime, we will start to see more uses of this technology in situations where errors or low quality are acceptable and can explain away some of the current limitations. So, the next time you are chatting to a new romantic partner who is stuck on a remote oil rig and has a bad glitchy connection, you might want to think twice.
Personalised attacks powered by large datasets: With all the data that is now available from various breaches and scrapes, criminals could profile people to identify who is more likely to fall for certain types of attacks or scams, the techniques that will be most effective based on their experience with similar people, and craft messages that will be targeted directly at them based on services they are known to use.
Comments
You must be logged in in order to post comments. Log In
