Top cybersecurity threats of 2022
by Anna Zhadan
With cybercrime on the rise, we are likely to see both new and already familiar digital threats soar in 2022. A report by experts from Experian details the top seven global cybersecurity and fraud dangers of 2022.
In the new digital realm, common cyber threats are just one piece of the puzzle keeping enterprises preoccupied. Most companies also have to worry about securing their financial operations and steering clear of fraud.
“As businesses grapple with how to keep up with digital demand from consumers, they are also dealing with an evolving fraud landscape, with online payment fraud losses alone set to exceed $206 billion between 2021 and 2025,” the report suggests.
In 2022, the wave of fraud and cybercrime will keep the momentum going, urging organization leaders to pay closer attention to a number of imminent threats.
- Deepfake synthetic identity fraud
Identity fraud is certainly not new, with threat actors becoming increasingly skillful at combining your leaked personal information with available data on the Internet and social media profiles.
The advancement in AI technology allows cybercriminals to effectively impersonate consumers’ voices and faces and hence bypass verification controls. They can then use available information and AI to generate new synthetic profiles with documents, facial images, and voice cloning to apply for loans and claim social benefits.
Not only does this create additional challenges for businesses to authenticate their customers, but it can also pose serious financial and personal risks for individuals. For example, many threat actors choose to target underage Internet users to carry out synthetic identity fraud.
“Cybercriminals are going after student and children profiles. If a university or an education system is breached, attackers can use their collected information to create IDs and apply for credit cards. There’s no history of these individuals or these children,” Carey O’Connor Kolaja, CEO at AU10TIX, told CyberNews earlier.
Fraud-as-a-service – where a threat actor supplies services to carry out fraudulent activity – is becoming automated. Cybercriminals are turning to automated voice bots for impersonating businesses and socially engineering customers. The boom in this type of threat created additional issues, as it minimized the number of skills needed from a malicious actor to conduct criminal activity.
“The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams,” a Russian cybersecurity firm Group-IB said.
Experian predicts that in 2022, “a large portion of fraudulent transactions will be submitted by legitimate consumers who are being socially engineered to not only provide data, but to use their own devices to submit what they believe are legitimate transactions.”
- Real-time payments fraud
Real-time payments, including mobile, create previously unseen opportunities for cybercriminals, allowing them to commit fraud and instantly cash out, converting money into cryptocurrency.
“Real-time payments (RTP) increased by 41% between 2019 and 2020 and are set to rise again by 23% between 2020 and 2025,” the report suggests.
Since cryptocurrency remains a largely unregulated space with limited exceptions, threat actors attempt to stay anonymous when laundering money through multiple channels. In the UK, for example, an average loss in contactless fraud was 650 pounds in 2020.
- Fast credit fraud
A similar kind of criminal activity has to do with fast credit or the so-called “Buy Now Pay Later” model. A vast array of retailers allow customers to make a purchase before paying, which can be both convenient and potentially hazardous.
From account takeovers to using stolen credit cards for paying off the credit, malicious opportunities are, unfortunately, endless. And it doesn’t help that merchants have minimal fraud liability with existing lenders.
- Ransomware attacks
Ransomware boomed during the pandemic, with large institutions and critical infrastructures facing disruptions and being forced to pay millions in ransom. Experian suggests that the use of AI will furtherly power ransomware attacks, leaving both customer data and critical business information exposed.
There has been much debate over the effectiveness of paying a ransom between pundits. While many insurance companies opt for paying, experts suggest that such decision does not only fuel cybercrime, but also doesn’t guarantee the return of data. The best line of defense, in this situation, is preventing the incident from happening in the first place.
“It is like a burglar going through the neighborhood – they are not going to attack a house that probably has bars on the windows as much as the one that looks like a much easier target to penetrate,” Jack O’Meara from Guidehouse told CyberNews.
- Marketplace scams
Digital criminal activity is often closely interconnected with existing social and political issues. Experian suggests that following inflation and ongoing supply chain problems in 2022, there will be more cases of marketplace fraud going forward.
Threat actors will attempt to meet the market demand with fake products, filling supply gaps with a chain of scams. As a result, customers will pay for things that simply don’t exist. The number of fake websites will also likely increase, but there are some easy steps you can take to check their authenticity.
- Digital identity verification fraud
Customers seek simplicity and automation: realistically, very few people wish to remember complex passwords for various sign-ins or go through lengthy payment processes. Businesses are now focused on pleasant customer experience, which often puts your security at risk.
Identity authentication remains a complex issue, with conflicting or limited regulations in place. The move to a new decentralized identity, which allows you to manage all your identities yourself, gives your more control over your information and seems to reduce the risks for organizations. But many larger players are still reluctant to adopt the technology since data is the new oil, and not everyone is willing to part ways with access to it so easily.
Click here for more information on our cyber insurance services or call our office on 01756 802100.