Cybercrime predictions for 2022: Deepfakes, cryptocurrencies and misinformation

This article was first published by Check Point Software Technologies.

While cybercriminals continue to leverage the impact of the COVID-19 pandemic, they will also find new opportunities to attack such as deepfakes, cryptocurrency and mobile wallets.

In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid work, to target organizations’ supply chains and networks for them to achieve maximum disruption.

The sophistication and scale of cyberattacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks. Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent them without disrupting their normal business flow. To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored or otherwise risk becoming the next victim of sophisticated, targeted attacks.

The claim of ‘fake news’ surrounding contentious issues has become a new attack vector over previous years without people really understanding its full impact. Throughout 2021, misinformation was spread about the COVID-19 pandemic and vaccination information. The black market for fake vaccine certificates expanded globally, now selling fakes from 29 countries. Fake ‘vaccine passport’ certificates were on sale for $100-120 and the volume of advertisement groups and group sizes publishing sellers multiplied within the year. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute cybercrime through various phishing attacks and scams.

In addition, prior to the 2020 US presidential election, Check Point researchers spotted surges in malicious election-related domains and the use of “meme camouflage” aimed at shifting public opinion. In the run-up to the US midterm elections in November 2022, we can expect to see these activities in full effect and for misinformation campaigns to return on social media.

Supply chain attackers take advantage of a lack of monitoring within an organization’s environment. They can be used to perform any type of cyberattack, such as data breaches and malware infections.

The well known cybercrime - SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April, and most recently, Kaseya. Kaseya provides software for Managed Service Providers and the REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware. The group demanded a ransom of $70 million to provide decryption keys for all affected customers.

Supply chain attacks will become more common and governments will have to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sectors and internationally to identify and target more threat groups operating on global and regional scales. In 2022, expect to discover more about the global impact of the infamous Sunburst attack.

The cyber way is intensifying, and taking place online as more nation-state actors push Western governments to continue to destabilize society. Improved infrastructure and technological capabilities will enable terrorists groups and political activists to further their cybercrime agendas and carry out more sophisticated, widespread attacks. Cyberattacks will increasingly be used as proxy conflicts to destabilize activities globally.

Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover. In May 2021, a US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022.

In 2021, 46% of organizations had at least one employee download a malicious mobile application. The move to remote work for almost entire populations across the world during the COVID-19 pandemic saw the mobile attack surface expand dramatically, resulting in 97% of organizations facing mobile threats from several attack vectors. As mobile wallets and mobile payment platforms are used more frequently, cybercrimes will evolve and adapt their techniques to exploit the growing reliance on mobile devices.

When money becomes purely software, the cybersecurity needed to protect us from hackers stealing and manipulating bitcoins and altcoins is sure to change in unexpected ways. As reports of stolen crypto wallets triggered by free airdropped NFTs become more frequent, Check Point Research (CPR) investigated OpenSea and proved it was possible to steal crypto wallets of users by leveraging critical security. In 2022, we can expect to see an increase in cryptocurrency related attacks.

The move to the cloud and DevOps will result in a new form of cybercrime. With microservices becoming the leading method for application development, and microservices architecture being embraced by Cloud Service Providers (CSPs), attackers are using vulnerabilities found in microservices to launch their attacks. We can also expect to see large scale attacks targeting CSPs.

Techniques for fake video or audio are now advanced enough to be weaponized and used to create targeted content to manipulate opinions, stock prices or worse. As in the case of other mobile attacks that rely on social engineering, the results of a phishing attacks can range from fraud to more advanced espionage. For instance in one of the most significant deepfake phishing attacks, a bank manager in the United Arab Emirates fell victim to a threat actor’s scam. Hackers used AI voice cloning to trick the bank manager into transferring $35 million. Threat actors will use deepfake social engineering attacks to gain permissions and to access sensitive data.

Globally in 2021, 1 out of every 61 organizations was being impacted by ransomware each week. Cybercrime through ransomware will continue to grow, despite the efforts of law enforcement to limit this growth globally. Threat actors will target companies that can afford paying ransom, and ransomware attacks will become more sophisticated in 2022. Hackers will increasingly use penetration tools to customize attacks in real time and to live and work within victim networks. Penetration tools are the engine behind the most sophisticated ransomware attacks that took place in 2021. As the popularity of this attack method grows, attackers will use it to carry out data exfiltration and extortion attacks.