With the proclamation of a worldwide pandemic in 2020, it does not feel like it should be 2022 yet. However, here we are. Over the last couple of years, each of us has grown and changed, as has the cybersecurity attack landscape. So, what should we expect during the next year in the way of new, or evolving, attacks? In this article, we will look at some cybersecurity predictions for 2022, and how to protect ourselves from them.
2022 Predictions
Every year, companies make predictions about what the coming 12 months will bring. Is the effort worth it? Yes, for at least two reasons. First, these predictions help readers to be aware of the diverse ways criminals target them. Because of this, individuals and companies alike are able to prepare themselves for these potential attacks. Secondly, it keeps the discussion of cybersecurity and social engineering attacks circulating. This keeps education surrounding these topics flowing and flourishing. For these two reasons at least, let us dive into Social-Engineer LLC’s predictions for 2022.
Phishing and Vishing Attacks will Continue to Reign Havoc
A survey from Dark Reading states that more companies experienced a data breach over the last year due to phishing emails than to any other cause. Of companies surveyed, 53% reported phishing attacks in 2021, which is 2% more than the 2020 statistics. Clearly, phishing is an attack vector that remains ripe and is only increasing in occurrence and popularity. Hand in hand with phishing is vishing. Vishing can be defined as voice-based phishing. When used together, these two attacks can be extremely successful. You’ve seen us write about them, give speeches on, and provide training on how to stay safe from these attacks. That’s because, no matter how the attack surface changes, these vectors will always prey on what is most vulnerable; humans.
Deepfake Attacks will Abound
WhatIs.com defines deepfakes as “a type of artificial intelligence used to create convincing images, audio and video hoaxes.” We have already seen deepfake technology leap forward in complexity over the last couple of years. In 2021, one deepfake attack alone cost a United Arab Emirates bank $35 million.
Deepfake technology will continue to improve and become harder to spot. Gone are the days of identifying these hoax videos by lack of blinking. Gone are the easily identifiable, robot-sounding voices we link to scam calls. While these simpler attacks will continue to exist, more evolved versions will become the norm. As the technology advances in complexity, so do the attackers.
COVID-19 Scams will Continue to Evolve
It has proven true that malicious actors will use major events and tragedies as a launching pad for mass attacks. As the pandemic continues, we are sure to see attacks surrounding it continue to evolve and become more advanced. Expect to see booster shot, vaccination card, and covid misinformation scams abound.
Ransomware Attacks will Increase
A precedent has been set where major companies have paid ransom demands to re-obtain their breached data. As long as this continues, so will the ransomware attacks. We will see these kinds of attacks increase in both amount demands and frequency in the coming years.
How to Protect Yourself
Now that we have discussed some of the attacks 2022 is sure to bring, how can we protect ourselves? Let us look at a few tips that will help you, your family, and your company to remain secure.
Keep Up to Date on Current Attacks
One of the best ways to guard against current attacks is simply by knowing what attacks exist. Try searching “cybersecurity scams *insert date*” once a month and reading up on them. This will help you keep track of attacker’s favorite approaches, as well as any new scams that may be circulating.
How to Spot a Deepfake
Low quality deepfakes can be easy to identify. Keep an eye out for bad lip synching, unnatural eye movements or blinking, and flickering around the edges of the transposed image. If you’re unsure, look at the finer details such as hair and jewelry to see if you can spot it. With the technology improving, maintain focus on verification of the person contacting you. If an email or a call makes you emotional in any way, pause. Take a moment and ensure that what the individual is asking makes sense. For example, your bank would never need you to provide them with a routing number.
Stay Vigilant for COVID-19 Scams
AARP tells us that “The Department of Health and Human Services (HHS) says consumers should be on the lookout for these signs of vaccine scams:
-
- Requests that you pay out of pocket to receive a shot;
- Ads for vaccines in websites, social media posts, emails, or phone calls;
- Marketers offering to sell or ship doses of COVID vaccines.”
By following these tips and keeping up to date on current scams, you should be able to steer clear of any new COVID-19 attacks.
Guard Against Ransomware
The FBI states that the best way to avoid being exposed to ransomware is to be a cautious and conscientious computer user. Being careful about what you download and click on will save you a lot of trouble. They recommend the following tips for preventing ransomware:
-
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Periodically test the restore process of your backups to ensure they work properly.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organization is the victim of a ransomware attack.
If your device is infected by ransomware, stay calm. There are steps you can take without losing money or whichever documents are being held. The FBI does not support paying the attacker, as this will only encourage more ransomware attacks. If you are not sure how to proceed, contact your local FBI field office, and file a report with the Internet Crimes Complaint Center.
Train Your Employees
Even if you become an expert at spotting deepfakes, remain aware of the common scams, and vigilant against ransomware… you may still be caught off guard. Professional attackers can and will always leverage phishing and vishing against us so long as it’s effective. Since we all err, we can bet these attacks will remain effective.
The best way to protect yourself and your employees from these attacks is training. Authentic experience with professional actors (social engineers) is what will prepare you and your company for a real attack. Anyone who has been snowboarding knows that a beginner who takes the hardest slope first is going to fall. You need to start on the bunny hill and work your way to the harder paths. Phishing and vishing should be the same. With proper training, you and your company can work to strengthen your defenses against malicious attackers. Contact our team today for a personalized quote to get started.
The Cybersecurity Landscape
As we move into 2022, keep an eye on the ever-changing cybersecurity attacks. Reading this article was a great first step. We encourage you to use the included resources to continue learning and refreshing your knowledge of the cybersecurity landscape.
You May Also Like
2023’s Most Notable Cyber Attacks
Sources:
https://www.theguardian.com/technology/2020/jan/13/what-are-deepfakes-and-how-can-you-spot-them
https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert-covid-19-scams/
https://www.fbi.gov/ic3
https://www.fbi.gov/contact-us/field-offices
https://www.informationweek.com/whitepaper/cybersecurity/security-monitoring/how-data-breaches-affect-the-enterprise/433123?gset=yes&cid=mp_rptbx&_mc=mp_rptbx&_ga=2.47692705.729679127.1638393267-1988443371.1638393267
https://www.social-engineer.org/framework/attack-vectors/phishing-attacks-2/
https://www.social-engineer.com/services/
Images:
https://iconicit.com/wp-content/uploads/AssessmentFeatured.png
https://www.avanade.com/-/media/images/blogs/avanade-insights/how-to-spot-deepfake-videos.jpg?la=en&ver=2