Top-10 major fraud trends in 2022
Forecast of major trends in fraud and cybersecurity that will worry the digital business in 2022, describing effective ways to counter such attacks
The global pandemic in the past two years has brought many tests for the economy and all the inhabitants of the planet. At the same time, the spread of COVID-19 has become a key factor in deterring and limiting many activities outside the network in many parts of the world. Digital technology is more preferred than ever for work, entertainment, communication, shopping and many other everyday activities, and digital payment methods and cryptocurrency platforms are gaining popularity.
This factor caused an exponential increase in the number of digital accounts and the corresponding online activity — and with them the scale of cybercrime increased exponentially. According to researchers at the Identity Theft Research Center, the number of reported data breaches exceeded the figures of all 2020, which were considered historically record, by the beginning of the fourth quarter of 2021.
In total, in 2021, 281.5 million people suffered from data breaches, and cybercrime costs companies $1.79 million per minute, demonstrating the comprehensive impact of today's cybersecurity landscape. The average data leak price for the first time in 2021 exceeded $4 million. This was made possible because remote and hybrid cybercrime teams made leaks both more likely and more difficult to localize.
In 2022, the pace of digitalization of the world community will only increase, which, in turn, will lead to more serious and numerous attacks on all digital common ground. No industry stands aside, and today the losses from digital fraud and online abuse amount to billions of dollars.
In 2022, against the backdrop of an increase in the number of cyber-attacks, their nature will change — new, even more sophisticated ones will be added to typical, already known types of threats. Attackers will perfect their tactics and use advances in automation to scale attacks using new and proven methods to generate greater financial returns.
Not only private, but also public organizations are vulnerable to cybercrime attacks. In practice, governmental organizations need greater protection of their network infrastructure more than others, as it contains data, information and secrets, the leakage of which is potentially dangerous to national security.
Today we present a forecast of the main trends in fraud and cybersecurity that will continue to worry the digital business in 2022, describing effective ways to respond to such attacks.
Automation will continue to play a key role in such types of cyber-attacks as credentials' hacking, password breaching and the brutforcing (Brute-force). When using bots and automation, fraudsters need less investment to scale attacks. In addition, the technologies of bots today are so advanced that they can accurately simulate human behavior. This further complicates bot detection business tasks.
The availability of commercial botnets as a service and the necessary support will make automation an even more powerful tool for protecting legal companies in 2022. High expectations are placed on promising biometric technologies, including in combination with behavioral analysis techniques. In most cases, two-factor authentication is enough to counter automated threats — including in combination with biometric security systems.
Over the past few years, Account Takeover (TO) attacks have grown by leaps and bounds — mainly due to the rapid growth in the number of digital accounts, as more people resort to digital channels to carry out daily activities. This trend became especially critical during the lockdowns, as well as in connection with the massive transition of users to remote working and studying.
This increase in the number of digital accounts, combined with ongoing data breaches, will continue to provide attackers with the necessary raw materials to conduct attacks to seize personal and business accounts. High profitability and ease of performing will continue to stimulate the growth of account hacking throughout 2022.
During the switching to remote work, organizations paid more attention to setting up a network security policy and infrastructure to ensure data security, uninterrupted operation and quick response to cyber incidents. As the pandemic continues in some countries, cybersecurity remains a top priority for distant employees.
Biometric identification tools and technologies are effective enough to counteract attempts to steal user personal data, but in the case of remote workers, the issue of personal digital literacy still plays a very important role. Corporate training on protecting employees' own systems from hacking significantly reduces the number of security incidents.
The growing popularity of digital payments, which cryptocurrency platforms have recently joined, has increased cyber threats for fintech companies.
During 2022, fraudsters will improvise more often using phishing and social engineering to attack cryptocurrency platforms. The use of malware for crypto-theft and infection of cryptocurrency mining systems is becoming a significant trend in the field of cybersecurity and is turning into a significant threat.
To counter modern means of hacking using social engineering tools, fintech sector companies in 2022 will continue to invest in modern software and hardware security solutions, including using advanced technologies in the field of biometrics, as well as AI analysis. More than ever before, the selection of qualified personnel for the posts of corporate information security officers comes first.
Even three-five years ago, a phishing letter was quite easy to recognize by numerous spelling errors, distorted language and implausible statements. However, over the years, phishing letters and the URLs mentioned in them have become more sophisticated and plausible, which helps fraudsters carry out hyperpurpose attacks.
In 2022, fraudsters will continue to improve their phishing tactics, making them more personalized and accurate. However, before making significant investments in the latest cybersecurity systems, companies should think about the human factor, which plays a major role in 85% of cybersecurity incidents. Training staff in digital literacy and accuracy when working with digital assets can significantly reduce the effectiveness of intruders' attacks. In addition, modern software analytical solutions using artificial intelligence technologies also demonstrate significant effectiveness in countering phishing attacks.
In 2021, there was a significant diversification of cyber-attacks, as well as an increase in the number of attacks aimed at specific industries. Intruders carefully analyzed common fraud protection in various sectors of the economy and industry. Now they will use this knowledge to manipulate their resources and maximize the profit from these targeted cyber-attacks.
Many organizations have strengthened their cybersecurity by protecting devices, data, and information through measures ranging from hiring the right security professionals to enforcing strict policies and configuring firewalls. By the end of 2022, the business will increase the introduction of technologies and solutions that will eliminate vulnerabilities and strengthen the company's infrastructure.
Cybercriminals create innovative ways to exploit vulnerabilities and attack critical infrastructure. This makes the introduction of artificial intelligence (AI) profitable for public and private organizations. By the end of 2022, more organizations will strive to introduce responsible and ethical AI to detect, prevent and counter cyber-attacks.
Ransomware programs become the most preferred tool for targeted attackers. The cost of an attack using extortion software is growing at a very rapid pace. So, in 2018, the average ransom extortion payment was $7 000 dollars. Just two years later, the average extortion payment was more than $200 000 — a shocking increase in such a short time. Given that several well-known victims made multimillion-dollar ransom payments, there is no reason to expect that this figure will decrease in the near future. At the same time, regulating fines, lost opportunity costs, and customer loyalty make cybersecurity failures an increasingly costly reality.
In 2022, this trend can be expected to affect all partners in the global payment ecosystem. However, this does not mean at all that other industries are protected from such attacks.
To counter ransomware attacks, it is enough to adhere strictly to a number of simple recommendations: regularly back up all critical information to the cloud and local media, install updates to the operating system and applications as soon as they are released, and ensure that all installed protection measures — such as antivirus, firewalls, and backup tools — are always enabled and updated to the latest version.
Cyber activism is an online version of real protests and is currently on the rise. Protesters on the Web are mainly engaged in disrupting the websites of target companies.
Fraudsters can use web authentication measures to take advantage of such protests and use loopholes in corporate networks. They can also use cyber activism as a means to distribute malware or ransom software, as well as to steal confidential information or other forms of extortion (hacktivism, cyber terrorism).
Recently in the Network there is a growing number of publications and investigations about the use of cyber-activism and cyber-terrorism by individual states, while pursuing their «digital sovereignty» and other political objectives. Opposing such powerful forces is possible with help of organizations that provide information security to very large corporations or at the state level.
Attacks on the Internet of Things (IoT)
The number of Internet-connected devices (IoT) is projected to exceed 25.4 billion by 2030. Inherently IoT devices are not highly secure and are therefore subject to the increased threat of cyber-attacks.
Senior security managers note that IoT security is a serious threat that they still cannot cope with up to the end. To make matters worse, consumers usually don't change their default passwords, making these smart devices more receptive to account hacking.
To some extent, problems in countering attacks on IoT devices are associated with a lag in regulation of this industry — both at the legislative and technological levels. In 2022, a number of laws are expected to be adopted in various countries — including Russia, thanks to which national regulations will appear for all participants in the IoT market, including for end users. Their list will include increased requirements for the conscious use of smart devices, for digital hygiene and self-measures to ensure the safe circulation of user data.
Attacks on supply chains
The constant disruption of the functioning of supply chains is an opportunity that attackers will try to take advantage of in 2022. The attacks of SolarWinds, Codecov and Kaseya are still fresh in our memory. You can expect an increase in similar attacks that will be used to collect confidential data or infect systems of malware.
On the other hand, this can only help to tighten state regulation in this area. Local, national and international governmental organizations should develop legislation, policies and regulations, concerning the use of AI in cybersecurity, with new cyber-defense technologies and AI solutions becoming part of their rapid response strategies.
Security of personal and business accounts
Due to the increase in fraud and abuse on the Internet, digital companies are expected to focus on the security of customer accounts for 2022. Complex account protection will take first place in the list of priorities of anti-fraud specialists.
To verify the identity of users, they will use not only the traditional network authentication procedure, in which no one outside the network can access internal data — only from inside the network. Multi-level approaches to web user authentication are also expected to gain popularity.
Fraud is also a business in its own way, although criminal, and its main goal is to make money. Therefore, as far as the goals of cybercriminals, 2022 will not be an exception to the rules. Moreover, attacks will be carried out using more sophisticated methods and strategic approaches to maximize profit with minimal investments.
Attackers will also look for the line of least resistance and use loopholes in business networks — both external and internal. And because they have spent time and resources researching existing fraud protection mechanisms, hackers will use this knowledge to counter.
To counter such a powerful investment of attackers in means of attacks and hacking, companies and governmental agencies need to attract the best experts in the field of information security, as well as — along with lawmaking, work ahead when investing in this area of the IT industry.
You can't make an omelette without breaking eggs:
when conscientious users suffer instead of fraudsters
In 2022, all enterprises, regardless of size and scope, should clearly understand the changing nature of cybersecurity risks and take appropriate measures to protect themselves and their consumers. To counter a technologically superior adversary, digital companies also need to take full advantage of the latest technologies. The best approach in this regard would be to plan for the deterrence and prevention of cyberattacks rather than for their elimination and mitigation.
Today cybercriminals increasingly go beyond traditional hacking and attacks. In this regard, also it is now vital for business to get rid of the illusion of the classic measures sufficiency to combat cyber bullying, which recently only add unnecessary problems to consumers and worsen user experience.
In addition, it is also time for business to stop treating conscientious users as fraudsters. Now is the time to adopt a zero-tolerance approach to bankrupt the business model of cyber fraud. Intelligent use of technology to detect fraudsters, which causes the least irritation and rejection among users — for example, a complex of biometric security, will help enterprises to allow conscientious users to continue freely digital life and protect business interests in the long run.
The further development of artificial intelligence and biometric technologies allows companies to secure their business, and consumers are increasingly able to use alternative forms of authentication to access their accounts. Today fingerprints, facial recognition and other forms of biometric authentication are becoming an increasingly common option among providers of various services. Together with increasing convenience for users who are not always ready to remember up to 20 or more different passwords, convenient forms of biometric authentication are becoming more secure and widespread.