Top 10 Rising Cybersecurity Threats, Part 1
Cyberattacks are a distinct concern in the ever growing digital world today, with the potential to impact individuals and organizations far beyond the physical frontline. While events are unfolding rapidly, we’ve provided a summary of current, major cyber-related threats.
In the new digital realm, businesses are dealing with many evolving cybersecurity threats compounded by expanding attack surfaces. The 2022 Verizon Data Breach Investigations Report (DBIR) collected and analyzed a total of over 914,547 incidents, 234,638 breaches, and 8.9 TBs of cybersecurity data. By stark contrast, the first report in 2008 analyzed a total of 500 forensic engagements.
In 2022, fraud and cybercrime will persist, driving organization leaders to pay closer attention to a number of imminent threats.
1. Deep Fake Synthetic Identity
Millions are stolen through various types of fraud. For example, on March 26, 2021, the US Department of Justice publicly charged 474 defendants with criminal offenses based on fraud schemes connected to the COVID-19 pandemic. The cases involve attempts to obtain over $569 million from the US government and unsuspecting individuals through fraud.
Synthetic identity fraud specifically costs financial institutions an estimated $20 billion per year. Fraud identity is certainly not new, with threat actors becoming increasingly skillful at combining leaked personal information with data available on social media. Advancements in Artificial Intelligence (AI) allow cyber criminals to effectively impersonate consumers’ voices and faces, successfully passing authentication controls. Once a cybercriminal has stolen an identity, they’re able to steal funds by applying for loans or claiming social benefits.
Deep fakes pose additional challenges for businesses to authenticate their customers as well as serious risks for individual consumers. Carey O’Connor Kolaja, CEO at AU10TIX told Cyber News, “Cyber criminals are going after student and children profiles. If a university or an education system is breached, attackers can use their collected information to create ID and apply for credit cards.”
2. Phishing and Social Engineering
Humans have always been a problem in the cybersecurity world. What I mean by that is, 95% of cybersecurity threats that people have faced can be tracked to human error in some way, according to The Global Risks Report 2022, published by the World Economic Forum. In general, people -individually and collectively- are not taking cybersecurity seriously enough. Once attackers are able to acquire legitimate credentials via phishing and social engineering, they can do extensive damage to individuals as well as enterprise IT operations. The 2022 DBIR states, “There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities and Botnets. These four pervade all areas of the DBIR, and no organization is safe without a plan to handle them all.”Experian predicts, “In 2022 and beyond, a large portion of fraudulent transactions will be submitted by legitimate consumers who are being socially engineered to not only provide data, but to use their own devices to submit what they believe are legitimate transactions.”
3. Fraud as a Service
Fraud is delivered as a service in which a threat actor supplies services to carry out fraudulent activity.Such schemes are becoming increasingly sophisticated with functionality such as automated voice bots for impersonating businesses. The boom in this type of threat is particularly problematic, as it minimizes the number of skills needed by a malicious actor to conduct criminal activity. The Russian cybersecurity firm Group-IB said, “The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams.”
4. Real-Time Payments Fraud
As described in PaymentsJournal, real-time payment rails provide end-to-end communication, enabling the exchange of information back and forth in a single transaction. Real-time payments, including mobile, create previously unseen opportunities for cyber criminals, allowing them to commit fraud, then instantly cash out by converting funds into cryptocurrency. According to The Federal Reserve, the speed and irrevocability of instant payments may increase fraud concerns. The Fed is working on regulations that will affect the operation of RTP network FedNow, which include allowing banks to have extra time to process instant payments if they believe funds may have a fraudulent origin.
5. Fast Credit Fraud
A similar kind of criminal activity pertains to fast credit or the, “buy now, pay later” model. A vast array of retailers allow customers to make a purchase before paying, which can be both convenient and potentially hazardous. From account takeovers to using stolen credit cards for paying off debts, malicious opportunities are unfortunately endless. It doesn’t help that merchants have minimal fraud liability with existing lenders.
Stay tuned for part 2 next week with the remaining top 5 rising cybersecurity threats.
If you’re not a Wursta customer and would like to explore possibilities for optimizing security at your organization, let’s connect. To see part 2 next week, scroll up to subscribe to our blog!