9 key security threats that organizations will face in 2022
Data breaches will scale up. As data breaches scale up, organizations and governments will be forced to spend more money to recover from them, Check Point says. Following the record $40 million ransom payment paid by insurance giant CNA Financial this year, ransom demands are expected to continue to increase next year.
Misinformation campaigns will flourish. In 2021, misinformation and "fake news" surrounding the coronavirus pandemic and the efficacy of vaccines spread through social media and other venues. As one consequence, Dark Web cybercriminals turned a tidy profit by selling phony vaccine certificates to people who refused to get vaccinated. In 2022, fake news will continue to play a role in phishing campaigns and scams. Plus, expect to see propaganda and misinformation in advance of the US midterm elections in an attempt to influence voters.
Deepfake technology will be weaponized. The tools needed to create fake but convincing videos and audios have become more advanced. Cybercriminals will increasingly use them to steal money, manipulate stock prices and sway the opinions of people via social media, Check Point says. As one example from 2020, attackers used technology to impersonate the voice of a director of a Hong Kong bank to trick a bank manager into transferring $35 million into their account.
Cryptocurrency will play a greater role in attacks. As money becomes more digital, criminals will increasingly find innovative ways to steal it. Following reports of stolen crypto wallets triggered by free airdropped NFTs, Check Point discovered that attackers could steal such wallets by exploiting security flaws. Expect more cryptocurrency-related attacks in 2022.
Criminals will exploit vulnerabilities in microservices. Microservices have become a more common method for application development and one supported by a greater number of cloud service providers (CSPs). But as with any popular trend, cybercriminals are taking advantage of vulnerabilities found in microservices to launch attacks. For 2022, expect more of these attacks targeting CSPs.
Mobile malware attacks will increase. As organizations shifted to remote and hybrid work in 2020 and 2021, criminals increasingly turned to mobile malware as an attack vector. In 2021, almost half of all organizations reviewed by Check Point had at least one employee who downloaded a malicious mobile app. With the growing use of mobile wallets and mobile payment services, attackers will continue to exploit the reliance on mobile devices.
SEE ALSO: The latest phishing threats used by the Tech support scams
Penetration tools will continue to be used in attacks. Though created to help organizations test their security defenses, penetration tools have been exploited by cybercriminals to help them launch more effective attacks. By customizing such tools, hackers have been able to target victims with ransomware. As this tactic continues to catch on, we'll see them used to carry out more data exfiltration and extortion attacks in 2022.
"In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations' supply chains and networks to achieve maximum disruption," Check Point Software research VP Maya Horowitz said in a blog post.
"Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks, including the most advanced ones," Horowitz added. "To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks."
