What a year 2021 has been! Nothing short of a roller coaster. The resurgence of the Covid-19 virus in many parts of the world has brought back curbs and restricted many offline activities once again. Digital continues to be the preferred mode of working, entertaining, socializing, shopping, and a host of other daily-life activities. Digital payment methods, including BNPL (buy now pay later) and cryptocurrency platforms, rose in popularity, with fraud and online abuse following suit in abundance. No industry was spared and fraud losses amounted to billions of dollars.
Attacks will continue to rise in 2022 with even more sophistication. This, however, does not mean typical attacks will become outdated. Instead, attackers will sharpen their tactics and leverage advancements in automation to scale the attacks with tried-and-tested techniques for greater financial returns.
Here are our predictions for the top fraud trends and cybersecurity movements that will continue to plague digital businesses in 2022:
Automation will continue to play a central role in attacks such as credential stuffing, password spraying, and brute-forcing. Fraudsters need fewer investments to scale attacks when they use bots and automation. Further, bot technology has advanced to the point today that bots can mimic humans fairly accurately, which causes bot detection to be even more difficult for businesses. Availability of commoditized botnets-as-a-service and the required support will make automation an even more potent tool for legitimate businesses to defend against in the coming year.
2. Account Takeover:
Account takeover (ATO) attacks have grown leaps and bounds over the last few years – thanks to an explosion in the number of digital accounts – as more and more people turned to digital channels for daily life activities. This increase in digital accounts combined with incessant incidents of data breaches will continue to provide attackers with the required raw materials to launch account takeover attacks. High returns and ease of execution will continue to drive the rise of account takeover attacks well into 2022.
3. Crypto Attacks:
The popularity of digital payments including cryptocurrency platforms has increased cyber threats to fintech companies a notch higher. Fraudsters increasingly will improvise on phishing and social engineering to target cryptocurrency platforms, during 2022. The use of malware for crypto-jacking and infecting the system to enable mining of cryptocurrency will evolve into a bigger threat.
With numerous spelling errors, faulty language, and unbelievable claims, it was fairly easy to identify a phishing email three to five years ago. However, over the years, phishing emails and URLs have become more refined and believable, which helps scammers execute hyper-targeted attacks. In the coming year, scammers will continue to spend time improving their phishing tactics by making them more personalized and specific.
5. Targeted Attacks:
In 2021, we saw a diversification of attacks and a rise in attacks that were especially designed to target specific industries. Attackers have studied the prevalent fraud defenses across several industries. They will use this knowledge to maneuver their resources and extract maximum returns from these attacks.
Ransomware will be a preferred tool for targeted attacks, especially against the payment service providers (PSP). This trend will affect all partners in the payment ecosystem globally. This is not to suggest other industries are safe from these attacks. It is likely that attackers will increase the amounts of ransom demands in 2022.
An online version of real-world protests, cyberactivism is on the rise. Protesters engage in disrupting the websites of target businesses. Fraudsters can game web-authentication measures to take advantage of such protests and exploit loopholes in business networks. They can use these protests as a means to drop malware or ransomware to steal sensitive information or to extort money.
8. IoT-driven Attacks:
The number of IoT-connected devices is expected to cross the 25.4 billion mark by 2030. Inherently, IoT devices are not that secure and are, therefore, vulnerable to an increased threat of cyberattacks. Senior-level security executives say that IoT security is a significant threat that they are still trying to get their arms around. To make matters worse, generally consumers do not change the default passwords which makes these smart devices more susceptible to account takeover attacks.
9. Supply Chain Attacks:
The ongoing disruption in supply chains is an opportunity that attackers will try to take greater advantage of in 2022. SolarWinds, Codecov, and Kaseya are still fresh in our memory. We expect an increase in similar attacks that can be used to harvest sensitive data or infect systems with malware. This will fuel the need for greater government regulations.
10. Account Security:
In the wake of rising fraud and online abuse, digital businesses will focus their attention on the account security of the customers. Comprehensive account security will be on top of the priority list of fraud teams and they will look beyond the traditional castle-and-moat method to verify user identities. A tiered approach to web authentication of users will become popular.
Fraudsters are in the business of making money and the coming year will be no different. The attacks, however, will be more sophisticated in technique and strategic in approach, such that they can reap maximum returns with the least possible investments. Attackers will also look for the path of least resistance and will exploit loopholes in business networks – whether external or internal. Furthermore, since they have invested time and resources to understand the current fraud defense mechanisms, attackers will use this knowledge to counter them.
Stop Treating Good Users like Criminals
In 2022, businesses must remain aware of the shifting risks they face and take appropriate measures to protect themselves and their consumers. To counter a technologically superior opponent, digital businesses should also leverage the power of the latest technology. Think in terms of deterrence, not just mitigation.
It’s time businesses looked beyond traditional fraud mitigation that only adds unnecessary friction for consumers and degrades the user experience. Also, they must stop treating good users like fraudsters. It’s time to adopt a zero-tolerance approach to bankrupt the business model of fraud. Using friction judiciously to identify and pin down fraudsters will help businesses allow good users to continue with their digital journeys unhindered, and protect business interests in the long term.
To learn how Arkose Labs helps digital businesses use targeted friction for long-term fraud prevention and deterrence from evolving fraud attacks, please book a demo now.