Based on trends observed last year, Kaspersky has revealed some of the main cyber threats Australian consumers and businesses should be prepared for in 2022.
1) AUSTRALIANS’ PERSONAL DATA IS AT RISK
Lockdowns forced many Australians to use more online services – from retail to groceries to takeaway food and at-home meal kits, consumers relied on contactless delivery and ‘click-and-collect’ services to conduct daily activities. This has resulted in Australians’ personal data now at higher risk of exposure to cybercriminals.
“Every time we use these online services, we input personal information such as our address, mobile number and payment details. This means there’s now a massive amount of our personal data out there across websites and apps for cybercriminals to access,” explains Noushin Shabab, Senior Security Researcher at Kaspersky’s Global Research and Analysis Team.
“Despite lockdowns ending, we remain heavily reliant on these services, meaning there’s a higher likelihood of cyber gangs obtaining these details via comprised websites or unsecured networks, and scammers mimicking the brands to trick consumers into stealing their personal data through phishing attacks.”
2) NEW, MORE TECHNICALLY ADVANCED SCAMS
With this in mind, Australians should be on high alert for any suspicious emails, texts, social media messages, app notifications and phone calls. As Ms Shabab describes, scammers are always advancing their methods and we should look out for new tactics in 2022:
“Scammers will start producing more deep fake videos, bespoke text and images tailored to their victims, and using more voice synthesis in addition to their usual tactics. We believe we’ll see the first attempts of such technically advanced scams this year. It’s also likely there will be a shift back from scams that are computer-assisted, to pure cybercrime based on a complete compromise of digital assets, such as user accounts, smartphones, laptops or smart devices.”
3) MORE CRYPTOCURRENCY AND NFT ATTACKS
As cryptocurrency and NFTs are digital assets and all transactions take place online, this makes them an attractive target for cybercrime groups and state-sponsored threat actors.
Ms Shabab notes, “We expect a significant wave of attacks on cryptocurrency businesses this year, having observing the recent activity of sophisticated, cutting edge attackers like Lazarus and its sub-unit BlueNoroff. From direct attacks on employees of cryptocurrency startups and exchanges, through to sophisticated social engineering, software exploits and even fake suppliers, to mass attacks via supply-chain software – we will see an increase.
“We are also likely to see more incidents of NFT property theft, and given this is a new area there is likely a shortage of specialist police investigators which therefore could result in an initial surge of these attacks.”
Such threats will not only have an effect on the global cryptocurrency markets but also the share price of individual companies, which will be monetised by the attackers via stock market illegal insights trading.
4) A DECREASE IN TARGETED RANSOMWARE ATTACKS
While there was a clear correlation between the rise of COVID-19 and an increase in targeted ransomware attacks, the strong international cooperation and multiple ransomware task forces now in place is set to reduce the number of such attacks during 2022.
These attacks will continue, but we anticipate they may resurface later and also with greater focus on countries with poor cyber-investigative capabilities, or those that are not allies of the US.
5) MORE DATA BREACHES BY UNIDENTIFIED ATTACKERS
Fewer targeted ransomware attacks results in less openly exposed stolen data. We therefore foresee a rise in stolen data being offered on black markets this year.
“According to our research, in over 75% of data breach incidences the victims were neither able to identify the attackers nor find out how they were compromised. While this is a serious challenge facing cyber defenders, it is a motivational factor for cybercriminals to delve into the field of data theft and illegal trading. As a result, we believe there will be more databases, internal communications and personal details stolen from local companies and traded on the black market this year,” comments Margrith Appleby, General Manager of Kaspersky Australia and New Zealand.
6) CONTINUED INDUSTRIAL ATTACKS, BUT MORE SECURE SUPPLY CHAINS
Attacks against industrial organisations and supply chains will continue and may become harder to automatically detect and prevent, meaning there is an even bigger threat potential and danger as a result.
“The Critical Technology Supply Chain Principles issued by the Federal Government late last year however was a welcome move in securing the supply chain for critical technologies and is likely to reduce the number of supply chain attacks we see against local companies this year and beyond,” concludes Ms Appleby.
Kaspersky recommends the following to avoid becoming victim to these cyber threats:
TO KEEP YOUR DATA SAFE
- Use secure passwords and a password manager.
- Close unused accounts as they hold valuable personal information for cybercriminals to access.
- Keep your software up to date on all your devices, by installing updates as soon as they become available.
- Be wary of free Wi-Fi as it can be an easy target for cybercriminals. If you do need to use it, avoid opening or sending sensitive data, turn off Bluetooth and use a firewall and a VPN when possible.
TO AVOID SCAMS
- Look for red flags in messages such as grammatical errors, a sense of urgency and addresses and strange spelling in links.
- Do not provide any personal information or transfer any money if you suspect anything suspicious, especially information that could be used to access an account you hold with the supposed company.
- Do not fill any forms on sites other than the brand official site – brands won’t use Google Docs or similar services for support purposes. Also remember brands will never ask you for your account login information if they are contacting you.
- Be wary of any offers of free cryptocurrency and check on official websites to see if a particular giveaway promotion is running.
- Thoroughly research cryptocurrency exchanges before using them.
- Use a secure communication channel for all crypto transactions. It is always best to conduct all crypto trading over an encrypted VPN channel.
TO KEEP YOUR BUSINESS SAFE
- Educate, educate, educate. It is essential employees are across basic security hygiene as it can reduce the risk of a business becoming a cyberattack victim by 60%.
- Patch and update software as soon as options are available and upgrade devices when the software is no longer supported by the manufacturer.
- Use high-grade encryption for sensitive data. Encryption is key to protecting extremely sensitive information and assets, it can provide an additional layer of protection for remote workers and increase the integrity of your data.