You thought last year was bad (and the year before, and the year before that), but unfortunately, cybercrime is only likely to get worse in 2022. Worse both in terms of there being more of it, and in the forms it takes being more destructive.
How to Prepare for a Cyberattack
To help you prepare, here are a few of the top trends in cybercrime for 2022.
1. Ransomware-as-a-Service (RaaS)
Many hackers have graduated from working alone and learned the power of collaboration. And their efforts now show sophistication on par with how startups are run. The RaaS model looks a lot like the SaaS model (Software-as-a-Service), except instead of selling software that provides value to organizations, RaaS sells malware that low-level hackers can use to infect higher-level targets than they could pull off on their own.
Cyber gangs like REvil, DarkSide, and Lapsus$ have worked to turn ransomware into a more interconnected industry, where bad actors work together to make threats more effective and harder to fight.
2. Government-backed cybercrime
Most cybercrime is financially motivated, but not all of it. Some countries have begun to host or work with hackers performing ransomware attacks and other forms of cybercrime. While a shift from conflict via weapons to one that mostly happens across computer networks could make some people safer, government-backed cybercrime still has the potential to do a lot of damage.
Countries that choose to work with skilled hackers can gain the power to tap into the networks that control basic utilities or businesses that create essential goods. And getting the backing of powerful governmental organizations can give cybercriminals access to resources that enable their attacks to go that much further.
3. Political cybercrime
Governments aren’t the only ones who could get in on the game. Individuals and organizations can also turn to hack as a way to promote activist causes. While the concept of hacktivism first gained attention around a decade ago, political and ideological passions run higher than ever. There’s no reason to believe people won’t turn to cyber attacks to do damage to companies they don’t agree with or political organizations whose work they want to disrupt. And social media makes it easier than ever for people with similar views to find each other, and join their efforts toward a common cause.
4. Smishing
Phishing gets a lot of attention in cybercrime discussions—and for good reason, it was the most common cause of data breaches last year. Yet as more of communication shifts from email to text, scammers shift with it. Smishing—the kind of phishing that happens over SMS/text—increased 328% in 2020, according to Proofpoint.
Smishing uses similar techniques to email phishing. Smishing texts will sometimes masquerade as texts from legitimate businesses claiming to offer deals or shipping and order updates. Sometimes they’ll try to make it seem like they’re alerting you to a family emergency or coming from a friend, in order to evoke emotion and convince you to respond before thinking critically. And sometimes they use common life stressors like debt collection, the fear of overdue bills, and tax confusion to target people in areas where they’re emotional.
Typically, smishers try to get people to click on their link and hand over sensitive information. Many consumers have learned to recognize and be suspicious of phishing emails, but are behind on bringing that same awareness to their texts. That’s what makes this such a lucrative channel for scammers.
5. Data-fueled cybercrime
Cybercrime based on social engineering—trying to fool people into handing over information or taking actions that benefit the criminal—is nothing new. But one of the newer dangers of social engineering is the addition of data to these crimes.
Because of all the data breaches that have occurred over the years, there’s now data about millions of people (maybe most people) floating around out there. Cyber criminals can access that data and put it to use. If they know someone has a particular type of debt, their phishing and smishing attempts can reference it. If they know someone has an account with a particular ecommerce store, they can reference that store in emails touting fake promotions or order disruptions.
Getting a text about a car loan when you don’t own a car is easy to ignore. But if you have a car and you’re still paying it off, that text looks a lot scarier. You’re more likely to click on the link or call them back for more information. Cyber criminals know that, and they’ll use whatever information they can get to make their scams more convincing.
6. Paper-based crime
One final prediction for the future comes straight out of the past. As people’s fears about digital security increase, many grow lax in how careful they are with paper data. How often do you see people = throwing documents away without shredding them? For younger generations especially, the best practices around keeping paper data secure are something many simply never learned.
But there are absolutely criminals out there willing to go dumpster diving to find valuable information they can use. Your social security number, bank account information, healthcare details—all of it probably lives on paper documents you deal with in the course of a year. If some of it is making it into the trash where people can find and use it, it puts you at risk just as much as electronic data breaches do.
Know the Cybercrime Trends to Stay Aware
One thing that’s consistent about cybercrime: it sticks around. As long as the internet is a part of our lives, cybercrime promises to be around as well. But the details of how it looks change, and anyone not paying attention to those changes risks becoming an easier target because of it. Stay alert and aware to reduce your risk of falling prey to the savvy scammers of 2022.
