This year will see cybercrime incidents, fallouts, and innovations rise to worrying new levels of sophistication and reach.
To make sense of it all, F5 Labs assembled a group of experts to delve into the detail.
Read on to see what the solution architects, analysts, engineers, fraud specialists, former law enforcement and intelligence officers – as well as an erstwhile chief information security officer or two – have to say…
Prediction 1: State-sponsored criminals will adopt cybercrime toolsets
Advanced persistent threats (APTs) can sometimes refer to a specific group of hackers, the entire spectrum of advanced attack techniques employed by cybercriminals, or even specific nation-state hackers.
In this case, we’re talking about the attackers themselves, not the general threat. As the acronym APT implies, they are technically skilled, advanced attackers who are willing to spend a lot of time trying to get you.
“This year, we expect to see more APTs, specifically state-sponsored actors, modifying known commodity malware strains and using techniques cybercriminals have become famous for, such as setting up command-and-control over Telegram messenger,” says Remi Cohen, Senior Threat Intelligence Engineer at F5. “In other words, the place to look for the newest APT accomplices will be the cutting edge of criminal operations.”
Prediction 2: Fintechs will front for collecting credentials
For someone to use the services of a fintech, they need to enable connections between the fintech organisation and all of their other financial accounts. This means that they need to hand over usernames and passwords for all relevant accounts.
“Some fintechs are well established and reputable, whereas others come and go,” notes Dan Woods, Global Head of Intelligence at F5. “In 2022, we will learn that one or more fintechs were nothing more than a front for a criminal organisation established only to collect usernames and passwords.”
Prediction 3: Ransomware will target the rich
As part of the 2021 Application Protection Report, F5 Labs reported that it was more useful to think of ransomware as a monetisation strategy rather than as a form of denial-of-service – an alternative to enriching stolen data for later use in digital fraud.
“It is only a matter of time before somebody starts targeting the extremely wealthy on their own personal networks,” says Sander Vinberg, Threat Research Evangelist at F5 Labs. “These targets clearly have the means to pay the ransom, and their information systems are often as complex as those of small enterprises. We already know that many ultra-high-net-worth individuals have things to hide about their finances, so it follows that at least some of them might be hesitant to bring in law enforcement in the event of an attack.”
Prediction 4: Organisations will have more key problems
Last December, an international cryptocurrency exchange experienced a theft of
$200 million worth of various cryptocurrency tokens after the exchange’s private key was compromised.
At the same time, several new options for more secure key storage became available in 2021 through the provisioning of hardware security modules (HSMs) in the cloud. These tools can be expensive, and they require a lot of infrastructure to ensure they work properly and make keys accessible around the clock.
“You can, of course, secure private keys by encrypting the key file and using a passphrase,” says Peter Scheffler, Senior Solution Architect at F5. “However, as the number of keys you manage increases, this can quickly get out of hand – you can easily end up with a duplicate password scenario. For enterprises and large organisations, cloud HSM services should look like the only way to go, but I think that it even makes sense for individual power users,” says Scheffler. “However, it’s just a question of whose keys get compromised this year. So, get yourself a secure key storage tool and make sure you’re not one of the compromised.”
Prediction 5: Cybercriminals will act more like businesses
The signs are increasing that specialisation and division of labour are intensifying in the attacker community. The F5 Labs team also observed similar signs in the fraud community.
Worryingly, those offering these services are beginning to resemble a corporation that employs people with diversified roles and outsources specific activities.
Furthermore, F5 Labs’ observations indicate a shift away from specialisation within subsets of subgroups in the attacker community – for example, among the Russians or the FIN6 threat group – and toward a generalised market of specialists who will work with nearly anyone.
“Today, it is not just individual actors or threat groups making decisions like a business, but the entire attacker landscape coalescing into a mature, capitalist industry composed of businesses that link up with one another as needed,” says Vinberg.