Intelligent Tech Channels Issue 61 | Page 67

Phishing attacks will continue to iterate as these are low-cost with a high return on investment for cybercriminals .

pPhishing attacks targeting new employees Phishing attacks will continue to iterate as these are low-cost with a high return on investment for cybercriminals , especially initial access brokers . Recent research has shown that an email impersonating a colleague has the highest chance of success . We ’ re therefore likely to see phishing attacks on new employees grow as a phenomenon . As new start-ups make a splash on LinkedIn , they are more susceptible to fake welcome emails from ‘ senior executives ’ or fake company onboarding portals . Sometimes , these are used for credential harvesting , account takeover or even multistage malware droppers .

More sophisticated spear phishing
Fraudsters will continue using social engineering , a method of attack where cybercriminals weaponise personal information to target a specific user . Sophisticated attacks like spear phishing – where attackers send emails that appear to be from a known or trusted sender – will grow .
Most prominently , whaling will be on the rise , which is an even more specialized variety of spear phishing that targets a specific user high in an organization ’ s hierarchy – also known as CEO or CFO fraud .
Increase in Malware-as-a-Service
Malware- As-a-Service ( MaaS ), which is a model similar to Software-as-a-Service will continue to grow as a booming business for cybercrime organisations . MaaS is available for purchase on the Dark Web to target big businesses with sensitive and critical assets .
Harvest now , decrypt later
Quantum Computing is closer to becoming a reality and as we move towards Q-Day – when this technology will be readily available – organisations need to prepare for ‘ harvest now , decrypt later ’ attacks . Bad actors will ‘ harvest ’ data from organisations with the intention of decrypting the data later when Quantum Computing reaches maturity .
Ransomware evolution
Ransomware will continue to evolve and research shows that attacks are becoming more harmful each year . According to Mimecast ’ s State of Ransomware Readiness Report 2022 , two-fifths of cybersecurity leaders ( 40 %) have encountered ransomware attacks that use compromised credentials tactics this year , compared to 33 % last year . Cyberinsurance will no longer be a guaranteed safety net and preventing an attack altogether is the only safe path .
Concerningly , businesses ’ ransomware defences appear to have remained static , with many firms lacking basic security measures , which increases vulnerability and exposure in the event of an attack . It ’ s critical to properly invest in fundamental measures , like robust email security and employee training .
AI voice-cloning technology
Threat actors will take social engineering to the next level . As Artificial Intelligence ( AI ) voice cloning technology becomes more powerful and readily available , we will see an increase in impersonation attacks that utilise audio deepfakes . These will be used in combination with compromised email and collaboration accounts .