This article was produced in partnership with BAE Systems
Mallory Hendry of Insurance Business sat down with Dan Alexander, head of threat Intelligence at BAE Systems, to discuss what the New Year has in store — and how you can defend against it.
At the beginning of the year, there are a handful of threats Dan Alexander, head of threat intelligence at BAE Systems, sees on the horizon. And while he notes his predictions “are an art rather than a science,” there are a few he identifies as particularly prevalent heading into 2022.
One threat that will likely make a comeback is the Bank Heist, where attackers get into a bank’s networks, navigate towards the payment systems and manipulate them for financial gain. These types of cyber heists boomed following the infamous 2016 Bangladesh Bank Heist, but recently experienced a significant drop.
“The return of the bank heist is an interesting one,” Alexander said. “Over the past five years we’ve been tracking lots of activity relating to payment systems, but what we’ve seen over the last 18 months or so since the pandemic really got going is the attackers aren’t focused on that so much.”
As the global coronavirus pandemic continues to close borders, the limit on international travel is a key contributor to the decline in bank heists. Money mules, who enter countries to retrieve stolen funds and quickly take the money out of the country again, are unable to fulfill their role and there’s been more focus on cryptocurrency exchanges as a result.
“One of the first predictions we made is as borders open up and international travel becomes the norm again, we expect mules to return and bank heists to follow,” Alexander said.
Traditional security advice will always hold you in good stead, but specific to this issue Alexander recommends financial institutions take a look at the protections in place around their payment systems. Ensure they’re in a segregated part of the network, and make sure it’s not easy access to go from one part of the network to the payment side, he advises.
There’s a risk the expected resurgence will be delayed even further because of the recent spread of the Omicron variant, meaning “it’s essentially predicting when we think international travel will open up and then, as a result of that, we expect to see increasing bank heists again,” Alexander said.
Over the past 18 months or two years “we’ve seen a huge rise in ransomware campaigns impacting businesses and it’s become a big problem for organizations globally,” Alexander said. In fact, ransomware dominated the risk landscape in 2021, and law enforcement responded by increasing their focus in the area and arresting a number of ransomware operators. In a few rare cases, law enforcement was even able to track Bitcoin transactions and recover funds following a ransom payment - but these attacks aren’t going away anytime soon, Alexander warned.
“As ransomware operators look to avoid law enforcement, we expect them to evolve their tactics and look for ways to make it more difficult to track and recover funds,” he said. “A logical next step is the movement away from using Bitcoin to other cryptocurrencies, such as Monero, where the tracing is far more difficult.”
Another emerging threat is business email compromise using deepfake voice, a technological advancement that allows someone to easily create a realistic fake voice of another person. Traditionally, the scam involved the attacker sending emails to employees impersonating someone high up within their organization - typically finance teams, CEOs, executives, or even suppliers - in the hopes of tricking employees into paying large sums of money or changing the payments process for the purchase of goods.
Security advice has been to double, or even triple-check the requests through an alternative means to ensure they’re genuine, and before the pandemic, this may have been as simple as walking down the hall to a coworker’s office. But with the sharp rise in remote work, more and more of those verification checks are happening over the phone - and this presents new opportunities for criminals given the one thing a victim trusts more than an email is getting a call or voicemail with the voice of someone they know.
“What we’ve seen over the last few years is that criminals are very good at compromising email accounts to run these scams, but what we’re expecting to see as technology is advancing is the attackers picking up some of these elements as well,” Alexander said. “In 2022, we expect more criminals to utilize the rapidly developing deepfake technology to accurately impersonate the voice of the executive or finance team member making the request seem more legitimate and therefore more successful for the scammer.”
While it’s not a massive change in terms of the core modus operandi of what they’re doing, they’re utilizing new technology to make it more convincing and therefore more difficult from a victim perspective to spot that it is social engineering. The best practice is to reach out through trusted channels and use the contact information in the organization’s system to verify the person’s identity, and not rely on an incoming call even if the voice is recognizable.
“There’ve been a couple of cases of this in the past few years, but it’s not hit the mainstream as of yet,” said Alexander. “It’s not going to be super commonplace, but I expect we’ll definitely see a few more interesting cases related to this.”
While these risks round out what Alexander predicts will be some of the most interesting developments, the threat landscape is one of constant evolution. For more intelligence on what challenges may come in 2022 - and insight into how you can defend against them - explore BAE Systems’ website here.
Dan Alexander has been head of threat intelligence at BAE Systems since September 2011. BAE Systems offers advanced defence technology that keeps critical information and infrastructure secure. The company is constantly searching for new ways to provide customers with a competitive edge across the air, maritime, land and cyber domains.
