Matthew Roach, Head of i-4 at KPMG UK, manages the KPMG i-4 cyber threat intelligence exchange for member organisations. i-4 is a confidential trust group for chief information security officer (CISOs) and cyber security leaders to find enriching content in order to stay ahead of today's cyber security challenges. He began his career with the Metropolitan Police Service, rising to the Serious and Organised Crime Agency and latterly the National Crime Agency and is a founder of the National Cyber Crime Unit. He shares his predictions for 2022.
The march of the maligned insider
COVID-19 has changed so many aspects of our working lives. As global corporations plan and implement their return from lockdown, in some cases mandating staff back into the office, many colleagues feel a mixture of reluctance, even resentment in being forced to perform a task under the harsh glare of office lighting, rather than the comfort of their own home. This ‘enforced return’ policy can generate ill-feeling and will prompt some to seek favourable opportunities elsewhere. Employers run the risk of generating a flood of ‘bad leavers’ who could walk out the door with sensitive data whilst working from home in the belief that because they are out of sight of their employer they have a lower chance of being caught. The threat actor community knows this and will seek to take advantage of those with an axe to grind.
Big data and 5G will open up new vulnerabilities for transport
The global rollout of 5G and ‘smart’ vehicles containing an orchestra of sensors is already generating sizeable data lakes of user behaviours that vehicle manufacturers will wish to retain and capitalise on. As data is widely seen as ‘the new oil’, our transportation habits will be seen as an easily exploitable vulnerability by ambitious attackers. Recent outages experienced by vehicle manufacturers have left drivers unable to operate their cars and some have been left stranded. As ‘smart’ vehicles increase in popularity, we can expect threat actors to direct their disruptive efforts more towards cars. We may even see the resurfacing of a modern day ‘digital Dick Turpin’, emulating the 17th century highway robber demanding money for travel.
A rise in deepfake attacks is expected
The technique of using AI to emulate corporate leaders’ signatures will become a more mainstream attack vector in 2022. Financial institutions have been increasingly reliant on voice analysis as a security measure and the threat actor community has already cottoned on. This method was used successfully at the end of 2021, with a $35m theft from a bank based in the UAE. Banks and global investment houses need to take note and ensure their security methods are not over reliant on any single technology solution.
Ransomware will be rebranded
As Emotet has re-emerged following the short-lived law enforcement takedown, there is evidence of collaboration between notorious ransomware gangs that will gather pace next year. Most recently, Emotet has been adapted to drop Cobalt Strike onto victim’s systems, and we can expect threat actor groups including Ryuk, Conti and Revil to work together and kick off with new campaigns targeting sectors which have not previously been subjected to such attacks – with their sights set on retail. As well as disabling systems, these threat actors will be aiming to harvest customer credentials to carry out a double extortion/secondary fraud attempts at scale. Retailers and ecommerce should ensure their client data is held in an encrypted format to protect against this threat.
Public cloud attacks on energy industry
Many companies in energy are heavy users of public cloud which is considered less secure than its alternatives, therefore, it is reasonable to assume these will be subjected to increased attacks. Threat actor groups are already conducting these attacks on a daily basis in order to obtain a foothold into energy corporations’ cloud infrastructure. It is highly advisable for corporations to conduct regular penetration tests of their cloud infrastructure to identify security gaps before the opposition does it for them.