The “digital boom” has been of significant benefit to businesses of all types, as well as to customers. But as with many things, there is “bad” along with the “good”—and this includes an evolving fraud landscape. For example, online payment fraud alone will lead to losses of more than $206 billion between 2021 and 2025.
Given all this, it’s important to take a look at three of the most marked emerging and evolving cyber-threats and fraud trends companies should keep on their radar.
1.Ransomware still running rampant
Ransomware isn’t going away. In fact, it’s taking a stronger hold on businesses and will continue to do so thanks to the massive online growth sparked by the pandemic, the shift to remote work, and other events. In its recently released Emerging Risks Monitor Report, IT research and consulting firm Gartner pegs the “threat of new ransomware models” as the top concern facing executives. Verizon’s 2022 Data Breach Investigations Report indicates that ransomware attacks doubled in frequency in 2021 and are still on a sharp uptick, and that ransomware was present in the majority (71 percent) of cyber-attacks involving malware. And about 37 percent of global business participants in IDC’s 2021 Ransomware Study reported having been victimized by some type of ransomware last year.
Ransomware attacks are also becoming more sophisticated, with perpetrators increasingly leveraging sophisticated forms of artificial intelligence (AI) to extract sensitive consumer and business data. This data is now being used not only to negotiate and secure ransom payments, but to further perpetrate fraud.
Experts advise that whether or not their employees work remotely, organizations should engage in training and education for all staff as to how to mitigate phishing attacks—even if it means investing in third-party training services. They recommend proactiveness in securing all types of data and investing in a zero-trust security model in which users must prove the authenticity of their identity rather than gain access to networks, systems, and the like based on their role in the organization.
In its report, Verizon identifies emails (in 40 percent of incidents cited) and desktop sharing software (in 35 percent of incidents cited) as the two major routes that ransomware operators use to enter a system. Verizon suggests that locking down an enterprise’s third-party facing infrastructure, such as remote desktop protocols that give remote access to a PC) and emails can better safeguard these routes against attacks.
2.Deepfake identity fraud getting more real—and highly weaponized
Until recently, “deepfakes” were seen mostly in the entertainment arena, for instance, with doctored videos showing one actor’s face morphing into another or individuals saying something they clearly did not. However, the prevalence of deepfake attacks is growing. According to IntSights, a provider of platforms designed to quash external data threats, dark web traffic around deepfake attacks has trended upward by 43 percent since 2019, with no end in sight.
Even more troubling, recent advances in deepfake technology are allowing perpetrators to move beyond the above-mentioned spoofing activities. Now, they are harnessing compromised identity data to bypass verification controls and create fake profiles with documents, facial images, and voice cloning to carry out payment fraud and other related activities.
Fighting back against deepfake identity fraud, experts believe, entails capturing digital and behavioral data to complement identity controls. This should be followed up with using AI and machine learning to analyze interactions and spot fraud.
3.Fraudsters are breaking into the (video) conversation
Business’ use of teleconferencing and videoconferencing software is continuing as organizations of all types and sizes ride the remote work wave. Smart perpetrators are, increasingly, taking advantage of the trend by attempting to piggyback on teleconferences and videoconferences to eavesdrop on conversations and view presentations that may include sensitive data they can use in their criminal activities. The Acronis Cyber Readiness Report states that more than 30 percent of companies experienced attacks on their videoconferencing systems in 2021.
According to the Center for Internet Security (CIS), these attacks will remain of grave concern. The organization advises companies and other entities to adopt formal policies and procedures to push back here. Its recommendations encompass scrubbing conference invitation lists to make them less visible, if not invisible, to fraudsters; password-protecting videoconferences, sending out passwords for online meeting entry in communications that are separate from meeting invitations, instructing moderators to manually admit participants, and locking meetings once they have started.
E-Complish encourages its payment solution and services users to remain hyper-vigilant to these and other threats and will continue to do its part to ensure the security of its client’s data—and that of clients’ customers. Learn more here.