Dan Alexander, head of threat intelligence for BAE Systems Applied Intelligence, and colleague Kyle Draisey, senior solutions architect, look at the cyber security risk trends facing businesses in the insurance and financial services sector in the coming year.
Using employees’ personal devices and Internet of Things-enabled equipment as a gateway to attacking companies’ systems, and compromising business emails using “Deepfake Voice”, are at the top of BAE AI’s list of cyber crime trends likely to threaten insurers this year. The use of ransomware, with criminals shifting from Bitcoin to other currencies that are harder to trace, also continues to be a major risk to financial services companies, together with the return of bank heist attacks against payment systems as borders reopen following the pandemic. Plus, a lack of cross-team co-ordination in large organisations, and the potential for failures in operational resilience across critical national networks, need to be urgently addressed to support early threat detection and help prevent small fails becoming major events.
· Exploiting employee’s personal devices:
“We predict a change of focus from businesses to employee’s personal devices this year, with cyber attackers using them as a stepping point before entering the target organisation” says Dan Alexander.
“We’re expecting to see a strong social engineering aspect, as attackers reach out to targets through social networking and instant messaging services before delivering malware to their personal device.”
Kyle Draisey warns that this will in turn bring up challenges of where the limits of protecting an organisations truly are.
“Incident response teams are often limited to the boundaries of the corporate network, however, we expect this to be challenged with a need to update incident response plans and privacy concerns.”
· Initial attacks via IoT devices:
“The number of Internet of Things (IOT) devices has continued to grow at a rapid pace,“ says Dan. “However, cyber criminals have yet to really take advantage of this outside of botnet assembly which is used in DDOS attacks.”
IOT devices are regularly found to have vulnerabilities – however they are often excluded from an organisation’s patching regime.
As a result, says Dan, in 2022 we can expects attackers to explore IOT vulnerabilities in more creative ways and use this as an initial access vector to access target networks.
· Business email compromise using Deepfake Voice:
Business email compromise scams involve criminals impersonating c-level executives, finance teams, or even suppliers to trick employees into making large payments or changing the payment process to send funds to a scammer’s bank account.
“Security advice has been to double, or even triple-check the requests out-of-band through an alternative means to ensure the request is genuine,” says Kyle.
“This may have previously been just a walk down the corridor in the office to check, but with many people now working remotely, more and more of those verification checks are now happening over the phone, presenting new opportunities for the criminals.”
Dan adds: “We’re expecting more criminals to use rapidly developing deepfake technology to accurately impersonate the voice of the executive or finance team member, making the request seem more legitimate and therefore more successful for the scammer.”
· Shifting trends in ransomware threats:
Ransomware dominated the cyber threat landscape in 2021, and it’s not going to disappear anytime soon. Law enforcers are increasing their focus in this area, and there have been a number of recent operations to disrupt and arrest the operators.
In rare cases, it’s been possible to recover funds following a ransom payment through tracking Bitcoin transactions.
But Dan warns that as ransomware operators look to avoid law enforcement, they will evolve their tactics and look for more ways to make it more difficult to track and recover funds.
“A logical next step to this is the movement away from using Bitcoin to other cryptocurrencies, such as Monero, where the tracing is far more difficult,” he predicts.
· The return of bank heists
Following a boom in attacks against payment systems, the pandemic came along and with it came closed borders and limited international travel, hampering the ability for money mules to enter countries to retrieve stolen funds.
“This has meant a significant drop in the number of bank heists over the past year or so,” says Dan.
“However those borders are now opening up again and as international travel once again becomes the norm, we expect mules to return and bank heists to follow.”
· Disconnected teams mean missed cyber risks – Purple is the new Red:
Threat-intelligence-led “Red Teaming” to test and strengthen an organisation’s resilience and response to cyber threat has become a global standard.
“Unfortunately there is often a disconnect between the Red Team performing the exercise, and the Blue Team defending against it,” says Kyle.
This results in missed opportunities in the detection of offensive actions within networks, systems and platforms, he says, advising that Red and Blue teams should work closely together in a Purple Team, creating a new dimension to the strategy.
“This allows organisations the ability to improve the effectiveness and efficiencies in network monitoring, threat hunting, and detecting vulnerabilities in a much shorter time period.
“We’re expecting more security teams to employ threat intelligence-led Purple Team practices throughout their operational and engineering lifecycles.”