How AI-powered fraud and aggressive ransomware could dominate 2022

To predict the future, sometimes we must take a careful look at the past. Cyber crime rarely works in 12-month cycles—it’s more fluid than that. So we can often spot the first signs of impending trends some time in advance. In this regard, 2021 has been instructive. We’ve seen more advanced and targeted ransomware actors looking to use zero-day exploits to compromise their victims. We’ve also seen an increase in dark web chatter about the use of deepfake technology and other AI-powered fraud techniques to support business email compromise (BEC) and similar scams.

Both could become a regular feature of 2022. But forewarned is forearmed, especially when it comes to cyber security.

The Dark Web: a cyber crime bazaar where data is a hot commodity

Mike Schuricht, leader of the Threat Research Group at Bitglass, a Forcepoint company, discusses the role of stolen data in cyber crime over the Dark Web. Read here

Ransomware ramps up

Ransomware was the stand-out story of 2021. But amongst the headlines, one of the most interesting trends we’ve noticed is the increasingly aggressive way some groups are going after targets. We all know about phishing vectors, collaboration with Emotet and TrickBot groups, and exploitation of RDP and VPN infrastructure. But what about supply chain attacks using multiple zero-days?

That’s exactly what happened in a sophisticated campaign linked to the Clop group or its affiliates. It involved compromise of the legacy FTA file transfer service from Accellion, which impacted dozens of downstream customers, from global law firms to aircraft manufacturers. This was a highly targeted, well-planned operation from start to finish, which didn’t even use ransomware at all — relying solely on data exfiltration for extortion.

Of course, researching and exploiting four zero-day vulnerabilities doesn’t come cheap. But some ransomware actors now have hundreds of millions in stolen funds to their name, and the market for such exploits is growing. Expect more of the same in 2022.

Patching must take precedence

All of which should encourage CISOs to put a greater focus on building effective risk-based patching programmes. It should also recognise the fact that, as we recently reported, only a quarter of vulnerabilities exploited in Q3 were in Microsoft products. Demand from the cyber crime community is increasingly for exploits in other mission-critical assets and platforms like Linux, and defenders must take note accordingly.

Organisations must take a more proactive stance like this because the ransomware threat will continue to grow as long as there is money to be made from victims. As barriers to entry are lowered by “as-a-service” offerings, and criminals continue to be harboured by hostile nations like Russia, the number of non-technical affiliate groups will keep on surging upwards. The impact of this over the next 12 months will be more damage, but also more unpredictable outcomes. Innocent businesses and civilians will once again be caught in the crossfire. What price a major outage at a supermarket chain during a future COVID lockdown?

How to empower your chief information security officer (CISO)

This article will explore how organisations can empower their chief information security officer (CISO) to excel in securing infrastructure. Read here

A new era of high-value AI-powered fraud?

Discussion on underground forums is also growing about the potential in deepfake technology to mimic audio and potentially even video footage. We’ve already seen one CEO duped into wiring criminals over $240,000 after they impersonated his boss over the phone. More recently, a Dubai bank was defrauded out of $35 million after similar tech was used to imitate a company director in a phone conversation with a branch manager. Attempts are becoming more frequent, and with a potential multimillion dollar pay-off in store, the technology is certainly affordable for those prepared to take a punt.

Companies relying on voice to authenticate internally are already removing this layer from their security processes. How long before we see the technology also used to trick individuals via video calls? Organisations should be building mitigations into their business processes today, and updating training programmes accordingly. AI is no longer the preserve of revenge porn and high school pranksters. It’s a serious fraud risk for 2022 which could eventually put traditional BEC in the shade. Take action today to avoid a serious incident tomorrow.

Written by Jason Steer, principal security strategist at Recorded Future

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at