SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky lists 5 cyber threats to watch for in 2022
Fri, 14th Jan 2022
FYI, this story is more than a year old

Global privacy company Kaspersky has highlighted some of the most significant cyber threats New Zealand consumers and businesses should be prepared for in 2022.

Based on trends observed last year, the company says our personal data is at risk, more advanced scams are coming, and there will be fewer targeted ransomware attacks this year.
New Zealanders' personal data is at risk 
Frequent lockdowns in New Zealand have forced many people to use more online services – from retail to groceries to takeaway food and at-home meal kits; consumers have relied on contactless delivery and click-and-collect services to conduct daily activities.

Kaspersky says this has resulted in New Zealanders' personal data being at higher risk of exposure to cybercriminals.

"Every time we use these online services, we input personal information such as our address, mobile number and payment details," says Kaspersky senior security researcher, Global Research and Analysis Team, Noushin Shabab.

"This means there's now a massive amount of our personal data out there across websites and apps for cybercriminals to access. Despite lockdowns ending, we remain heavily reliant on these services, meaning there's a higher likelihood of cyber gangs obtaining these details via comprised websites or unsecured networks and scammers mimicking the brands to trick consumers into stealing their data through phishing attacks."

New, more technically advanced scams 
Keeping the previous point in mind, Shabab says New Zealanders should be on high alert for suspicious emails, texts, social media messages, app notifications and phone calls. She says scammers are continually advancing their methods and that we should watch out for new tactics in 2022.

"Scammers will start producing more deep fake videos, bespoke text and images tailored to their victims, and using more voice synthesis in addition to their usual tactics," she says.

"We believe we'll see the first attempts of such technically advanced scams this year. It's also likely there will be a shift back from scams that are computer-assisted, to pure cybercrime based on a complete compromise of digital assets, such as user accounts, smartphones, laptops or smart devices."

More cryptocurrency and NFT attacks
As cryptocurrency and NFTs are digital assets, and all transactions take place online, this makes them an attractive target for cybercrime groups and state-sponsored threat actors.

Kaspersky expects a significant wave of attacks on cryptocurrency businesses this year. Having observed the recent activity of sophisticated, cutting edge attackers like Lazarus and its subunit BlueNoroff, direct attacks on employees of cryptocurrency startups and exchanges, through to sophisticated social engineering, software exploits and even fake suppliers, to mass attacks via supply-chain software, the company says we will see an increase.

"We're also likely to see more incidents of NFT property theft, and given this is a new area, there is likely a shortage of specialist police investigators which therefore could result in an initial surge of these attacks," says Shabab.

Such threats will affect the global cryptocurrency markets and the share price of individual companies, which the attackers will monetise via stock market illegal insights trading.

A decrease in targeted ransomware attacks
While there was a clear correlation between the rise of COVID-19 and an increase in targeted ransomware attacks, the strong international cooperation and multiple ransomware task forces now in place is set to reduce the number of such attacks during 2022.

Kaspersky says these attacks will continue, but it anticipates they may resurface later and also with a greater focus on countries with poor cyber-investigative capabilities or those that are not allies of the US.

More data breaches by unidentified attackers
Fewer targeted ransomware attacks results in less openly exposed stolen data. Kaspersky, therefore, foresees a rise in stolen data being offered on black markets this year.

"According to our research, in over 75% of data breach incidences, the victims were neither able to identify the attackers nor find out how they were compromised," says Kaspersky ANZ general manager, Margrith Appleby.

"While this is a serious challenge facing cyber defenders, it's a motivational factor for cybercriminals to delve into the field of data theft and illegal trading. As a result, we believe there will be more databases, internal communications and personal details stolen from local companies and traded on the black market this year," she says.