In the dynamic world of cybersecurity, things change quickly and often—email security and phishing are no exceptions. Each 12-month period sees a range of new tactics, tools, and methods employed by threat actors trying to break into networks through phishing messages. This article runs through some of the top predictions for email security and phishing as 2022 unfolds.
Ransomware Attacks Through Business Communication Platforms
The Coronavirus (COVID-19) pandemic accelerated the adoption and growth of team collaboration tools. A 2021 Gartner survey found that 80 percent of employees were using tools such as Slack and Microsoft Teams to maintain productivity and quickly communicate about urgent work issues. These team collaboration platforms proved invaluable for remote and hybrid workforces over the last two years, and they are here to stay.
In 2022, expect to see a major ransomware attack that starts with threat actors conducting a phishing campaign through one of these collaboration platforms. Phishing is one of the most common ways to gain initial network access in ransomware attacks. With team collaboration tools becoming ingrained into the daily activities of most employees, adversaries look likely to try and catch people off guard through deceiving messages routed through these platforms.
In Slack, for example, malicious outsiders may send fake messages with links, malicious files, or requests for private information if they get access to the channel’s unique webhook URL. If a user clicks the wrong link or unknowingly opens a suspicious file, the damage is already done. After the ransomware hackers establish this foothold, they will attempt to move laterally and escalate privileges through a network until they can ultimately encrypt servers and workstations.
Using Deep Learning to Craft Convincing Phishing Messages
Security researchers stood up and took notice of the power of deep learning in 2021 when tests showed that artificial intelligence could write better phishing emails than humans.
Spear phishing is a more targeted type of phishing focused on a particular individual or group within an organization. While generic phishing messages are easier to detect, the highly targeted nature of spear phishing makes it harder to avoid being duped. These emails typically reference specific names and their roles within the organization in addition to impersonating high-level company executives or trusted vendor partners.
The experiments involved security researchers sending phishing messages to 200 colleagues. The messages were crafted by both humans and deep learning models. Results showed that messages written using GPT-3 were more effective than humans at persuading recipients to click the links contained in them.
Deep learning is a field of AI that uses neural networks to extract high-level features from data. Threat actors will be able to use deep learning platforms to pull in personal information from social media and other sources and generate even more highly personalized spear-phishing emails.
The Emergence of Deepfakes in Phishing
Deepfakes are synthetic video or audio files generated using deep learning algorithms. Most people recognize the rather harmless use of deepfakes to create amusing videos, often by replacing one person’s face with another in an existing clip. There are far more nefarious uses of this technology, though.
One likely possibility in 2022 is the emergence of deep phishing. Threat actors will create audio or video impersonating a CEO, owner, or other high-level company employee to get people to disclose confidential information or take another desired action that could lead to extortion, account takeover, or data breach.
The likelihood of being duped by a voicemail message that sounds exactly like a company leader is very high. The same rings true for videos. Since CEOs and owners often have a strong public presence, threat actors have a lot of training data to work with. Webinar video appearances, podcasts, and other media can be used as inputs to help the deep learning algorithm more accurately generate videos or audio impersonating someone.
Supply Chain Phishing
Several recent cyber attacks highlight how adversaries seek to exploit weak links in supply chains to compromise lucrative targets. Phishing campaigns will increasingly target third-parties including partners, vendors, and suppliers in 2022. By taking over an account at one of these supply chain weak points, threat actors can then start to leverage the trusted relationships with these third parties to send malicious emails to other target-rich organizations.
The partner or supplier’s domain will often be trusted by default at the target company, which makes it much harder for a secure email gateway to flag or detect a spoofed email address or phishing emails. Supply chain phishing is a possibility even without third party account compromise. Merely spoofing a partner may be enough to fool someone and get network access or additional intel like a bank account number or other personal information that can be used in a spear phishing attack.
Ransomware Gangs Evolving
The link between phishing and ransomware is so strong that it’s important to try and predict how these attacks will unfold over the coming months. The emergence of BlackCat in late 2021 served as the first warning sign of what to expect.
Ransomware has always preyed on extortion—in its earliest form, ransomware extortion tactics focused on using the fear of encrypted servers, files, and workstations to get victims to pay up. Double extortion added the threat of data exfiltration to the mix over the last 24 months.
In 2022, expect ransomware gangs to add another layer to their extortion tactics. To further pressure victims to make payments, triple extortion adds the threat of a DDoS attack on victims’ network infrastructures. In a world where downtime is incredibly costly, many organizations will ponder paying up to avoid this outcome.
Another evolution to expect is ransomware hackers increasingly shifting towards other cryptocurrencies to receive ransom payments. Bitcoin is not untraceable, and law enforcement employs various analytical techniques to map Bitcoin addresses to IP addresses. Considering the mainstream nature of Bitcoin and its privacy vulnerabilities, expect to see more ransomware actors demanding payments via coins with strong privacy features, such as Monero and Zcash.
More to Come…
That wraps up the first part of this two-part series on email and phishing predictions for 2022. If there’s one takeaway here, it’s that phishing will evolve to become an even more sophisticated threat this year. Relying on security-aware employees alone won’t be enough. Businesses will need an advanced email security solution as part of their security strategy to help combat modern phishing threats.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.
February 16, 2022