By Raj Samani, McAfee Fellow, Chief Scientist at McAfee Enterprise.

2020 was the year that threw the world into chaos. And quite frankly, 2021 wasn’t much better – at least from a cybersecurity perspective. With our research telling us that during the pandemic, 81% of global organisations experienced increased cyber threats. When it came to threats specific to the financial services sector, our Covid-19 dashboard found that the industry suffered 6.4% of all pandemic related attacks – a number currently totalling more than 16 million malicious detections.

While the threat landscape is dynamic and ever-changing by its very nature, the evolution we’ve witnessed over the past 18 months has been dramatic and unexpected. One of the most significant factors in the disruption for the financial services sector was the rapid shift to remote working and consumer reliance on tools such as online and mobile banking. This shift brought with it the adoption of a whole host of new technologies as companies scrambled to move their processes online for both their workforce and customers. As a result, cybercriminals have taken full advantage of the additional attack vectors these new technologies have provided.

The current landscape

At this point, there are no surprises when it comes to the increasingly sophisticated nature of the attacks we’ve seen. Cybercriminals are learning at an astronomical rate, but luckily, it’s not all doom and gloom. The organisations which acknowledge the threat and subsequently implement the relevant technology, services, and training are much more likely to stay safe.

Luckily, many businesses are aware of this, with our research finding that 31% of UK organisations are planning to invest more than $1 million into security strategies next year. With businesses prioritising the likes of Cloud Security (59%), Endpoint security (50%), Advanced threat protection (38%) and the Security Operations Centre (37%).

The main thing for organisations to consider as we enter the new year, however, is the transition from a reactive to a proactive approach to cybersecurity. Unsurprisingly, pre-empting the threats organisations might expect to be exposed to plays a huge part in this. From threats on social media to nation-state actors, we’ve pulled together our predictions for the top cybersecurity threats of 2022 to help organisations stay safe into the New Year.

Social media will continue to pose a significant threat

We love our social media. From catching up with our friends to even managing our finances. Our appetite for being online and sharing our lives continues to grow.

Unfortunately, however, cybercriminals know this. And as a result, we’ve seen threat actors targeting the C-Suite with promises of job offers. It’s one of the most efficient methods to bypass traditional security controls and directly communicate with targets at companies that are of interest to threat groups. Equally, groups have used direct messages to take control over influencer accounts to promote messaging of their own.

While this approach is laborious, demanding a level of research to “hook” the target into interactions and establishing fake profiles, it has proven to be a very successful channel for cyber criminals. We predict the use of this vector could grow not only through espionage groups but other threat actors looking to infiltrate organisations for their own criminal gain.

To overcome this, businesses must educate their workforce on best practice such as reporting any suspicious activity, questioning whether a link is dodgy or thinking before accepting a stranger’s invitation to connect on LinkedIn. By building vital cybersecurity hygiene into all of their processes, FS organisations will be better placed to deal with these types of attacks in 2022.

Keep A Close Eye on APIs

The adoption of 5G across the financial services sector and the increase in IoT traffic between API services and apps will make APIs an increasingly lucrative target in 2022. Threat actors pay attention to enterprise statistics and trends, identifying services and applications offering increased risk potential. Cloud applications, irrespective of their flavour (SaaS, PaaS, or IaaS), have transformed how APIs are designed, consumed, and leveraged by software developers, be it a B2B scenario or B2C scenario.

The reach and popularity of some of these cloud applications, as well as the treasure trove of business-critical data and capabilities that typically lie behind these APIs, make them a lucrative target for threat actors. This is especially true for the financial services industry, given the use of APIs to enable key services. The connected nature of APIs also introduces potential risks to businesses as they become an entry vector for wider supply chain attacks.

In 2022, we predict the following risks will continue to evolve throughout the year:

• Misconfiguration of APIs
• Exploitation of modern authentication mechanisms
• Evolution of traditional malware attacks to use more of the cloud APIs
• Potential misuse of the APIs to launch attacks on enterprise data
• The usage of APIs for software-defined infrastructure also means potential misuse.

For developers, developing an effective threat model for their APIs and having a Zero Trust access control mechanism should be a priority alongside effective security logging and telemetry for better incident response and detection of malicious misuse. By taking this approach, financial services organisations can maintain control over access to the network and all instances within it, whether it’s applications, the wider network or even the data, and restrict them if necessary.

The roles are reversing 

Over the last few years, ransomware attacks have dominated the headlines as one of the most impactful cyber threats. Unfortunately, the Ransomware-as-a-Service (RaaS) model opened the career path to criminals with lesser-skills, leading to more breaches and higher criminal profits.

RaaS admins and developers were prioritised for a long time as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.

In response to the Colonial Pipeline attack, the popular cybercrime forums have banned ransomware actors from advertising. Now, the RaaS groups no longer have a third-party platform to actively recruit, show their seniority, offer escrow, have their binaries tested by moderators, or settle disputes. The lack of visibility has made it harder for RaaS groups to establish or maintain credibility. It will also make it harder for RaaS developers to retain their current top-tier position underground.

Therefore, in 2022, we should expect more self-reliant cybercrime groups to rise and shift the balance of power within the RaaS eco-climate from those who control the ransomware to those who control the victim’s networks. This is an example of how the threat landscape continues to evolve at lightning speed. Although it may not impact the financial services sector straight away, businesses should monitor and assess these types of changes to ensure they’re able to predict and protect themselves from attacks in the future.

Threat intelligence technology will also allow organisations to learn from previous breaches to help prioritise threats, predict the types of campaigns that will be launched against them, and pre-emptively improve their defensive countermeasures. There is also industry-specific intelligence available to help organisations understand and improve threat posture against targeted attacks or sector-based campaigns. By making the most out of these types of technologies, businesses can rest assured that they’re always aware of the types of attacks that will impact them the most and improve defences accordingly.

Looking to the new year

In 2021, we’ve seen cybercriminals get more intelligent and quicker at changing their tactics – and we don’t anticipate that changing in 2022. However, with the evolving threat landscape and the continued impact of the global pandemic, the financial services sector must stay aware of the cybersecurity trends to be proactive and actionable in protecting their organisation and their customers.