From deepfakes to crypto crime to in-flight drone-based data theft, cyber awareness in 2022 will look a bit different. Good cyber awareness means knowing these risks, even if some of them sound stranger than science fiction.

Cyber Awareness and Deepfake Crime

What if you got a phone call from a trusted friend or colleague to buy stocks or transfer millions of dollars? Would you do it? Well, if the call is from an AI-assisted deep-voice attack, you would be making a huge mistake.

Sound like something out of a spy thriller? Well, this type of deepfake attack actually happened in 2020. A Hong Kong bank manager was the victim of a highly advanced heist where he was directed to transfer $35 million to various bank accounts for a company acquisition.

The voice on the other end of the line sounded exactly like a business associate he knew. But it was a computer simulation talking instead.

The fraud included up to 17 attackers working together, using fake emails to verify the purchase. It’s highly likely that others are working on more of this type of deepfake phishing scheme.

Now, with the widespread use of video conferencing, one could imagine a case where live deepfake video fraud could occur. Governments are worried that politically-driven deepfake messages could sway public opinion or impact elections.

Non-Fungible Tokens and Crypto Security

If you’re online today, you’ve probably heard of NFTs. What do they have to do with corporate cyber awareness? Even though blockchain markets itself as being non-corruptible, people still seem to find ways to break into crypto wallets. In one recent attack, $600 million in Bitcoin was stolen. Strangely, the thieves decided to return half of the digital loot.

The explosion of non-fungible tokens (NFTs) has also raised concerns. In one case, Check Point Software found one of the biggest NFT marketplaces had significant security vulnerabilities.

By using malicious airdropped NFTs (disguised as free gifts), member crypto wallets could be accessed and emptied. In digital marketplaces that can move $3.4 billion per month’s worth of transactions, the crypto security risk is huge.

Nation States and Supply Chain Security

You may also want to turn your cyber awareness efforts toward attacks backed by nation-states. Back in 2012, it was said we are already in a state of cyber war. Now, while assaults on people and companies are serious enough, attacks on pipelines, electrical grids and critical supply chains could be ruinous. Perhaps one of the worst outcomes is a cyber attack on nuclear power infrastructure.

As supply chain attacks become more common, some predict that governments will implement regulations to better protect vulnerable networks. We may see greater teamwork between government officials and the private sector to find and combat cyber criminal groups that operate across regions and across the globe.

Signs of IoT Security Problems

As the world becomes more connected, the impact of cyber crime will likely become more visible in everyday life.

New technologies appear more and more in daily life with sensors, cameras and IoT devices embedded in homes, offices, factories and public spaces. There is a constant flow of data between the digital and physical worlds.

Cyber awareness needs to apply to these, too. After all, if a cyber attack affects this digital flow, our lives will be impacted. It could be a minor glitch in a home appliance, a hijacked car, an invasion of your privacy or even a threat to public safety.

Electric Grid Threat

The U.S. electric grid consists of power plants, electricity generators, transmission lines, distribution and infrastructure. All along this grid, risks exist that could open the door to cyber attacks. Entire regions or even statewide power outages could be the result.

This threat is worrisome since many grid owners and operators are small to medium-sized companies. And these smaller firms may not have robust defenses.

The insurance underwriter Lloyd’s developed a scenario for an attack on the Eastern Interconnection — one of the largest electrical grids in the continental United States. The hypothetical attack targeted power generators, leading to a blackout across 15 states and the District of Columbia. 93 million people would be without power. The attackers would only need to take 10% of the targeted generators offline for the attack to succeed.

Cyber Awareness for In-Flight Data Exfiltration

Cyber awareness might also involve looking to the sky. Back in 2019, NASA reported that someone stole files from its Jet Propulsion Laboratories using a mini computer called Raspberry Pi. This less than $50 tiny computer houses a processor, memory and graphics chip, all on a credit-card-sized board. In the NASA breach, the attacker used a Raspberry Pi connected to the system. This enabled access once they logged into the network.

Since it’s so small, Raspberry Pi can easily be mounted onto a drone. From there, threat actors could execute spoofing techniques to exploit unsecured networks and devices. The drone could fool remote access users into thinking they are on their network. In fact, the attackers diverted the connection through the drone’s onboard computer. This way, the attackers can access networks at a distance.

Attackers can also breach personal smart devices through Wi-Fi and Bluetooth connections. In one report, a research hacker drone obtained network names and GPS locations for about 150 mobile devices within an hour of flight time. From there, usernames and passwords could also be stolen.

Although the use of drones is more exotic, handheld devices could easily be equipped with similar hardware. Attackers could then hang out at coffee shops, libraries, museums or fast food restaurants and break into the smartphones of people using public Wi-Fi. After all, cyber awareness is about looking up and around for devices as much as it is about looking for computers.

More from Incident Response

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

People, Process and Technology: The Incident Response Trifecta

Let's say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic. Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…