From deepfakes to crypto crime to in-flight drone-based data theft, cyber awareness in 2022 will look a bit different. Good cyber awareness means knowing these risks, even if some of them sound stranger than science fiction.

Cyber Awareness and Deepfake Crime

What if you got a phone call from a trusted friend or colleague to buy stocks or transfer millions of dollars? Would you do it? Well, if the call is from an AI-assisted deep-voice attack, you would be making a huge mistake.

Sound like something out of a spy thriller? Well, this type of deepfake attack actually happened in 2020. A Hong Kong bank manager was the victim of a highly advanced heist where he was directed to transfer $35 million to various bank accounts for a company acquisition.

The voice on the other end of the line sounded exactly like a business associate he knew. But it was a computer simulation talking instead.

The fraud included up to 17 attackers working together, using fake emails to verify the purchase. It’s highly likely that others are working on more of this type of deepfake phishing scheme.

Now, with the widespread use of video conferencing, one could imagine a case where live deepfake video fraud could occur. Governments are worried that politically-driven deepfake messages could sway public opinion or impact elections.

Non-Fungible Tokens and Crypto Security

If you’re online today, you’ve probably heard of NFTs. What do they have to do with corporate cyber awareness? Even though blockchain markets itself as being non-corruptible, people still seem to find ways to break into crypto wallets. In one recent attack, $600 million in Bitcoin was stolen. Strangely, the thieves decided to return half of the digital loot.

The explosion of non-fungible tokens (NFTs) has also raised concerns. In one case, Check Point Software found one of the biggest NFT marketplaces had significant security vulnerabilities.

By using malicious airdropped NFTs (disguised as free gifts), member crypto wallets could be accessed and emptied. In digital marketplaces that can move $3.4 billion per month’s worth of transactions, the crypto security risk is huge.

Nation States and Supply Chain Security

You may also want to turn your cyber awareness efforts toward attacks backed by nation-states. Back in 2012, it was said we are already in a state of cyber war. Now, while assaults on people and companies are serious enough, attacks on pipelines, electrical grids and critical supply chains could be ruinous. Perhaps one of the worst outcomes is a cyber attack on nuclear power infrastructure.

As supply chain attacks become more common, some predict that governments will implement regulations to better protect vulnerable networks. We may see greater teamwork between government officials and the private sector to find and combat cyber criminal groups that operate across regions and across the globe.

Signs of IoT Security Problems

As the world becomes more connected, the impact of cyber crime will likely become more visible in everyday life.

New technologies appear more and more in daily life with sensors, cameras and IoT devices embedded in homes, offices, factories and public spaces. There is a constant flow of data between the digital and physical worlds.

Cyber awareness needs to apply to these, too. After all, if a cyber attack affects this digital flow, our lives will be impacted. It could be a minor glitch in a home appliance, a hijacked car, an invasion of your privacy or even a threat to public safety.

Electric Grid Threat

The U.S. electric grid consists of power plants, electricity generators, transmission lines, distribution and infrastructure. All along this grid, risks exist that could open the door to cyber attacks. Entire regions or even statewide power outages could be the result.

This threat is worrisome since many grid owners and operators are small to medium-sized companies. And these smaller firms may not have robust defenses.

The insurance underwriter Lloyd’s developed a scenario for an attack on the Eastern Interconnection — one of the largest electrical grids in the continental United States. The hypothetical attack targeted power generators, leading to a blackout across 15 states and the District of Columbia. 93 million people would be without power. The attackers would only need to take 10% of the targeted generators offline for the attack to succeed.

Cyber Awareness for In-Flight Data Exfiltration

Cyber awareness might also involve looking to the sky. Back in 2019, NASA reported that someone stole files from its Jet Propulsion Laboratories using a mini computer called Raspberry Pi. This less than $50 tiny computer houses a processor, memory and graphics chip, all on a credit-card-sized board. In the NASA breach, the attacker used a Raspberry Pi connected to the system. This enabled access once they logged into the network.

Since it’s so small, Raspberry Pi can easily be mounted onto a drone. From there, threat actors could execute spoofing techniques to exploit unsecured networks and devices. The drone could fool remote access users into thinking they are on their network. In fact, the attackers diverted the connection through the drone’s onboard computer. This way, the attackers can access networks at a distance.

Attackers can also breach personal smart devices through Wi-Fi and Bluetooth connections. In one report, a research hacker drone obtained network names and GPS locations for about 150 mobile devices within an hour of flight time. From there, usernames and passwords could also be stolen.

Although the use of drones is more exotic, handheld devices could easily be equipped with similar hardware. Attackers could then hang out at coffee shops, libraries, museums or fast food restaurants and break into the smartphones of people using public Wi-Fi. After all, cyber awareness is about looking up and around for devices as much as it is about looking for computers.

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today