Page 27 - GS220101
P. 27
CoverStory
adding that it's no longer, how can I get this or send security Blueprint," cited the following near-term threats:
keys to all my users or get them to download something?
"The answer to all of those questions is, they already have • Automation: Credential stuffing, password spraying
it; it's just there in the devices and platforms," Shikiar said. and brute force attacks will continue, many initiated
"We're seeing widespread adoption of FIDO authentication by bots mimicking humans.
because it's supported so broadly in consumer devices. If
I'm a web developer, it's quite easy for me to incorporate • Account takeover: ATO attacks will increase, largely
FIDO authentication into a website or web service instead driven by readily available troves of stolen data on
of a password." the Dark Web and criminal enterprises.
Verification • Crypto attacks: Cryptocurrency platforms may be
exposed to malware that infects the platforms and
Michael Magrath, vice president, global regulations and enables unauthorized access and theft of digital cur-
standards at OneSpan, expects digital identity verification rencies.
and app shielding to play a broader role in omnichannel
commerce in 2022 and beyond. Magrath also co-chairs the • Phishing: Phishing attacks have become more re-
FIDO Alliance's government deployment working group fined in recent years, and scammers will continue
and serves on the board of directors at the Electronic to improve tactics by making phishing emails more
Signature and Records Association. personalized and specific.
"Digital identity verification is a reality, and leading • Targeted attacks: Attackers have studied prevalent
financial institutions are already using it to remotely fraud defenses and will use this knowledge to ma-
neuver their resources and extract maximum returns.
confirm a person's identity," Magrath said. "These solutions
compare government issued IDs with information you've • Ransomware: This preferred tool for targeted attacks
provided on a document and take a selfie picture to will affect the payment ecosystem globally and likely
match the picture with your ID and make certain that involve higher monetary demands in 2022.
you're a living person." Magrath further noted that a good
digital identity process happens very quickly, usually in • Cyber activism: Protesters target businesses to dis-
under a minute, allowing end users and vendors to start rupt websites or exploit loopholes in business net-
relationships in a trusted environment. While end-users works. They can use these protests as a means to
interact with apps, service providers do a bunch of things drop malware or ransomware to steal sensitive infor-
behind the scenes, he added, such as obtaining information mation or extort money.
about the device, getting SIM card, geolocation and related
data, and shielding individual apps. • IoT-driven attacks: Devices connected to the Internet
of Things are vulnerable to cyberattacks, especially
"App shielding is the second component of protection that when consumers fail to change their default pass-
prevents attackers from accessing mobile apps," Magrath words.
said. "If attackers get onto your phone in some way, they
can't compromise your mobile banking, because the • Supply chain attacks: Supply chain disruptions pro-
banking application has been shielded." vide opportunities for fraudsters to exploit vulner-
abilities, harvest sensitive data or infect systems with
Intelligent solutions malware.
Kevin Gosschalk, CEO and founder at Arkose Labs, stated • Account security: Attackers will continue to exploit
technology has changed the game for both fraudsters and external and internal loopholes in business networks
the businesses trying to stop them. The same advanced and web authentication methods.
technologies that help organizations detect and prevent
fraud are being weaponized by criminals, he explained, "In 2022, businesses must remain aware of the shifting
which is why we need Intelligence, not just tools, to risks they face and take appropriate measures to protect
bankrupt the business model of fraud. themselves and their consumers," Pandey wrote, urging
stakeholders to think in terms of deterrence, not just
"Proxy IPs are readily available, and enterprise plans mitigation.
allow fraudsters to buy hundreds of thousands for an
economical price," Gosschalk said. "They can buy SaaS Part 2 of this series will explore two other pillars of digital
software to load combo lists and launch attacks at scale commerce: agility and transparency.
with ease." Vanita Pandey, chief marketing officer at
Arkose Labs, agreed, stating security analysts around the Dale S. Laszig, senior staff writer at The Green Sheet and managing
world expect digital account openings and online activity
to increase exponentially in 2022, adding fuel to attacks director at DSL Direct LLC, is a payments industry journalist and content
across digital touchpoints. Pandey's Dec. 20, 2021, blog strategist. Connect via email dale@dsldirectllc.com, LinkedIn www.
post, "Top 10 Fraud Trends in 2022 and Your Cybersecurity linkedin.com/in/dalelaszig/ and Twitter @DSLdirect.
27
