6 cybersecurity predictions for 2022 – from Norton Labs

If you’re ready for a sedate year in cybersecurity news, you won’t find it in 2022. Here’s a snapshot of some of the cybersecurity trends we expect to see in the new year. 

• Cyber activism will gain momentum.  
• Scammers will target people suffering through natural disasters.  
• Online tracking will continue its slow demise.  
• Crypto scams will increase as more users buy in.  

The next 12 months promise to be busy ones in the world of cybersecurity. Here are our six predictions for what will be the most important cyber trends of 2022.  

Prediction #1: Democratization of cryptocurrencies leads to “Oh no” moments for consumers 

Many companies enable the buying and selling of cryptocurrencies. Now that some of these companies, like Coinbase and Robinhood, are regulated and listed on the NASDAQ, trust and transparency in those companies is rising and the barrier to entry to use cryptocurrencies is getting lower. 

This will likely lead to more casual investors who do not fully understand the nuances of how cryptocurrencies work. Scammers have been using those misunderstandings to separate people from their coins, and with this new set of new users, we expect a big increase in the number of scams out there. They will likely look like some of the old scams [1], but also, we expect to see new and creative attempts to target this new, larger set of potential victims. 

Robinhood recently [2] disclosed a security breach affecting 7 million customers (about 1/3 of all their customers). Though the company reported that no financial information was stolen, the stolen data (including email addresses and customer names) can help cybercriminals carry out subsequent attacks. It’s a reminder of the significant target cryptocurrency trading platforms represent. 

Prediction #2: Consumer online tracking will take a turn  

Tracking users’ online behavior has fueled the internet economy for years, through targeted advertisement and personalization services. This has been met with mixed feelings by users — some enjoy targeted content, and some don’t — but it has also triggered numerous privacy-related concerns, among consumers, technologists, and legislators.  

Consumers generally don't mind some cookies, at least those known as first-party cookies. These cookies are limited to a site you are visiting. If you are visiting an online clothing store that you log onto often, a cookie might remember your log-in information so that you don’t have to retype it at the site.   

Third-party cookies, though, are more troublesome for consumers. These cookies are known as tracking cookies because they follow you as you move around the web. For instance, these can be the ones that send targeted ads to the sites that you visit. Their goal is to persuade you to return to sites you've visited in the past or buy products that you've recently shown interest in. 

As a result, some consumers feel as if tracking cookies are an example of companies spying on them. Big tech companies are noticing this and are reacting. Recent developments in the space, such as Google's announcement of FLoC [4] and the increased popularity of server-side tracking/tagging, indicate that the online tracking landscape is evolving. Some governments, too, have passed legislation to create civil and criminal penalties for companies that don't inform consumers that their websites use cookies.  

During research conducted by Norton Labs [5] for the purposes of Norton AntiTrack [6], we were able to observe this fast-moving ecosystem of trackers, whose current coverage of the internet and users’ behavior is staggering. [4] 

We expect that in 2022 and beyond, the developments around online tracking will continue both on the technical and legislative front. In the meantime, privacy-minded consumers may seek peace of mind by relying on Norton AntiTrack to keep them protected. 

Prediction #3: Your digital identity will grow. Hello, eID? 

Working from home? Talking with your doctor through Zoom? Ordering your groceries and take-out orders from your laptop screen? You’re not alone. The Covid-19 pandemic has forced the entire planet to work, communicate, take care of their health, and perform a variety of transactions remotely and online. 

You might have already had to use your cell phone to take a picture of your driver’s license and then send that image through email or text to verify your identity, open a bank account, or apply for a job. As the pandemic continues, a wider deployment of digital vaccination passports is expected.   

There is now a greater need for a secure, unforgeable, privacy protecting set of credentials that can be issued, transmitted, and verified with confidence and ease. Recent developments in computing such as blockchain technology, modern cryptography, and advances in secure hardware provide a solid foundation for the development of the next generation of identity standards.  

At the same time, governments across the globe are pushing for progress to be made on developing electronic identification — or eID — that citizens can use to quickly and easily prove their identities. We expect rapid progress in the world of digital identities in 2022 and beyond.  

The European Union has already published a proposal for an eID implementation for all EU Member states. The European Commission originally set a goal that by 2030 a total of 80 percent of the citizens of the European Union countries should be using an electronic identification solution, but that timeline is being revised. 

One thing is for certain: Life will become more digitized. 

Prediction #4: Expect more protest, vigilantism, and terrorism 

The primary goal of cybercriminals is to make money; they might carry out phishing campaigns to steal your login credentials or tech support scams to separate people from their money. 

But the motivation of hacking isn’t always so straightforward. Sometimes it bends toward using cyber intrusion as a form of protest. Hacker activists, or hacktivists, apply their craft to achieve political outcomes. They do this by disrupting governments, spreading fear, or bringing some information to light.  

Hacktivism and cyber terrorism were alive and well in 2021, revealing information governments would have preferred to keep secret. We expect to see these attacks continue, if not increase, given their reach and potential influence.  

Within Iran, a group identifying itself as Edalat-e Ali has detailed alleged abuses in releases of videos and secret government documents. In August of 2021 the group released videos of alleged abuses within Iran’s Evin prison [6] — which the Iranian government has since apologized for. The group’s continued efforts include the release of documents further detailing alleged abuses [7]. 

The Belarusian Cyber Partisans embarked on an unprecedented attack of the Lukashenko government [8], penetrating deep into government systems and disclosing troves in potentially damning information. The disclosures allege extensive misconduct throughout the government and are purportedly backed-up by emails and recordings.  

The reach of successful hacktivism efforts creates a powerful motivator for groups to continue their efforts. We predict hacktivism and cyber terrorism to continue through 2022 with potentially profound implications.  

Prediction #5: Disasters will be a disaster for your wallet when scammers follow the money 

Disasters have always been big business for scammers. We don’t expect that to change in 2022, but we do expect more disasters and more money to be moving around. 

We’ve already seen that scammers never let a good crisis go to waste, with scammers swinging into action after devastating storms, fires, and throughout the COVID-19 pandemic. Whenever there is money flowing from insurance companies or the government to the victims of natural disasters, there is someone who will try to exploit that situation, either by committing fraud with stolen identities or scamming people directly. 

If the trend continues, and there are more and more natural disasters and extreme weather events, we expect to see more scammers ready to cash in. 

Prediction #6: Artificial intelligence and machine learning will make life easier for everyone, including criminals 

Artificial intelligence and advanced machine learning are becoming more accessible to more people. Access to easy-to-use tools makes it simpler to do many things, including manipulate some forms of media and extract value from large datasets. 

Deepfakes: Deepfake videos generated lots of buzz in 2018 when Jordan Peele was putting words in Barack Obama’s mouth, and this year people on TikTok were treated to several very convincing videos of a young Tom Cruise. While creating truly realistic videos is still difficult, it’s getting easier and more approachable each year. And this is also true for image and audio deepfakes.  

As deepfake technology gets better and easier to use, it will become a useful tool for criminals, scammers, stalkers, and activists. And this means — even though we’re not there yet — that it might one day become more difficult to believe your own eyes and ears.   

In the meantime, we will start to see more uses of this technology in situations where errors or low quality are acceptable and can explain away some of the current limitations. So, the next time you are chatting to a new romantic partner who is stuck on a remote oil rig and has a bad glitchy connection, you might want to think twice. 

Personalized attacks powered by large datasets: With all the data that is now available from various breaches and scrapes, criminals could profile people to identify who is more likely to fall for certain types of attacks or scams, the techniques that will be most effective based on their experience with similar people, and craft messages that will be targeted directly at them based on services they are known to use.   

Going back to Prediction #1, a criminal might ask who is most likely to fall for some fancy new crypto scam they dreamed up. They could merge the latest Robinhood email leak with their LinkedIn scrape to find people who fit a certain profile, then cross-reference that with anyone who has clicked on one of their phishing emails before and find similar profiles. Bam! — they’ve got a list of candidates to start targeting and crafting personalized phishing emails based on all this data.  

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.

[1]https://us.norton.com/internetsecurity-how-to-cryptocurrency-scams.html 

[2] https://blog.robinhood.com/news/2021/11/8/data-security-incident  

[3] https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/  

[4] https://www.nortonlifelock.com/blogs/norton-labs/online-trackers  

[5] https://www.nortonlifelock.com/blogs/norton-labs/norton-antitrack 

[6] https://www.aljazeera.com/news/2021/8/24/iran-confirms-leaked-footage-of-harsh-conditions-in-evin-prison 

[7] https://www.rferl.org/a/iran-hacktivists-prison-abuses/31564796.html 

[8] https://www.technologyreview.com/2021/08/26/1033205/belarus-cyber-partisans-lukashenko-hack-opposition/