Cybersecurity predictions for 2022 point to hacks in space and new threats to mobile devices

WatchGuard Threat Lab does an exercise related to the top security headlines we could see in 2022, and explains how hackers could head into space, how threats to mobile devices will be exploited, what will happen to cyber insurance or the so-called Zero-Trust architecture.

The ‘malware’ for mobile phones, especially for those who use the Android operating system, has not reached the same magnitude as traditional ‘malware’ for desktop computers, partly thanks to mechanisms such as secure boot, which makes it difficult to create threats that do not require the interaction of the victim (‘zero touch’).

However, mobile devices represent a very attractive target for state cybersecurity teams, both for the capabilities of the devices and for the information they contain, as they have pointed out from WatchGuard.

Groups that sell to state-supported organizations are primarily responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices, such as the recent Pegasus mobile spy program.

It happens, as in the case of Stuxnet, that when these more sophisticated threats are filtered, criminal organizations learn from them and copy the attack techniques. For things like this, the cybersecurity company picks up on its predictions for the year 2022 an increase in sophisticated mobile attacks by cybercriminals.

He also believes that a ‘hack’ in space will be known next year, as a consequence of the growing interest of governments and the private sector in the space race and recent cybersecurity research on satellite vulnerabilities.

Although it may appear that satellites may be out of range for most threats, researchers have found that they can communicate with them using around $ 300 equipment. Also, older satellites may not have focused on modern security controls.

Meanwhile, many private companies have started their space race, which will greatly increase the attack surface in orbit, as is the case with the thousands of satellites launched by Starlink for its Internet service.

SMSISHING ON THE MESSNG PLATFORMS

The ‘phishing’ – impersonation of a trusted source – based on text messages, known as ‘SMSishing’, has increased steadily over the years. Like the social engineering of email, it began with unspoken decoy messages being sent as ‘spam’ to large groups of users, but has lately evolved into more personalized text that masquerades as messages from someone you know.

In parallel, short text message platforms have also evolved. Users, especially professionals, have noticed the insecurity of unencrypted SMS text messages, which has led to them moving their business text messages to alternative applications such as WhatsApp, Facebook Messenger and even Teams or Slack.

And wherever legitimate users go, cybercriminals follow. As a result, we are starting to see an increase in reports of malicious ‘spear SMSishing’ messages to messaging platforms like WhatsApp, and according to the predictions of the cybersecurity company, they will double in 2022.

A FUTURE WITHOUT PASSWORDS

The trend in digital validation leads to the elimination of passwords, as it already happens in Windows. However, for WatchGuard, today’s single-factor approach to operating system logins “just repeats the mistakes of the past.”

Windows 10 and 11 will allow you to configure a completely passwordless authentication, using options such as Hello (Microsoft’s biometrics), a Fido hardware token or an email with a one-time password (OTP).

In this context, the cybersecurity company believes that the only robust solution for digital identity validation is multi-factor authentication. “Microsoft (and others) could have really solved this problem by making MFA mandatory and easy on Windows. Hello can still be used as an authentication factor, but organizations should force users to match it to another, as an endorsement ‘ push ‘to your mobile phone that is sent through an encrypted channel. ”

They predict that Windows passwordless authentication will take off in 2022, but with the threat that hackers and researchers will find ways to circumvent it, proving “that we have not learned from the lessons of the past.”

CYBER INSURANCE AND ‘ZERO TRUST’ APPROACH

Cybersecurity insurers have realized that costs of paying to cover customers against the threat posed by ‘ransomware’ have increased. In fact, according to a report by S&P Global, the loss ratio of cyber insurers increased for the third consecutive year in 2020 by 25 points, that is, more than 72 percent. This caused premiums for standalone cyber insurance policies to rise 28.6 percent in 2020 to $ 1.62 billion.

As a result, cybersecurity requirements for customers have increased. Insurers now actively scan and audit customer security before offering cybersecurity-related coverage, an approach that will drive a new approach by businesses to improve defenses in 2022.

On the other hand, the information security architecture ‘Zero Trust’ (zero confidence) has gained popularity. It basically boils down to assuming that an attacker has already compromised one of the organization’s assets or users, and to designing the network and security protections in a way that limits their ability to move laterally to more critical systems.

WatchGuard notes that although this approach may seem new, is based on long-standing safety principles, like strong identity verification and the idea of ​​least privilege. But that by 2022, most organizations will finally enact some of the oldest security concepts across all of their networks, calling it ‘Zero Trust’.

By Editor

Leave a Reply