Virtualization Technology News and Information
Article
RSS
WatchGuard Technologies 2022 Predictions: State-Sponsored Mobile Threats, Space-Related Hacks and More 2022 Cybersecurity Predictions

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

State-Sponsored Mobile Threats, Space-Related Hacks and More 2022 Cybersecurity Predictions

By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies

The past year has been a rollercoaster of cyber threats. From infrastructure ransomware attacks to the resurgence of Emotet malware, the cybersecurity industry has faced a variety of new and old challenges. Last year, the WatchGuard team made a variety of predictions including the rise of spear phishing campaigns driven by automation, a revolt over smart device privacy, attacks swarming VPNs and RDPs, and more - many of which came true. But as we put 2021 in the rearview mirror, it's time to make our annual cybersecurity predictions for 2022. This year, the team tried to infuse some humor into the predictions, so if you'd like to watch the "SNL Weekend Update" parody videos of these predictions, click through here. Now without further ado, let's dive into the predictions.

1.      State-Sponsored Mobile Threats Trickle Down to the Cybercrime Underworld

Mobile malware certainly exists - especially on the Android platform - but hasn't yet risen to the same scale of traditional desktop malware. In part, we believe this is due to mobile devices being designed with a secure mechanism (e.g., secure boot) from the start, making it much more difficult to create "zero-touch" threats that don't require victim interaction. However, serious remote vulnerabilities have existed against these devices, though harder to find.

Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to both the devices' capabilities and information contained in them. As a result, groups selling to state-sponsored organizations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices. Unfortunately, like in the case of Stuxnet, when these more sophisticated threats leak, criminal organizations learn from them and copy the attack techniques.

Next year, we believe we'll see an increase in sophisticated cybercriminal mobile attacks due to the state-sponsored mobile attacks that have started to come to light.

2.      News of Hackers Targeting Space Hits the Headlines

With renewed government and private focus on the "Space Race" and recent cybersecurity research concentration on satellite vulnerabilities, we believe a "hack in space" will hit the headlines in 2022.

Recently, satellite hacking has gained investigative attention from the cybersecurity community among researchers and at conferences like DEF CON. While satellites might seem out of reach from most threats, researchers have found they can communicate with them using about $300 worth of gear. Furthermore, older satellites may not have focused on modern security controls.

Meanwhile, many private companies have begun their space race, which will greatly increase the attack surface in orbit. Between those two trends, plus the value of orbital systems to nation states, economies, and society, we suspect governments have quietly started their cyber defense campaigns in space already. Don't be surprised if we see a space-related hack in the headlines soon.

3.      Spear SMSishing Hammers Messenger Platforms

Text-based phishing, known as SMSishing has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know. In parallel, the platforms we prefer for short text messages have evolved as well.

Users, especially professionals, have realized the insecurity of cleartext SMS messages thanks to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards like Signaling System 7 (SS7).

Where legitimate users go, malicious cybercriminals follow. As a result, we are starting to see an increase in reports of malicious spear SMSishing-like messages to messenger platforms like WhatsApp. We expect to see targeted phishing messages over many messaging platforms double in 2022.

4.      Password-Less Authentication Fails Long Term Without MFA

It's official. Windows has gone password-less! While we celebrate the move away from passwords alone for digital validation, we also believe the continued current focus of single-factor authentication for Windows logins simply repeats the mistakes from history. Windows 10 and 11 will now allow you to set up completely password-less authentication, using options like Hello (Microsoft's biometrics), a Fido hardware token, or an email with a one-time password (OTP).

The only strong solution to digital identify validation is multi-factor authentication (MFA). In our opinion, Microsoft (and others) could have truly solved this problem by making MFA mandatory and easy in Windows. You can still use Hello as one easy factor of authentication, but organizations should force users to pair it with another, like a push approval to your mobile phone that's sent over an encrypted channel. We predict that Windows password-less authentication will take off in 2022, but we expect hackers and researchers to find ways to bypass it.

5.      Companies Increase Cyber Insurance Despite Soaring Costs

Since the astronomical success of ransomware starting back in 2013, cyber security insurers have realized that payout costs to cover clients against these threats have increased dramatically. In fact, according to a report from S&P Global, cyber insurers' loss ratio increased for the third consecutive year in 2020 by 25 points, or more than 72%. This resulted in premiums for stand-alone cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD. As a result, they have greatly increased the cybersecurity requirements for customers. Not only has the price of insurance increased, but insurers now actively scan and audit the security of clients before providing cyber security-related coverage.

In 2022, if you don't have the proper protections in place, you may not get cyber insurance at the price you'd like, or at all. Like other regulations and compliance standards, this new insurer focus on security and auditing will drive a new focus by companies to improve defenses in 2022.

To read more about all WatchGuard's 2022 predictions (and watch some hilarious parody videos), click here.

##

ABOUT THE AUTHOR

Corey Nachreiner 

Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard's technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard's "Daily Security Byte" video on Facebook.

Published Monday, December 27, 2021 7:33 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2021>
SuMoTuWeThFrSa
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678