WatchGuard Threat Lab does an exercise related to the top security headlines we could see in 2022, and explains how hackers could head into space, how threats to mobile devices will be exploited, what will happen to cyber insurance or the architecture called Zero-Trust .
Mobile phone 'malware', especially for those using the Android operating system, has not reached the same magnitude as traditional desktop 'malware', partly thanks to mechanisms such as secure boot, which make it difficult to boot. creation of threats that do not require the interaction of the victim ('zero touch').
However, mobile devices represent a very attractive target for state cybersecurity teams , both due to the capabilities of the devices and the information they contain, as WatchGuard have pointed out.
A new feature to hide "Last Scenes"
Groups that sell to state-supported organizations are primarily responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices, such as the recent Pegasus mobile spy program.
It happens, as in the case of Stuxnet, that when these more sophisticated threats are filtered, criminal organizations learn from them and copy the attack techniques. For things like this, the cybersecurity company includes in its predictions for the year 2022 an increase in sophisticated mobile attacks by cybercriminals.
He also believes that a 'hack' in space will be known next year , as a result of growing interest from governments and the private sector in the space race and recent cybersecurity research on satellite vulnerabilities.
Although it may appear that satellites may be out of range for most threats, researchers have found that they can communicate with them using around $ 300 equipment. Also, older satellites may not have focused on modern security controls.
Meanwhile, many private companies have started their space race, which will greatly increase the attack surface in orbit , as already happens with the thousands of satellites launched by Starlink for its Internet service.
SMSISHING ON THE MESSAGING PLATFORMS
Text message-based 'phishing' - spoofing a trusted source - known as 'SMSishing' has steadily increased over the years . Like the social engineering of email, it started with unsolicited decoy messages being sent as 'spam' to large groups of users, but lately it has evolved into more personalized text that masquerades as messages from someone you know.
In parallel, short text message platforms have also evolved. Users, especially professionals, have realized the insecurity of unencrypted SMS text messages, which has led to them moving their business text messages to alternative applications such as WhatsApp, Facebook Messenger and even Teams or Slack.
And wherever legitimate users go, cybercriminals follow. As a result, we are starting to see an increase in reports of malicious 'spear SMSishing' messages to messaging platforms such as WhatsApp , and according to the cybersecurity company's predictions, they will double in 2022.
A FUTURE WITHOUT PASSWORDS
The trend in digital validation leads to the elimination of passwords, as is already the case in Windows. However, for WatchGuard, today's single-factor approach to operating system logins "just repeats the mistakes of the past."
A bug in software makes prominent services from Apple to Amazon vulnerable
Windows 10 and 11 will allow you to configure a completely passwordless authentication, using options such as Hello (Microsoft's biometrics), a Fido hardware token or an email with a one-time password (OTP).
In this context, the cybersecurity company believes that the only robust solution for digital identity validation is multi-factor authentication. "Microsoft (and others) could have really solved this problem by making MFA mandatory and easy on Windows. Hello can still be used as an authentication factor, but organizations should force users to match it to another, as an endorsement ' push 'to your mobile phone that is sent through an encrypted channel. "
They predict that Windows passwordless authentication will take off in 2022, but with the threat that hackers and researchers will find ways to circumvent it, proving "that we have not learned from the lessons of the past."
CYBER INSURANCE AND 'ZERO TRUST' APPROACH
Cybersecurity insurers have found that the costs of paying to cover customers against the threat posed by 'ransomware' have increased. In fact, according to a report by S&P Global, the loss ratio of cyberinsurers increased for the third consecutive year in 2020 by 25 points, that is, more than 72 percent. This caused premiums for standalone cyber insurance policies to rise 28.6 percent in 2020 to $ 1.62 billion.
 |
| Facebook Launches First 3D 'Virtual Reality Social Media App' |
As a result, cybersecurity requirements for customers have increased. Insurers now actively scan and audit customer security before offering cybersecurity-related coverage, an approach that will drive a new approach by companies to improve defenses in 2022.
Moreover, the security architecture of information 'Zero Trust' (zero confidence) has gained popularity. It basically boils down to assuming that an attacker has already compromised one of the organization's assets or users, and designing the network and security protections in a way that limits their ability to move laterally to more critical systems.
WatchGuard notes that although this approach may sound new, it is based on long-standing security principles such as strong identity verification and the idea of least privilege. But that by 2022, most organizations will finally enact some of the oldest security concepts across their networks, calling it 'Zero Trust'.
Do You Know What We Have Posted on
0 Comments