WatchGuard Threat Lab makes an exercise related to the main security holders that we could see in 2022, and explains how hackers could go to space, how threats will be exploited to mobile devices, what will happen with cybersegides or architecture named Zero-Trust .
The 'malware' for mobile phones, especially for those who use the Android operating system, has not reached the same magnitude as the traditional 'malware' for desktop computers, in part thanks to mechanisms such as safe start, which makes it difficult Creation of threats that do not require the interaction of the victim ('Zero Touch').
However, mobile devices represent a very attractive goal for the cybersecurity teams of the states, both by the capabilities of the devices and by the information they contain, as indicated from WatchGuard.
The groups that sell to organizations supported by States are the main responsible for the financing of a large part of the sophisticated threats and vulnerabilities aimed at mobile devices, such as the recent Pegasus mobile spy program.
It happens, as in the case of Stuxnet, which when these more sophisticated threats are filtered, criminal organizations learn from them and copy attack techniques. For things like this, the cybersecurity company collects in its predictions for the year 2022 an increase in sophisticated mobile attacks by cybercriminals.
It also believes that a 'hack' in space will also be known next year, as a consequence of the growing interest of the Governments and the private sector in the spacecraft and the recent research on cybersecurity in the vulnerabilities of the satellites.
Although it may seem that satellites may be out of reach most threats, researchers have discovered that they can communicate with them using a team of about $ 300. In addition, it is possible that the oldest satellites have not focused on modern security controls.
Meanwhile, many private companies have started their space career, which will greatly increase the area of attack in orbit, as it already occurs with thousands of satellites launched by StarLink for their Internet service.
The 'phishing' - suplating a source of confidence - based on text messages, known as 'smsishing', has increased steadily over the years. Like the email's social engineering, it began with unrated lure messages that were sent as 'spam' to large user groups, but lately it has evolved towards more personalized texts that are passed by message from someone known.
At the same time, the platforms of short messages of text have also evolved. Users, especially professionals, have realized the insecurity of uncovered SMS text messages, which has led to transfer their business text messages to alternative applications such as WhatsApp, Facebook Messenger and even Teams or Slack.
And where the legitimate users go, the cybercriminals follow them. As a result, we are beginning to see an increase in reports of malicious message type 'Spear Smsishing' to messaging platforms such as whatsapp, and according to the predictions of the cybersecurity company, they will double by 2022.
The trend in digital validation leads to the elimination of passwords, as it already occurs in Windows. However, for WatchGuard the current approach based on a single factor for the session beginnings of the operating system "simply repeats the errors of the past".
Windows 10 and 11 will allow you to configure a completely without password authentication, using options such as HELLO (Microsoft Biometry), a Hardware Token FIDO or an email with a single-use password (OTP).
In this context, the cybersecurity company believes that the only robust solution for the validation of digital identity is multifactor authentication. "Microsoft (and others) may have really resolved this problem by making MFA mandatory and easy in Windows. You can continue using Hello as an authentication factor, but organizations should force users to match it with another, as an approval ' Push 'to your mobile phone that is sent through an encrypted channel. "
They predict that Windows-without password authentication will take off by 2022, but with the threat of the 'hackers' and researchers find ways to avoid it, what would show "that we have not learned from past lessons".
Cybersecurity insurers have realized that the costs of payment to cover customers against the threat posed by the 'ransomware' have increased. In fact, according to an S & P Global Report, the loss ratio of the cyberaders increased by the third consecutive year by 2020 at 25 points, that is, more than 72 percent. This caused independent cybersegure policies premiums to increase 28.6 percent by 2020, reach 1,620 million dollars.
As a result, the cybersecurity requirements for customers have increased. Insurers now scan and actively audit customer safety before offering a coverage related to cybersecurity, an approach that will promote a new approach by companies to improve defenses in 2022.
On the other hand, the information security architecture 'Zero Trust' (confidence zero) has gained popularity. It is basically reduced to assume that an attacker has already put in danger one of the assets or users of the organization, and to design the network and security protections so that it is limited its ability to move laterally towards more critical systems.
WatchGuard points out that although this approach seems new, it is based on existing security principles, such as the verification of solid identities and the idea of the minimum privilege. But that by 2022, most organizations will finally promulgate some of the oldest security concepts in all their networks, and they will call it 'Zero Trust'.
Date Of Update: 14 December 2021, 11:34
