WatchGuard’s 2022 Cybersecurity Prediction Mid-Year Review


By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies

Every year, the WatchGuard Threat Labs team releases our annual cybersecurity predictions to forecast how the threat and cybersecurity landscape might change in the coming year and how to adjust your defense and security strategy to stay ahead of evolving threats. While our specific predictions are sometimes bold and don’t always hit during the year, the actual security and threat trends driving them are proven. We encourage readers to consider the underlying trends, regardless of it the prediction hits exactly.

That said, unlike others who release predictions at the end of the year but never revisit them, we like to recap our past predictions and judge which ones came true. We do so using a very scientific (sarcasm) scale of Win, Fail, and Meh. I think you’ll find win and fail self-explanatory, and Meh just means it’s right on the edge—not quite, but getting there. While we tend to save this review for the end of the year, we thought it would be fun to do a mid-year prediction update to see how we are doing so far. Below you’ll find our six 2022 cybersecurity predictions with a small update of if we think they have hit so far.

  1. State-Sponsored Mobile Threats Trickle Down to the Cybercrime Underworld

This prediction was pretty simple. With state-sponsored (read government) actors increasingly buying mobile malware and spyware such as Pegasus from so-called legitimate businesses like the NSO Group, we expected cybercriminals to learn from their success and increasingly use mobile malware themselves. Has this come true so far?

WIN

We have seen a lot of evidence showing a rise in cybercriminals using mobile malware during 2022. For instance, early in the year, ProofPoint detected a 500% increase in mobile malware attacks during February, most of them set to steal usernames and passwords for email or bank accounts. We also have seen a new “grey market” mobile spyware called Predator, sold by a company called Cytrox, gain traction in 2022—largely targeted toward journalists and activists.  It has allegedly infected tens of thousands of android smartphones.

To add more supporting statistics, Nokia’s data shows that mobile banking malware has increased 80%, and Kaspersky says it blocked almost 6.5 million mobile threats during Q1 2022. In short, there seems to be significant evidence that cybercriminals are increasing their mobile attacks during 2022.

  1. News of Hackers Targeting Space Hits the Headlines

I can summarize this prediction as we expected a space hack—most likely one targeting satellites—to hit during 2022. Some might find this prediction a bit “out of this world,” but knowing what we did about recent research targeting satellites, we figured it probably was more likely than most suspected. So how did we do?

WIN

To be honest, we felt this prediction hit even before 2022 started. We released our predictions for the upcoming year in November, and around that time a story came out about how the U.S. Space Force General David Thompson claimed Russia and China were launching “reversible” attacks on US satellites every day. Largely these were temporary jamming attacks both on radio and optics of a satellite. In any case, this story suggests our prediction came true right after we made it.

That said, other stories throughout 2022 also support the prediction. The biggest is probably Russia hacking Viasat during their Ukraine war. Hours before their Ukraine invasion, they used wiper malware to disrupt Viasat’s satellite communications. I will concede that this was more an attack on the satellite infrastructures ground communications, but it is a good reminder that satellites need their ground and space presence to work.

Finally, recently at the Blackhat and DEF CON cybersecurity conferences (sometimes called hacker summer camp), a researcher named Lennert Wouters demonstrated how he hacked a SpaceX Starlink ground satellite station and made a modchip for it for about $25. The modchip allows him to disrupt the secure boot of the device and install his own firmware, which is a doorway to further understanding and hacking Starlink communications. While you might suspect SpaceX would get upset, they were forward-thinking enough to offer to hire him. In any case, we seem to have a lot of evidence of both real-life and research-based satellite hacking so far in 2022.

  1. Spear SMSishing Hammers Messenger Platforms

SMSishing is malicious phishing or spear phishing messages that target mobile phone text messages. This text-based phishing has been increasing for many years. Our 2022 prediction was to warn you to look out for other messenger app phishing too. Mobile apps like WhatsApp, Facebook Messenger, Slack, Teams, and so forth are pretty much just text messaging apps, but ones that have use more media and are typically attached to social or work networks. Our prediction was to expect cybercriminals to phish there too, as things like profile pictures can make it easier for them to spoof legitimate-looking accounts. So, has messenger app phishing doubled in 2022?

WIN

We can say there have been continued increases in normal text-based SMSishing, but that wasn’t really our prediction. For our prediction to hit, we need to see a quantifiable phishing increase in the messaging applications.

According to the Ireland national police, also known as Garda Síochána or Gardai, WhatsApp phishing and scams have increased 2000%, with some victims losing over €2,400 to these scams. We also saw holiday-specific phishing scams hit WhatsApp during Father’s Day, as well as an effective “hey mum” scam. In short, it seems cybercriminals are also increasingly targeting messenger apps with phishing and scams.

  1. Password-Less Authentication Fails Long Term Without MFA

We generally like password-less authentication and think it represents progress for frictionless and slightly more secure authentication. However, we predicted was that password-less could not substitute for multi-factor authentication (MFA). Without MFA, Microsoft and other password-less authentication might get hacked by a criminal or researcher in 2022. Did this come true?

FAIL

While we still believe in this prediction, we can’t find any solid research showing it has hit yet. To be fair, it turns out it may have been slightly true before our prediction. After making the prediction, we did find a researcher had given a Blackhat 2021 talk about bypassing Windows Hello, one of Microsoft’s password-less options. However, this was before our prediction, so we’d need a 2022 example for our prediction to hit. As far as we can tell, Blackhat and DEF CON 2022 did not have a similar talk. We have seen other general weaknesses in Microsoft’s authentication, such as this adversary-in-the-middle (AitM) phishing attack that affected over 10,000 Microsoft M365 users. However, this bypassed MFA as much as it did general authentication. We still think this will come true one day, but we can’t yet claim it for 2022… yet.

  1. Companies Increase Cyber Insurance Despite Soaring Costs

While it may not be immediately apparent from the title, this prediction was essentially that Cyber insurers would increase their security compliance requirements on customers for them to receive insurance. Not only are cybersecurity insurance prices up, but if you don’t pass security muster, the insurer might even deny you.

WIN

This one is probably not worth exploring in depth, as it obviously came true. Not only has the price of cyber insurance risen 96%, but insurers are asking many more security compliance questions when offering to sell or renew cyber security insurance. We’ve also seen insurers turn down clients more often if they don’t hit a security baseline. At a 2022 RSA panel, one panelist described how some of their clients originally got their cyber insurance policy by answering five easy questions and sharing their security policy documentation, but when they renewed the policy they had to answer a 300-question security survey. We’ve also heard this anecdotal feedback from many of our partners and customers and experienced it ourselves during renewal. It seems clear, that in 2022 and beyond, insurers will have more cybersecurity baseline requirements for you to get a policy.

  1. And We’ll Call It Zero Trust

While we kind of made fun of the buzzword Zero Trust in this prediction, as we believe it’s just another way to say the least privilege principle, the real prediction was that many companies would start moving to the zero trust model in 2022. So, has that happened?

MEH

My gut says this prediction has likely come true, but it was always one we feel we’d have trouble measuring quantifiably. Other than through surveys, it’s hard to know whether companies are launching new security paradigms or infrastructure, as that’s the type of thing most don’t publicly share. That said, Okta did a 2022 survey that does suggest zero trust adoption is growing quite a bit. According to that report, 97% of organizations questioned have or plan to have a zero trust program in 2022. It also states the percentage of organizations with a plan already underway more than doubled from 24% in 2021 to 55% in 2022. While I think this survey might already be enough to make this prediction a win, we’ll keep watching for the remainder of the year to see if any more quantifiable evidence comes out.

So that’s our cybersecurity prediction results so far. If you give us half credit for MEH predictions, I think we’re currently at 75% prediction accuracy, and we have a bit over a quarter left for the remaining two predictions to come true. Not too bad, if we do say so ourselves. That said, the predictions are mostly an excuse to talk about the trends that were never in question. Mobile malware is an issue, phishing is growing no matter its medium, and threat actors are going after IOT and OT technology too. If you make sure to learn from and defend against the trends that drive our predictions, you’ll have a safer 2022 regardless of our prediction results.

About the Author

Corey NachreinerRecognized as a thought leader in IT security, Nachreiner spearheads WatchGuard’s technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner’s expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard’s “Daily Security Byte” video on Facebook. Corey can be reached online at WatchGuard’s company website https://www.watchguard.com.



Source link