Cyber Defense eMagazine January Edition for 2022

More documents

Recommendations

Info

to create “zero-touch” threats that don’t require victim interaction. However, serious remote vulnerabilities have existed against these devices, though harder to find. Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to both the devices’ capabilities and information contained in them. As a result, groups selling to state-sponsored organizations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices. Unfortunately, like in the case of Stuxnet, when these more sophisticated threats leak, criminal organizations learn from them and copy the attack techniques. Next year, we believe we’ll see an increase in sophisticated cybercriminal mobile attacks due to the state-sponsored mobile attacks that have started to come to light. 2. News of Hackers Targeting Space Hits the Headlines With renewed government and private focus on the “Space Race” and recent cybersecurity research concentration on satellite vulnerabilities, we believe a “hack in space” will hit the headlines in 2022. Recently, satellite hacking has gained investigative attention from the cybersecurity community among researchers and at conferences like DEF CON. While satellites might seem out of reach from most threats, researchers have found they can communicate with them using about $300 worth of gear. Furthermore, older satellites may not have focused on modern security controls. Meanwhile, many private companies have begun their space race, which will greatly increase the attack surface in orbit. Between those two trends, plus the value of orbital systems to nation states, economies, and society, we suspect governments have quietly started their cyber defense campaigns in space already. Don’t be surprised if we see a space-related hack in the headlines soon. 3. Spear SMSishing Hammers Messenger Platforms Text-based phishing, known as SMSishing has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know. In parallel, the platforms we prefer for short text messages have evolved as well. Cyber Defense eMagazine – January 2022 Edition 78 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Users, especially professionals, have realized the insecurity of cleartext SMS messages thanks to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards like Signaling System 7 (SS7). Where legitimate users go, malicious cybercriminals follow. As a result, we are starting to see an increase in reports of malicious spear SMSishing-like messages to messenger platforms like WhatsApp. We expect to see targeted phishing messages over many messaging platforms double in 2022. 4. Password-Less Authentication Fails Long Term Without MFA It’s official. Windows has gone password-less! While we celebrate the move away from passwords alone for digital validation, we also believe the continued current focus of single-factor authentication for Windows logins simply repeats the mistakes from history. Windows 10 and 11 will now allow you to set up completely password-less authentication, using options like Hello (Microsoft’s biometrics), a Fido hardware token, or an email with a one-time password (OTP). The only strong solution to digital identify validation is multi-factor authentication (MFA). In our opinion, Microsoft (and others) could have truly solved this problem by making MFA mandatory and easy in Windows. You can still use Hello as one easy factor of authentication, but organizations should force users to pair it with another, like a push approval to your mobile phone that’s sent over an encrypted channel. We predict that Windows password-less authentication will take off in 2022, but we expect hackers and researchers to find ways to bypass it. 5. Companies Increase Cyber Insurance Despite Soaring Costs Since the astronomical success of ransomware starting back in 2013, cyber security insurers have realized that payout costs to cover clients against these threats have increased dramatically. In fact, according to a report from S&P Global, cyber insurers’ loss ratio increased for the third consecutive year in 2020 by 25 points, or more than 72%. This resulted in premiums for standalone cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD. As a result, they have greatly increased the cybersecurity requirements for customers. Not only has the price of insurance increased, but insurers now actively scan and audit the security of clients before providing cyber security-related coverage. In 2022, if you don’t have the proper protections in place, you may not get cyber insurance at the price you’d like, or at all. Like other regulations and compliance standards, this new insurer focus on security and auditing will drive a new focus by companies to improve defenses in 2022. Cyber Defense eMagazine – January 2022 Edition 79 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
“Owning Your Identity” Through
Page 3 and 4:
WatchGuard Technologies’ 2022 Pre
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - January 2
Page 9 and 10:
MUST ATTEND REPLAY AVAILABLE ON-DEM
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28: Cyber Defense eMagazine - January 2
Page 39 and 40: But in spite of this threat, consum
Page 41 and 42: How To Thwart Fraud with Phone Numb
Page 43 and 44: mutable and dynamic by continually
Page 45 and 46: Phishing: How To Improve Cybersecur
Page 47 and 48: organizations gather data all in on
Page 49 and 50: offers comprehensive firmware prote
Page 51 and 52: Why Hackers Attack Mobile Devices a
Page 53 and 54: the network. This is a good indicat
Page 55 and 56: About the Author Nicole Allen, Mark
Page 57 and 58: Know your customer As spam and phis
Page 59 and 60: Microsoft Successfully Defended The
Page 61 and 62: However, you can’t rely 100% on t
Page 63 and 64: Why Americans Joined Europe in Not
Page 65 and 66: Have a good backup policy. A good p
Page 67 and 68: Secure Apart from reporting, the af
Page 69 and 70: Taking a hard look at the current s
Page 71 and 72: There are plenty of organizations t
Page 73 and 74: 5. The impact of the talent shortag
Page 75 and 76: The industry is already embracing a
Page 77: WatchGuard Technologies’ 2022 Pre
Page 81 and 82: What Are DeFi Flash Loans & How to
Page 83 and 84: DeFi hackers can easily exploit fla
Page 85 and 86: 3. Get audited Getting a smart cont
Page 87 and 88: Protecting Critical Infrastructure
Page 89 and 90: • They use penetration tools to g
Page 91 and 92: Three Key Facts About AI-Driven Net
Page 93 and 94: About the Author Eyal Elyashiv is t
Page 95 and 96: Tyler Farrar, CISO, Exabeam “What
Page 97 and 98: Protecting unstructured data will l
Page 99 and 100: change again before they’re done.
Page 101 and 102: Samantha Humphries, head of securit
Page 103 and 104: Due to their successes, adversaries
Page 105 and 106: Paul Farrington, chief product offi
Page 107 and 108: In 2022, it is going to become cruc
Page 109 and 110: Our Cyber Defenses Need to Be Battl
Page 111 and 112: the exploitation aspect, but if tes
Page 113 and 114: 12 Tips for Improving Access Contro
Page 115 and 116: weak passwords. Password management
Page 117 and 118: Four Cybersecurity Predictions Fede
Page 119 and 120: 4. Cyber Funding Gets Granular In F
Page 121 and 122: Of course, these recommendations ar
Page 123 and 124: Cybersecurity Tips to Help Your Org
Page 125 and 126: Organizations can achieve true cybe
Page 127 and 128: quarter. Put simply, any organizati
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Free Monthly Cyber Defense eMagazin
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
THE Q1/Q2 GAME CHANGER… CYBERDEFE
show all

Cyber Defense eMagazine January Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?