Data theft and ransomware

Data is money, both for legitimate business and also criminals, we can only expect to see criminals become more focused on data analysis and how to expand their ways to monetise it. This means more data theft by whatever means possible, whether ransomware, other types of malware or the continued hacking of organisations databases.

Within this context ransomware is likely to broaden its scope and used as means to also steal data as well as blackmail organisations into paying ransoms to get access to their data. Cyber crooks will also look increasingly closer at how they can sell stolen data to third parties.

Moving beyond passwords

We’ll see increasing numbers of businesses move beyond passwords to other forms of authentication. Part of the problem is not only that passwords can be inherently weak but at a business level users often have different passwords to access different systems. Moving forward we will continue to see password authentication slowly being replaced, as companies try and remove the reliance on passwords.

This will slowly filter down into the consumer mainstream are people are offered news ways of authenticating their identities.  Biometrics are today relatively commonplace, for instance, opening up a laptop using fingerprints and fingerprints on phones to automatically access some services and websites. And lets not forget Windows Hello which allows access to a computer via a PIN number, facial recognition or fingerprint.

Homes become a bigger target for cyber criminals

Hybrid working is here to stay, and working-from-home enterprise employees are increasingly using a broader range of corporate and personal devices to access enterprise applications from wherever they are working. So it is only natural that our home networks should become a bigger target for cybercriminals.

 This is especially true when controls on home networks are typically not nearly as strong as those on corporate networks. Businesses that have historically locked down laptops, USB ports, personal printers and many other things. However, hybrid workers now need access to many of these devices from home, so security controls have had to be relaxed. This spans the gap into shared family devices. Even when turned off for a short period of time, the business device is at risk to all the other systems connected to the same network, many probably have never been patched and most are still using their default admin passwords if they ever had one.

Cybersecurity education becomes more important

Today, most education focuses on what should and shouldn’t be done, for example: clicking on a questionable link, opening phishing emails, sharing your password. These are now 10-15 year old lessons, and are valuable but they don’t align with the new ways of working.

As such we will likely see the beginning of a move from “don’t click on this” “don’t open that” into design and utilisation principals that address these issues at the design phase.  In a sense computer users will be viewed as digital innovation points and the core principles of good information sharing both in our personal and professional lives will start to be factored into computing in general. As home users we won’t see this up-front, but it will start to happen behind the scenes.

Phishing grows as a major threat

Text-based phishing, known as SMSishing, has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know, delivery companies, banks, government and health organisations and more.

Its interesting to note that many professionals, have realised the insecurity of SMS messages and many have moves their business text messages to alternate apps like WhatsApp, Facebook Messenger, and even Teams or Slack. But where legitimate users go cybercriminals inevitably follow.

It’s hardly surprising then that in 2021  we saw an increase in reports of malicious spear phishing messages to messenger platforms like WhatsApp. In 2022 this trend will grow and there will be an increase in messages that appear to be from someone you know.

Hackers hit space

When you hear of hackers hitting satellites don’t be surprised. While satellites might seem out of reach from most threats, security researchers have found they can communicate with them using about $300 worth of equipment. Furthermore, older satellites may not have modern security controls, and rely on distance and obscurity for defence.

Companies like Starlink are launching satellites by the thousands. Between those two trends, plus the value of orbital systems to nation states, economies, and society, we suspect governments have quietly started their cyber defence campaigns in space already. Don’t be surprised if we see a space-related hack in the headlines one day soon.

See our blog Hacked in Space