Mobile malware, passwordless authentication fails, and hackers in space

WatchGuard Technologies has announced its cyber security predictions for 2022, as it looks to help businesses understand where their next set of threats will be and to ensure enterprises remain in step ahead of the risks. 

According to the cybersecurity firm, in 2022 state-sponsored mobile threats will trickle down to the cybercrime underworld.

“Mobile malware certainly exists especially on the Android platform but hasn’t yet risen to the same scale of traditional desktop malware,” the company says.

“In part, we believe this is due to mobile devices being designed with a secure mechanism (e.g., secure boot) from the start, making it much more difficult to create zero-touch threats that don’t require victim interaction. However, serious remote vulnerabilities have existed against these devices, though harder to find.”

Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to both the devices capabilities and information contained in them. As a result, groups selling to state-sponsored organisations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices, such as the recent Pegasus mobile spyware. Unfortunately, like in the case of Stuxnet, when these more sophisticated threats leak, criminal organisations learn from them and copy the attack techniques.

“Next year, we believe we will see an increase in sophisticated cybercriminal mobile attacks due to the state-sponsored mobile attacks that have started to come to light,” WatchGuard  says.

Spear SMSishing Hammers Messenger Platforms

Text-based phishing, known as SMSishing has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know, including perhaps your boss.

“In parallel, the platforms we prefer for short text messages have evolved as well,” WatchGuard says. 

“Users, especially professionals, have realised the insecurity of cleartext SMS messages thanks to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards…