In 2022, we asked our team for their cybersecurity predictions for the year. The theme was pretty much, “Everything is bad. Everyone’s a target.”
As it turns out, we are pretty good at seeing the future—each of our predictions from last year came true in some way.
To recap, our 2022 predictions included:
Decentralized cybersecurity - Though a slow process, decentralized cybersecurity is becoming true. Per Mikey Pruitt, “As legacy strategies and technologies are sunsetted, the modern approach of securing your endpoints with as much vigor as the office has solidified in the minds of IT practitioners around the globe. More stringent compliance, especially to obtain cyber insurance, will accelerate decentralized cybersecurity adoption.”
Internet users will take control of their privacy - According to a 2022 poll by Ipsos on behalf of Google, 84% of Americans are concerned about the safety and privacy of their online data. In the last 90 days, the number of blocked trackers on our network has increased by over 132%, indicating increased concern regarding websites’ abilities to track individuals.
Government regulations - There’s been some real progress on privacy-related legislation in the past year. Peter Lowe states, "I honestly think the EU is leading the world on this sort of thing - the DSA and DMA that went into force in November (and the recent decision against Meta, although that’s technically 2023) are great examples, but this sort of thing is being seen in a lot of other places."
Product vulnerabilities from using OSS - Security risks associated with OSS in supply chain increased from 47% to 53% in 2022. In a global study by Venafi, 82% of CIOs say their organizations are vulnerable to supply chain attacks.
Threat actors will target password management - We managed to nail our list in the 11th hour with the recent announcement of LastPass’s breach. If you have been impacted, make sure you rotate your master password and change sensitive passwords in your vault, if you haven’t already. Password managers are vital for many companies, but the risks associated with a breach like this can have cascading effects.
Cyberwarfare - Sadly, this one was also spot on. SecureList agrees that from here on out, “We can expect to see significant signs and spikes in cyberwarfare in the days and weeks preceding military conflicts.”
As we crowdsourced 2023 predictions, the list got a little longer. Attackers will get more creative, we’ll see more widespread effects of breaches, and AI will play a large part:
Massive IoT hack - Our Principal Security Researcher, Peter Lowe, believes there could be a large-scale attack on something (or someone), through a vulnerability in IoT devices. This could take the form of some sort of worm or common piece of software that’s used, allowing for the creation of a massive botnet.
Cars will be held ransom - With cars relying more and more heavily on software, there’s a bigger target on the back of the auto industry. With increasing reliance on automated features and mobile integrations, Bluetooth features, and digital displays, vehicles are becoming more vulnerable, and it’s possible that the car industry could experience a big ransomware event of some sort.
Major social media hack - Again, Peter predicts that there will be a massive social media hack or breach that will make a splash with big headlines. He also predicts that it will be soon quickly forgotten and people will not be any more cautious with their social media use.
“DNS Abuse” goes mainstream - While we are already starting to see this, Peter believes that we will continue to see the trendiness of “DNS Abuse.” He predicts that high-level conferences and international organizations will need to start thinking about how to defend themselves against it. As a result, the bad guys are going to try harder to circumvent protection measures.
AI model hacking - Peter and Christina Blakely, DNSFilter’s Webshrinker and Categorization Specialist, both agree on the prediction that people are going to continue pushing the boundaries of the various uses of AI that are popping up. Not only do they believe there will be a vast increase in AI applications, they also believe we will start seeing AI be used to do unsavory things, including phishing.
Trends will allow malware to spread - Adding to the prediction of malicious AI software, Christina believes they’ll be able to create trends and bring down social media users’ guards, allowing for widespread malware and social media compromise. Christina says, “If a website or software can provide something tangible, they won't notice malware until it's too late.”
Automated content creation - David Elkind, DNSFilter’s Chief Data Scientist, predicts that we will see continued use of AI programs, and that content creators will see the value of automating their content creation in an effort to become profitable. David believes that this could lead to an increase in junk content. Social media platforms are already struggling to moderate content, and the speed and ease of automated content will make it nearly impossible—prompting the decline of social media and web 2.0.
Co-working spaces - Brian Gilstrap, DNSFilter’s Technical Support Engineer, Tier 1, anticipates that as more people work from public locations such as coffee shops, libraries, and restaurants, “We will see more instances of shoulder surfing and public wireless spaces being hijacked.”
Our IT Manager, Frank Ahan, agrees, and predicts that co-working spaces will see more instances of packet sniffing, eavesdropping, network vulnerability scans, and brute force attacks on workstations.
Cascading attacks - Alex Applegate, DNSFilter’s Senior Threat Researcher, believes that we will continue to see more cascading attacks. Supply chain providers, MSPs, and cloud providers are hard to breach, but once they are breached, an attack can cascade quickly through a system. These businesses will continue to have a target on their backs and bad actors will take advantage of any potential hole in their security.
The threat of the year won’t be from this year - Alex also predicts that the trend of breaches of outdated technology will continue. He says, “Software libraries, log management systems, and ancient network protocols–that were perhaps created when software development was less of a rigorous engineering discipline and security was less of a concern–have all been exploited to disastrous effect.” Alex believes that hackers are working to find the next vulnerability, but there aren’t enough teams poring over old foundational code to ensure things are secured before they can be found.
We will have to wait and see which of these come to fruition in our annual predictions blog next year, but so far 2023 is starting off pretty strong with password management breaches, social media woes, and trendy AI apps.