It’s a new year, but in many ways it’s the same old story. Threats are on the rise. Organizations are lacking sophisticated cybersecurity measures. Everyone is a target. So what predictions do we have for you in 2022?
After I posed the question internally at DNSFilter (“What do you expect to see in 2022 in the security space?”) the very first response I got was simply: “It’s all going to get a whole lot worse.” (Thank you Domain Intelligence Lead Peter Lowe for that uplifting response).
Unfortunately, it’s probably accurate. However, rather than focus solely on the doom-and-gloom aspect, I’ve compiled the top responses from DNSFilter employees here that range from cybersecurity methodology to the threats we’re likely to face.
But no matter what is actually in store for 2022 when it comes to cybersecurity, there is one constant truth: You can no longer afford to be unprepared for a cybersecurity attack, no matter the size of your organization.
Onto the predictions…
This is something we’ve all been living with for a while: Endpoints have become increasingly important while the traditional perimeter (in a traditional office) has essentially disappeared.
The goal of Decentralized Cybersecurity is to protect all your digital assets at each endpoint, without relying on a traditional perimeter. It is a series of layered and flexible safety nets to catch intruders at all of the disparate points in your infrastructure to better ensure you mitigate any potential threat.
Many organizations are stuck in a hybrid environment, and we see them taking on a fully remote and cloud-based approach to both their security and IT measures.
If this is a topic that interests you, we have an upcoming webinar on decentralized cybersecurity with our very own Product Manager Mikey Pruitt—who we can also thank for naming this trend.
We can also thank Mikey for this next trend: Internet users are taking back their privacy in 2022. Privacy and the internet have been at odds for a long time, but there has been more friction in recent years as targeted ads and tracking codes have become standard.
One study showed that eight out of every ten Americans value their online privacy, yet many are not willing to pay to protect it or stop using tools that impact their online privacy.
We are becoming more conscious about our online privacy, and we’re going to start seeing this come up in both government regulations and products offered. Even at DNSFilter, we offer categorization for ads and trackers that organizations can use to block domains that collect information about you.
Speaking of government responses to security threats and privacy, Mikey said he also expects to see more regulatory changes in 2022. Because of what’s occurring in Ukraine (more on that in a bit), CISA has already urged US companies to implement threat protection this year. And of course, there was the executive order last year around improving US cybersecurity as a whole.
But internationally, there have also been moves for greater government control of the internet as a whole. Look at DNS4EU. The EU claims that this is to combat vulnerabilities in a vulnerable infrastructure, and decrease the likelihood of a massive DNS take-down—but there’s more to it than that. It’s also about the government deciding what content to block, which boils down to government overreach. This type of overreach makes it more likely that lawsuits, such as Sony’s injunction against DNS resolver Quad9, are actually seen to fruition. Our CEO Ken Carnesi posted his opinion on the Quad9 injunction shortly after it was announced in 2021.
We’ll keep an eye on DNS4EU as it’s still in the planning process, but governments worldwide are seeking greater control over the free internet we’ve come to know and love.
This next prediction comes from Tier II Technical Support Engineer Arthur Chocholacek, who previously wrote about the Log4j exploit on our blog.
Arthur expects to see more product vulnerabilities resulting from the use of OSS—not necessarily because it’s poorly maintained, but because the OSS in question is only maintained by a handful of people and it ends up used in thousands of projects.
There are certainly other Log4j-type exploits already out there, but we’re not yet aware of what they are. We’ve already seen it in the corrupted faker.js and colors.js libraries that were discovered earlier this January. These libraries are downloaded 2.5 million and 22.4 million times per week, respectively.
OSS is valuable, but for every developer including open source components in their programs, they need to consider the consequences and weigh the risk vs. the reward. The faker.js library story is just the first of the new year.
Password managers, if hacked, would be an incredible score for any threat actor looking to gain access to accounts for a variety of purposes. Those seeking monetary gain might be looking for credit cards stored as secured notes, or bank account details. Others interested in “watching the world burn” might be on the lookout for social accounts of major companies or well-known personalities. And still others might be looking for logins related to software builds so they can inject malicious code.
The possibilities are really endless. That’s why Peter Lowe believes threat actors will target password managers in 2022. He thinks that we are likely to see a major hack against a major password manager that will result in possibly millions of passwords being dumped at scale.
We trust password managers with a huge portion of our digital lives. But if a threat actor is able to bypass our chosen password manager’s security controls and access our information, our own secure passwords won’t matter much.
Our final prediction is one that seems to be coming true already, and it comes again from Peter Lowe.
War between nations is going online first. The conflict between Russia and Ukraine has led to Russian hackers taking down Ukraine’s government sites. Within hours after Russia, the US, and NATO discussed the conflict, an attack was deployed.
The message posted on Ukrainian government websites was:
“Ukrainians! All your personal data was uploaded to the internet. All data on the computer is being destroyed. All information about you became public. Be afraid and expect the worst.”
Dmitri Alperovitch, CrowdStrike co-founder and member of the DNSFilter board of directors, has spoken at length about what he has seen between Ukraine and Russia. He noted in a lengthy Twitter thread that “Since early December, there has been a dramatic increase in cyber intrusions on Ukraine government and civilian networks from Russia.” This was nearly a full month before the recent attack on government sites.
But there are other historical precedents for cyber warfare. In 2007, attacks on Estonia occurred after disagreements between Estonia and Russia. Government websites were defaced in conjunction with DDoS and botnet attacks as well as the distribution of general spam.
The sophistication of these attacks was reportedly unseen prior to this act of alleged “state-sponsored cyberwarfare”. NATO conducted an investigation that resulted in the creation of the Cooperative Cyber Defence Center of Excellence. Ultimately, a single person (a student) was found guilty and fined for the attack of a single website. Russian authorities did not cooperate in the investigation.
Looking at an example in the last year, North Korea has been involved in cyberattacks in an attempt to discover military and government secrets. Meanwhile, they’ve threatened testing a nuclear weapons program. These cyberespionage tactics can certainly be perceived as the precursor to war.
We don’t want this prediction to come true, but unfortunately the reality is that we’re heading in that direction more and more often. Battles are being fought on government networks and even on public-facing websites. Hopefully, these wars start and stop in the digital space.