It’s that time when cybersecurity firms are predicting what will happen in the year ahead. But, as I reported in my last post, often the most serious cybersecurity breach is never even considered. No one really thought the entire internet would be put at risk by a DDoS attack or that the hacking of the DNC would be the hacking highlight of the year. However, in a general way, the firms did get a few things right and I gave them a ‘B’ rating.
So what do these firms see in the year ahead? Well, most of them agree on a few points. Most are just looking at what happened in 2016 and using that as a template for 2017. I suppose that will guarantee some success, but what else may be on the horizon?
This year’s selection of firms has changed slightly from last year. At the time of this writing, Wired has not come out with any predictions and I have, therefore, replaced it with Symantec. Websense has changed its name to Forcepoint. The other firms remain the same as in previous years. The abbreviations following their names will be used for easier reference. The firms are Symantec (S), Forcepoint (FP), FireEye (FE), Trend Micro (TM), and Kaspersky (K).
Here are their main predictions for 2017.
1.Ransomware attacks will continue to increase with new variations (S, FP, FE, TM, K)
This is really a no-brainer. Ransomware attacks were wildly successful in 2016 and there is no reason to believe this will change anytime soon, despite the fact that a huge, international takedown of the Avalanche crime network occurred in early December. True, it will take ransomware operatives a while to recover, but this attack vector is too lucrative for criminals to give up on. Some cybersecurity firms see ransomware growing in sophistication. FireEye believes ransomware will target companies more and more as they have more money to pay. Symantec sees ransomware targeting cloud storage, while Forcepoint and Trend Micro believe attackers may abandon monetary rewards for other kinds of extortion. Ethical hackers may encrypt an organization or company’s files to make a political statement.
I’m not really sure ransomware criminals want to abandon a business model that has been so successful, especially since many ransomware criminals are in it for a quick buck. Attacking small or medium-sized companies usually results in them paying the ransom, however, attacking larger enterprises risks attracting too much attention from authorities. The San Francisco metro hacker quickly backed off of his demands when the authorities became involved. He was clearly in over his head.
2. Internet of Things (IoT) attacks (FE, S, TM, K)
In October, 2016, a huge DDoS attack using bots organized with Mirai software brought down major internet sites. The attack depended to a large degree on devices that are unprotected but connected to the internet; things like web cameras, TVs, and refrigerators, to name but a few. It’s still not clear who was behind the attack, but the take away was clear: If you can organize enough bots, you can take down anyone. This has got to be appealing to hacktivists willing to make a point of some kind. Trend Micro agrees.
FireEye believes that ‘things;’ may be held hostage. (Pay or we’ll defrost all of your food.) Others (S) believe that more companies will be attacked through things (like printers), which are often overlooked by security teams.
3. Nation-state related attacks (FE, FP, S, K?)
I include in this category any nation-state involvement predicted by these firms. They all have different ideas on the type of involvement, but predict an underlying nation-state connection. Symantec sees rogue states trying to finance their projects by aligning themselves with criminal hacker groups. Forcepoint foresees “hacking machines” run by nation-states prowling the internet, looking for weak points to automatically attack for the purpose of causing panic. Kaspersky seems to believe that espionage through compromised mobile devices will increase, but it is not clear if this espionage is nation-state, industrial, or both.
4. Cloud attacks (FE, FP, S)
The prevailing belief held by many companies is that their data will be safe in the cloud. The cloud may have its benefits, but safety is certainly not guaranteed. In fact, it is the very convenience that the cloud offers that could make it unsafe. The fact that it gives employees the opportunity to access corporate files from anywhere with any device exposes it to being compromised by hackers. It certainly seems logical that this vector will be increasing used by hackers.
5. Attacks using mobile devices (K, S, FP)
Several firms believe that major hacks will occur through compromised mobile devices. Notice from the discussion above how the cloud becomes more vulnerable due to the number of devices able to access it. Forcepoint has an interesting view of this attack vector. They claim that as corporations and institutions become more ‘millennial-based’, they will become more vulnerable to attacks through mobile devices connected to the corporate network. This, they say, is because millennials have a certain blind trust in social media and information sharing while having a tendency to ignore security concerns, not what you want if you believe in good security.
FireEye – Attacks on religious institutions
Why not? They’ve got money, lots of personal information, and their networks are probably not very well protected. I’ll be interested to see if this vector appears at all this year because even one successful breach will encourage more.
Forcepoint – Abandonware attacks
Forcepoint claims that there are a lot of companies using security software from companies that no longer exist. This is kind of like using software that’s not updated, but worse. This is software that can never be updated making it permanently vulnerable to attacks.
Symantec– Fileless malware will increase
“Fileless infections – those written directly onto a computer’s RAM without using files of any kind.” These are attacks that corrupt the boot sector and load before any antivirus programs get a chance to stop them. These types of attacks are difficult to prevent and detect. They increased during 2016 so they may continue to do so in 2017.
Trend Micro – Business Process Compromise
In this hack, the attacker penetrates the company network and, posing as someone in authority, begins to transfer money or merchandise to themselves. Since it looks like a legitimate transfer, it is very difficult to detect if done correctly.
Kaspersky – Manipulation of News and Information
Kazpersky points to hackers like the Lazarus Group, who can break into networks, gather information, and then release it, causing a sort of panic or use the information they find to manipulate public opinion or create false news.
My Own Predictions
1. Hacktivist-based DDoS Attacks
With the Mirai Malware code now in the wild, the use of the IoT pathway for organizing botnet attacks seems highly likely, especially if hacktivist groups get together to make this a reality. These attacks may be on news outlets, financial institutions, or nation-states that hold opinions these groups disapprove of.
2. Nation-state proof of concept infrastructure penetration
I don’t think any advanced nation would be stupid enough to launch a true cyber attack on another country’s infrastructure because of the fear of a similar counterattack. That said, I do think many countries would like to make their cyber strength known by penetrating the cyber defenses of a rival nation. The best way for them to gain attention, and possible respect, is by showing that they can put malware into some part of a nation’s vital infrastructure, like a power station. These nations actually want the malware to be found and even have it point back to them. However, they have no wish to deploy it…at least for the moment. Such discoveries could cause minor panic among the general public.
3. Ransomware attacks
Yes, I believe ransomware will still be around causing distress for normal users as well as small companies. Hospitals seem ready to pay up so they will also be a main target. There may be a lull in such attacks at the beginning of the year due to the takedown of the Avalanche crime network, but they are bound to increase in the second half of 2017. The potential for ransomware to be used for political purposes does exist, but I don’t expect to see this because DDoS attacks can achieve the same goals and are easier to organize. There will no doubt be one ransomware attack on a large firm or organization that gets the headlines, but this may be due to an attacker accidentally hacking an organization that is bigger than they can handle.
4. A major attack on Facebook, WhatsApp, or Snapchat
Facebook is notoriously slow to react to hacks. It has tons of data that can be used for any number of financial purposes. It has a huge network which is accessible in any number of ways. In other words, it’s just waiting to be hacked and hacked in a major way. Prepare to be told to change your passwords “as a precautionary measure” when they try to downplay the hack. The same can be said for other social media sites like WhatsApp and Snapchat.
5. A major battle between personal privacy and security will develop
Donald Trump seems to favor security over personal privacy. If he attempts to introduce legislation requiring individuals or companies to give up more of their personal privacy to increase national security, a huge battle will ensue which will divide the country. Such a move will divide politicians on both sides of the aisle. It is an emotional issue for many Americans and one which contains constitutional considerations. A case may arise where a company is asked either to install backdoors, give up customer data, or give encryption information to the government in order to solve some crime or subvert possible terrorist attacks. Many see these sorts of actions as attacks against individual liberty in that they create the foundation for a China-like surveillance society. However, it is also appealing to many, perhaps most, people to hear the comforting promise of living in a safe, secure world. So far, many have chosen to give up a little of one to achieve the other, but a line could be drawn which will not allow for fence sitting. It may force Americans to consider Benjamin Franklin’s quote which reads, “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”
A year from now, I will once again assess the merit of all of these predictions. Happy Cyber 2017!