With just a few days until the end of 2014, it’s time to analyze what’s happened in the last twelve months. I would like to analyze with you the main events that have characterized the security threat landscape in 2014 and try to make predictions for 2015.

2014: Reviewing my predictions

In December 2013, I tried to imagine the principal events for the cyber security landscape in 2014. I was particularly concerned with the effects of the militarization of the cyberspace and the rapid diffusion of malicious code specifically designed to target devices belonging to the Internet of Things.

In both cases my predictions have been confirmed by events that occurred in the last year. The number of cyber operations attributed to state-sponsored hackers is increasing, and their level of sophistication is very worrying because attackers implement evasion techniques that allow their malicious code to remain under the radar for a long time.

Practically every government is continuing to invest in the development of cyber weapons. The majority of them are evaluating the idea of an active defense.

While the US is reorganizing the structures and the governance of the National Intelligence following the Snowden revelations, countries like China, Russia and North Korea have increased their efforts in the improvement of their cyber arsenal and the number of resources dedicated to the Information Warfare. Below is the list of predictions I made last year that we will discuss together.

Prediction Result
US intelligence on the rise – NSA 2.0

Cyber weapons in the wild

Tor Network, cybercrime and law enforcement

Internet of Things malware explosion

Hardware Backdoor e-hardware qualification – New frontiers of cyber espionage

A major cyber attack may happen

Increase number of attacks against Defense consultants and subcontractors

Bitcoin … lights and shadows

Gaming between cyber espionage and cyber threat monitoring

The documents leaked by the former intelligence consultant Edward Snowden had serious repercussions on US intelligence agencies. The internal structure of the overall US Secret Services was reorganized, and experts believe that its techniques and procedure have also been completely reviewed.

Evidence of a profound change occurred in April, when Admiral Michael S. Rogers succeeded General Keith B. Alexander as head of the main intelligence agency in the world, the NSA. The Admiral has a deep knowledge of information warfare. In 2009 he became commander of the U.S. Fleet Cyber Command and commander of U.S. 10th Fleet, with responsibility for all of the Navy’s cyber warfare efforts. He is the first Information Dominance Warfare (IDC) officer to achieve the rank of vice admiral, demonstrating the importance of cyberspace in the modern doctrine of warfare.

I have also predicted the diffusion in the wild of new cyber warfare, although attribution is not easy when researchers analyze malicious components designed by government entities. Security experts have discovered several malwares in the wild that are likely to have been designed by governments. The Regin backdoor and the Snake campaign are just a couple of malicious code that infected computers worldwide.

I also predicted the intensification of the activities conducted by law enforcement to fight cyber criminal activities that exploit dark nets. The recent operation Onymous demonstrates the efficiency of the methods adopted by police worldwide to track criminal crews behind principal black markets in the Tor Network. I also predicted the explosion of malware with malicious code specifically designed to compromise Internet of Things devices. Despite that the number of malicious codes and “thingbots” discovered in the wild (i.e. Spike botnet) is still limited, it is likely that the experts will discover new agents targeting smart meters, smartTVs, SoHO routers and similar devices.

Sincerely speaking, I was thinking to an explosion of the number of malwares, but the phenomena were limited if compared to the rapid diffusion of the paradigm.

Regarding the qualification of hardware and software, I consider that this year very little was done, certainly below my expectations expressed twelve months ago. The situation is quite similar for the spread of the paradigm of User Controlled Encryption, which hasn’t reached the level of diffusion I expected.

I was right when I predicted an increase pressure on consultants and subcontractors, unfortunately they still represent the weakest link of the security chain and it is normal that APTs have targeted them with surgical attacks. I also predicted a major cyber attack against a critical infrastructure or a company. In effect, it’s my opinion that despite that the number of attacks increased in a significant way and new major hacking campaigns were discovered, fortunately no incidents caused damages to infrastructures, nor were there losses of human life.

My prediction on Bitcoin was correct: the speculative bubble of a few months ago was deflated, and everyone sees the popular virtual currency with different eyes.

Regarding the other predictions I made on the evolution of cybercrime, as I premised, it was too easy to forecast the explosion of malware, especially for mobile platforms, and the same thing for the number of abuses of cloud infrastructure and social media accounts. I also predicted that numerous platforms were still vulnerable because the systems were using outdated systems or not properly configured platforms.

I also overestimated the potential effect of hacking campaigns run by hacktivists. Anyway, I always consider these groups really dangerous and to consider with great respect to avoid surprises.

2015 Predictions

2015 is almost upon us, and it is time for predictions regarding the principal events that will characterize the cyber threat landscape in the next year. Below are my predictions on the scenarios that we will see in the next 12 months.

New actors will overlook the scenario of cyberwar and information warfare. Almost every government is investing huge resources to improve cyber capabilities. Many countries announced the creation of cyber armies composed of highly skilled hackers who have to defend their nation from attacks originating in cyberspace. Cyber warfare is very attractive to small nations. The development of a government-built malware is cheaper than any other conventional weapon and far more accessible to any nation-state. Cyber warfare represents for every government an efficient alternative to conventional weapons. A cyber weapon allows small countries to run covert cyber attacks without as much risk of getting discovered. North Korea, Syria, and Iran are among the countries that have developed great capabilities that pose a serious threat to major Western states. The risk of a serious attack on the critical infrastructure of a Western government is high, and its attribution will be even more difficult.

The number of cyber attacks against private companies and operated by criminal crews will continue to increase. Healthcare will be one of the sectors most targeted by cyber criminals. Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground. Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data. The criminal phenomena will become more frequent in countries like the United States and the United Kingdom in which criminal organizations are specializing in cyber attacks against infrastructures that manage Electronic Health Records (EHRs).

Computer espionage will represent the first threat to the economy of many states.The number of targeted attacks against government organizations and companies operating in critical sectors such as defense and high tech will rapidly increase. Regardless of the nature of the actors responsible for the offensives, cyber criminals or state-sponsored hackers, the number of the attacks will increase due to the availability of a growing number of online tools and services that allow bad actors to hit a target with great simplicity. The economy of an attack will continue to benefit the attacker, who with a limited budged and relatively modest resources is able to cause extensive damage to the objectives.

A new exploit kit specifically developed to compromise mobile platforms will be available in the wild. Android will be the most target platforms and new malicious code will be proposed in the cyber criminal underground. The attacks will benefit from a significant increase of phishing attacks on mobile devices, as malicious links and applications downloaded from third-party stores redirect users to websites hosting the malicious exploit kit. Once visited by victims, their mobile will become infected. Probably mobile online banking will be the industry most targeted by this kind of attack.

Cybercrime will continue relentlessly to increase its profits despite the effectiveness of operations by major intelligence and law enforcement agencies.
The recent operation Onymous run by law enforcement has deeply impacted the underground ecosystem. New operators will join the criminal ecosystem, and existing ones will consolidate their illegal activities. It’s easy to predict an increase in the number of fraudulent activities run through anonymizing networks like Tor.

The number of cyber attacks against devices of the Internet of Things will rise inexorably. IoT devices will be targeted mainly by specifically designed malware that is able to compromise this family of systems. The possible effects for the surge of cyber attacks on Internet of Things devices are significant data breaches and the sabotage of equipment in which the units operate. IoT devices are actually deployed worldwide and are easy to locate, and in many cases present a lack of security measures that would make them resilient to external offensives.

Point-of-sale (PoS) malware will become one of the most common methods of stealing data and money. The number of malware that are designed to compromise the POS system will increase. This category of malicious codes will be enriched by a new strain of malware that implements new features and which will be particularly difficult to detect. Malware authors will concentrate their efforts in the development of new evasion techniques and code obfuscation to make the detection of the malicious agent difficult. As a consequence, the number of data breaches will increase with unpredictable consequences for the victims.

Cloud services under attack. iCloud, GoogleDrive, DropBox and other cloud services will become an attractive target for cyber criminals and state-sponsored hackers. The attacks can cause the exposure of sensitive data, representing a serious threat to private companies. Cyber attacks against cloud services will also become an essential component for hacking campaigns operated by APTs worldwide.