General security

2016 Cyber Security Predictions: From Extortion to Nation-state Attacks

Pierluigi Paganini
December 31, 2015 by
Pierluigi Paganini

Introduction

Here we are, once again, to discuss the current cyber threat landscape, trying to predict possible evolutions of the menaces for the next year. First of all, let's review the main events occurred during 2014 discussing checking the predictions I made one year ago.

Below is a list of predictions I had published in December 2014:

New actors will overlook the scenario of cyberwar and Information warfare. I have predicted a growing effort of almost every government in the Information Warfare. In effect, every government has spent a significant effort in improving its cyber capabilities on both defensive and offensive components.

The development of a cyber strategy is a must for every country, the level of sophistication of cyber threats and their activities are increasing as never before, urging a prompt response.

We have observed a significant increase in the number of cyber-attacks, most of them linked to nation-state actors that breached Government institutions. Let's think for example of the numerous attack that breached US Government offices, including the State Department and the Office of The Personnel Management.

Governments of North Korea and Iran have improved their cyber capabilities, Intelligence experts speculated the involvement of their cyber using in a number of cyber espionage campaigns that targeted Western organizations, Government entities and private industries.

The forecast is correct!

The number of cyber-attacks against private companies and operated by criminal crews will continue to increase.

I predicted an escalation of cyber-attacks against private companies, also in this case it was too easy to make such kind of prediction, but I also guessed that healthcare was one of the industries more exposed to the cyber threats.

The Healthcare industry offers attractive growth opportunities for cyber criminals looking to steal personal information. "Forget credit cards now. The hot new data for the modern bad guy is the electronic health record, which is not only worth more on the black market, but is easier to get." Companies in the sector can offer many entry points for crooks, that once get personal information of the victims can use it for more extensive and lucrative schemes.

I predicted an increase of the criminal phenomena in countries like the United States and the United Kingdom in which criminal organizations are specializing in cyber-attacks against infrastructures that manage Electronic Health Records (EHRs). The most illustrious victim was the health insurance provider Anthem that in February confirmed a data breach that caused the exposure of an unknown number of customer record.

Also in this case the prediction was correct.

Computer espionage will represent the first threat to the economy of many states. The number of targeted attacks against government organizations and private firms is increased in every country. State-sponsored hackers and cyber criminals mainly targeted critical industries like the energy and IT.

The number of attacks is continuing to grow and, as predicted, the economy of a cyber-attack continues to advantage threat actors. A limited budget could be sufficient to cause serious problems to any organization, and consider that this year we have assisted also to a number of attacks conducted by well-funded group of hackers. The prediction was correct.

New exploit kits specifically developed to compromise mobile platforms will be available in the wild.

Android is the platform most targeted by criminals that exploited a number of critical vulnerabilities discovered by experts in the last 12 months. During the last year, several criminal groups and hackers offered numerous exploit kits in the underground, mainly focused on Android mobile devices.

The prediction was correct

Cybercrime will continue relentlessly to increase its profits despite the effectiveness of operations by major intelligence and law enforcement agencies.

Unfortunately, despite the great effort of law enforcement new operators are joining to the criminal underground. Model of sale like crime-as-a-service are attracting also the organized crime sustaining the rapid growth of cyber-criminal syndicates. The fraudulent activities are increasing, especially the ones that involved operators in the principal dark nets.

The prediction was correct

The number of cyber-attacks against devices of the Internet of Things will rise inexorably. The number of attacks against IoT devices is increasing. I predicted a rapid growth also for malware specifically designed to infect such categories of systems. IoT devices are actually deployed worldwide and are easy to locate, in many cases they present a lack of security by design and have a poor security configuration.

Wrong settings were the principal cause of successfully attacks this year, so I consider my prediction partially correct.

Point-of-sale (PoS) malware will become one of the most common method of stealing data and money. This prediction was unfortunately correct because POS malware are the privileged instrument to compromise Payment systems. Malware authors have concentrated their efforts in the development of new evasion techniques and code obfuscation techniques making hard the detection of the malicious code. The number of security breaches suffered by firms in retail and hotel industries is increasing.

The prediction was correct.

Cloud services under attack. iCloud, Google Drive, DropBox and other cloud services are becoming a privileged target for both cyber criminals and nation-state hackers.

In several circumstances, threat actors have targeted cloud services to steal sensitive data. But probably the most clamorous incident is the hack of the cloud accounts of a number of celebrities, the incident was dubbed The Fappening.

Also in this case the prediction was correct.

Prediction Result

New actors will overlook the scenario of cyberwar and Information warfare

The number of cyber-attacks against private companies and operated by criminal crews will continue to increase.

Computer espionage will represent the first threat to the economy of many states

New exploit kit specifically developed to compromise mobile platforms will be available in the wild.

Cybercrime will continue relentlessly to increase its profits despite the effectiveness of operations by major intelligence and law enforcement agencies

The number of cyber-attacks against devices of the Internet of Things will rise inexorably.

Point-of-sale (PoS) malware will become one of the most common method of stealing data and money.

Cloud services under attack

2016 – Predictions

The criminal practices of the extortion will reach levels never seen before. Cyber criminals will use threaten victims with ransomware and DDoS attack in an attempt to extort money to stop the attacks or to allow victims to rescue the locked files. Ransomware will be used to target IoT devices like SmartTV, wearables and medical devices.

The year of the criminal-as-a-service. Criminal syndicates will look with increasing interest to cybercrime as an opportunity to differentiate different illegal activities.

A growing number of threat actors will offer their products and services to the organized crime causing a significant increase of illegal activities and the born of well-founded criminal crews.

An international joint effort to fight the cybercrime

We will see greater collaboration between intelligence and law enforcement agencies of different countries in the fight against cybercrime. The only way to stem the rise of cyber-criminal activities is to cooperate and establish a legal framework which is shared in an international context.

Goodbye to passwords

The numerous data breaches observed in the last years urge a new approach to the authentication problem. The authentication process must be efficient and have to improve the user experience. A growing number of organizations will begin using authentication methods based on alternative technologies, including biometric, geolocation, Bluetooth proximity and behavioral analysis.

Cyber espionage will be the most serious threat for governments and private businesses

In 2016 cyber espionage attacks would increase in frequency and become sophisticated. Nation-state actors and well-funded hacking groups will conduct stealthier espionage campaigns with a significant impact on the global economy.

Threat actors will conduct cyber-attacks relying mainly on the darknets and adopting even more sophisticate evasion techniques. We will assist to an increment of cyber-attacks exploiting zero-day exploit to breach the target systems.

New trends for payment frauds

The point-of-sale system frauds and counterfeit credit cards will reduce thanks to countermeasures adopted by the financial institutions, such as the diffusion of EMV cards and the adoption of digital wallet solutions.

As a result, we will assist with the increase of Card-Not-Present (CNP) frauds, new payment technologies such as mobile wallets will introduce additional opportunities for credit card theft and frauds.

Expect a growing number of attacks on third-party payment applications that link to accounts at the financial institution.

The US elections will be exploited for new hacking campaigns

Social media are a primary communication method for politicians, the online activity will be intense in the period before the elections and cyber criminals and nation-state actors will try to exploit the event to launch cyber-attacks.

Hackers will exploit the event to spread malware and compromise computers of a large number of people. Expect lures made to look like political party or candidate email, explaining their program or advocating an online petition or survey on election issues.

There is also the risk that state-sponsored hackers will run spear phishing attacks and watering hole attacks in order to compromise machines of specific individuals or groups.

The Internet of Things under attack

The number of cyber-attacks against systems belonging to the category of the Internet of Things will continue to increase. These smart objects will be targeted to steal sensitive data but also to abuse their resources and involve them in cyber-attacks.

The lack of security by design and poor security settings will be the principal reasons of success of the attacks that will target IoT devices next year.

Commercial crimeware kits will continue to represent a privileged weapon for hackers

Exploit kits, like the notorious Angler Exploit kit will continue to be a privileged choice for attackers that exploit it to compromise users' machines. Hackers will exploit the huge number poorly configured websites to host malicious exploit kits and serve malware.

The number of cyber-attacks will continue to grow almost in every industry. Once again, healthcare, energy and financial will be the sectors most targeted by cyber criminals. SMBs will become a bigger target for cybercriminals because they lack the security budgets of large enterprises.

SMBs are more vulnerable to hacking attacks that can easily compromise their systems and steal sensitive information.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

We just have to wait until next year to see what will happen!

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.