Information Security Predictions for 2017 – How Did We Do?

Around this time every year, we dust off our crystal ball, pull out the casting runes, and ruminate over what might happen in the world of Information Security in the year to come. While we are gathering information for our 2018 predictions, we decided to reflect on our 2017 predictions to see how we did.

1. There will be an overt cyberattack from a nation-state.

The difficulty with nation-state cyberattacks is that no one seems to want to confirm the attack source. However, in 2017, we saw multiple examples of true nation-state cyberattacks:

Russia attacking Ukraine

Russia attacking the US

North Korea attacking the US and South Korea

2. The Internet will be shut down for up to 24 hours.

This prediction got a lot of reaction! Our original prediction was based on the attack on DYN DNS and the realization that large parts of the global internet are subject to both cyberattacks and even accidental damage. Looking back, maybe it was a matter of scale. In 2017, we witnessed large parts of core internet structure shut down by accidental and/or non-malicious activities, including:

Level 3 inadvertently taking down parts of Comcast, CenturyLink, and other providers

Pakistan blocking access to YouTube for two-thirds of the world

AWS going down for four hours

3. Portions of the U.S. power grid will be shut down.

Maybe we didn’t get this one quite right, but 2017 showed us that the U.S. power grid is and continues to be a major concern. Some power grids did take major hits, including:

New York City and San Francisco both lost power

Puerto Rico struggles to recover their power grid after Hurricane Maria

The entire country of Tanzania loses power from a technical glitch

4. The use of fake news and psychological warfare in the media will rise.

Although it is hard to quantify “rise,” the term may have been too modest for the explosion of “fake news” and media manipulation that we witnessed. “Fake news” is a now high-ranking term on google trends, with the largest spikes in January, June, and October. We’ve also seen numerous accusations of paid human action and/or bot net manipulation of both regular media and social media outlets:

Online Freedom assessment

Guardian report on Facebook and Twitter influence

Newsweek report on fake news, trolls, bots, and media manipulation

5. Ransomware gets more personal with the rise of mobile ransomware.

Ransomware took a turn in 2017, but it wasn’t necessarily to mobile devices. Instead, we saw that classic ransomware is far from dead, as made clear by massive outbreaks, such as WannaCry, NotPetya, Bad Rabbit, Locky, and many others:

TechRepublic’s top 10 ransomware attacks so far

Hacker News coverage of Bad Rabbit

6. President Trump’s Twitter account will be hacked.

Although President Trump’s Twitter account was the source of much media attention in 2017, we do not believe it was hacked except for a Twitter employee temporarily shutting down Trump’s account. This isn’t to say that other famous twitter accounts weren’t compromised:

HBO

Real Madrid

A 3rd party app attack compromises hundreds of accounts

While some of our predictions were more accurate than others, one thing was made clear in 2017—cyberattacks are not only not going anywhere, they’re also getting bigger and badder. With nearly half of Americans’ personal information being exposed through the Equifax breach this year, and the expansion in the number (as in all) of Yahoo account user’s login information having been originally compromised, we have yet to experience the full repercussion many of these nefarious attacks can have.

What will LogRhythm Labs forecast for 2018? Stay tuned for next year’s predictions!

Detecting Petya/NotPetya Ransomware

A Technical Analysis of WannaCry Ransomware

Mamba Ransomware Analysis

10 Security Predictions for 2016

7 Home Network Security Tips

Security Awareness: Taking Advantage of Opportunity