Around this time every year, leaders from across industries sit down to reflect on the trends they have seen over the course of the previous months and how these developments might shape the year ahead. At LogRhythm, it’s our annual tradition to publish cybersecurity predictions on the things that we believe will shape our space over the next 12 months.
In addition to releasing our 2021 cybersecurity predictions this year, we also decided to look back at the last four years of our cybersecurity predictions to see what we got right. In part 1, we are exploring 2016 and 2017. Stay tuned for Part 2 on 2018–2020.
2016 Cybersecurity Predictions
Take a look back at our 2016 cybersecurity predictions here.
Prediction: An Uptick in All-in-One Home Surveillance Systems
We are seeing more motion sensing, camera, and recording devices in the home that can be managed through personal devices. This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.
It didn’t take long for this to turn from a prediction to reality. In January 2016, security researchers announced Comcast’s Xfinity home security products had a flaw that would open the door for an attacker to fool the system into thinking that doors and windows are secured. Then, in 2017 it was revealed that home security system maker iSmartAlarm failed to patch several security flaws after they were privately disclosed to the company months before, which gave bad actors the ability to disable users’ home alarms remotely. More recently, a man hacked a baby monitor and began talking through it in 2018, and in 2019 hackers breached Ring home security cameras in at least four states.
Prediction: A Rise in the Use of Mobile Wallet Apps
Like having virtual money and an ID in one’s pocket, mobile wallet apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is directly tied to one’s mobile phone, which is a critical access vector for cyberthreats.
In May 2016, Wells Fargo announced the launch of its mobile wallet services. By 2019, Venmo had 40 million users, outnumbering most big banks, and demonstrating a significant rise in the use of mobile wallets. As we have learned, a major rise in the use of any technology will draw hackers’ interest. In April of this year, security researchers discovered Android malware called EventBot that targets banking apps and cryptocurrency wallets.
Prediction: Identity Access Management: The Unsung Hero
Companies will be investing more money and R&D resources in behavior-based modeling, analytics, and identity access management to track behaviors.
In 2017, Forrester predicted the identity access management market would surpass $13 billion by 2021. Google extended its identity and access management services to developers and legacy apps in 2018, signifying a rise in the need for identity access management as companies’ security environments increase in complexity. This technology has never been more important than in 2020 as remote work (and the security challenges that it brings for companies) continues.
Prediction: The Next Big Attack Target: Education
This industry has a plethora of data that cybercriminals want — credit reports, personally identifiable information (PII), donor money, and tuition. And these institutions are not doing an adequate job of securing all their systems. Add to that the myriad “customer” — professors, students, parents, administrators — and you have magnified the attack vectors exponentially.
We began to see education cyberattacks increase in 2016, including breaches at Oxford School District in Mississippi, which was forced to shut down all of its servers, and the University of Calgary, which paid a $20,000 ransom in untraceable Bitcoins to hackers after critical systems were taken offline. Ransomware attacks in education continued to target schools in 2017, and Verizon’s Data Breach Incident Report called out the education sector as a top target, noting that they “haven’t seen the prevalence of attacks we’ve seen in education until this year.” This issue has only grown over the last four years. Things reached a fever pitch in 2020 when remote learning made education systems an even more appealing target.
Prediction: Emergence of Hacking for Good
More organizations, like Anonymous, will be leaving the dark side and hacking for the public good. They are more motivated by the notoriety and publicity on social media than for financial gain. Teens are learning to program on their own; high schools are introducing technology and coding to get this generation aware of and more proficient in this industry. Younger generations are finding coding and programming cool. This is the next-gen workforce that we hope will continue to want to positively impact society.
In 2016, the term ethical hacking began being used more in the media to describe a growing interest in leveraging these “white hat hackers” within businesses and governments. In November 2016, Oakland University announced an ethical hacker course, and other educational institutions such as Hacker High School gained media attention. BetaNews declared ethical hacking would be the top job of 2017, and a study from the National Crime Agency in the UK confirmed our belief that younger generations are motivated by morality versus money. In more recent years, people as young as teenagers have made over $1 million through ethical hacking. Ethical hackers even played an important role in protecting the 2020 U.S. elections.
Prediction: Next Steps for CISA, Open Sharing of Threat Intelligence
Critical infrastructure will emerge as more companies in various sectors, such as energy, financial, and healthcare, join in.
Threat intelligence sharing underwent a major transformation in 2016 with the Cybersecurity Information Sharing Act becoming law. Technology companies began offering security solutions founded on this concept. We even saw countries agree to share intelligence in situations like the threat posed by North Korea’s missile and nuclear activities.
Prediction: Ransomware Will Gain Ground
The ransomware-style of attack is powerful and expanding into Macs and mobile devices, making it easier to target consumers. Criminals can gain big profit by locking down an entire system; victims have no choice but to pay. Although consumers are ripe for the picking, businesses are not immune to this approach.
Ransomware didn’t just gain ground in 2016, it became the biggest cybersecurity threat. By 2017 mobile ransomware attacks had risen 250 percent, and the U.S. was the hardest hit as ransomware became a $2 billion-per-year criminal industry. Presently, businesses face an even greater increased ransomware risk as bad actors seek to take advantage of disruption fueled by COVID-19.
Prediction: Vendors Will Need to Step Up
Despite the running list of breaches, many companies still do not have an adequate security infrastructure to defend themselves against cybercriminals. We cannot rely on consumers to know how to protect home systems. It is up to the security vendors to build better software, systems, and patching mechanisms, as well as offer training and services to protect people, companies, and their assets.
In the wake of the increased security threats brought on by COVID-19, many companies, LogRhythm included, have released training courses and other materials to help employees working from home navigate the evolving threat landscape. Not only do these programs benefit employees, but they also help educate the larger tech ecosystem on industry best practices.
2017 Cybersecurity Predictions
Take a look back at our 2017 cybersecurity predictions here.
Prediction: There Will be an Overt Cyberattack from a Nation-State
The public nature of this action will force the hand of NATO, the UN, or the U.S. government to retaliate — whether they choose to do so remains to be seen. This will lead to an increased focus on offensive cyber capabilities and will bolster the demand for cyber weapons. Countries with limited capabilities might choose to purchase cyber weapons on the black market. Countries could covertly arm their allies with cyber weapons and encourage disguised attacks on their enemy.
In July 2017, officials announced Russia was behind the “NotPetya” virus cyberattack that began in Ukraine and spread to public and private institutions worldwide. It was also revealed that the cyberattack on the US electoral system before the 2016 election was far more widespread than previously thought. Iran was also a major player. The U.S. warned allies that Iranian hackers had laid the groundwork to carry out widespread cyberattacks on U.S. and European infrastructure and private companies in July of 2018.
Prediction: Portions of the U.S. Power Grid Will be Shut Down
Critical infrastructure is a target for nation-state threat actors. Our infrastructure networks are becoming increasingly connected through IoT and internet-aware sensors. With this new-found connectivity, an attacker could compromise the critical infrastructure directly or by using their network and devices to attack others.
The first-ever U.S. grid cyberattack occurred in March 2019 when remote hackers meddled with California, Utah, and Wyoming’s grid networks. The incident lasted nearly 10 hours but did not result in a power outage. In early 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) issued an alert warning of potential cyberthreats to companies operating critical systems after a ransomware attack occurred to an undisclosed “natural gas compression facility.” CISA and the National Security Agency also issued a warning about foreign hackers attempting to target U.S. critical infrastructure through internet-connected operational technology (OT) assets in July.
Prediction: The Use of Fake News and Psychological Warfare in the Media Will Rise
In 2016, we saw the rise of fake news and the use of social media as a vehicle for delivery — quickly causing the public to question the legitimacy of news sources. We also saw major media outlets using psychological operations (PSYOPS) techniques during the U.S. election to sway public opinion. As the battle between legitimate and fake news continues to heat up in 2017, we fully expect some level of retaliation that could lead to a major media outlet being taken offline.
While a major media outlet was not taken offline, the prevalence of fake news is very well documented in 2017 and beyond. A set of studies from the University of Oxford in 2017 highlighted how social media such as Facebook and Twitter is being leveraged to manipulate public opinion around the world using bots and fake accounts. By 2019, the University of Oxford found that the number of countries with political disinformation campaigns more than doubled to 70 over two years.
Prediction: Ransomware Gets More Personal with the Rise of Mobile Ransomware
Attackers will leverage ransomware to target personal and mobile computing devices. For example, attackers could hold incriminating photos or information from a politician, a celebrity, or any individual with a high valued personal brand until a ransom is paid.
In July 2017, researchers at McAfee discovered LeakerLocker, a new type of ransomware that threatens to leak phone and email contacts if victims do not comply versus encrypting files. As highlighted above in our prediction about ransomware gaining ground, mobile ransomware increased by 250% in 2017. Presently, hackers are leveraging the COVID-19 pandemic to create fake tracing apps and other deceptive measures to infect mobile phones.
Prediction: President Trump’s Twitter Account Will be Hacked
President Trump’s personal Twitter account is too easy and enticing of a target for it not to be hacked. Hacking accounts on Twitter is a pretty frequent occurrence. What better way to damage the credibility of the President of the United States of America than to break into and use his own mouthpiece against him?
In October of this year, a Dutch researcher claimed to have gained access to President Trump’s Twitter by correctly guessing the password. While Twitter claims there is no evidence that the account was hacked, the researcher reportedly hinted that he might have “left breadcrumbs behind proving he accessed the account.”
In Summary: 2016 & 2017 Were Good Years for Cybersecurity Predictions
Bad actors were quick to take advantage of and exploit the uncertainty of 2020. As we head into 2021, organizations must make sure that they have the appropriate policies and strategies in place to identify and respond to the increase in cyberthreats and fill the new security gaps that exist within a remote workforce. Stay tuned for our recap of 2018–2020. And for more about what companies should be watching for, check out our 2021 Cybersecurity Predictions here.