This is the ninth in our series of cybersecurity predictions for 2016. Stay tuned for more through the end of the year.
As 2015 comes to a close, it’s time to look ahead to next year and consider the sorts of changes we can expect in the threat landscape. Predictions of this nature are almost always based on two main factors:
- Continuation of a trend we’ve seen in the current year leading to small incremental changes.
- A significant shift away from the status quo based on a technological, cultural or political change that is underway.
Predictions based on continuing trends are highly likely to come true, while those based on significant shifts are more uncertain. Reluctant prognosticators, like myself, prefer to rely on data rather than speculate broadly about the future, but that doesn’t lead to very interesting predictions. So, this year, I’m going to split the predictions into two sections: “sure things” and “long shots” – and spend more time on the latter.
Based on the patterns I’ve seen in the last year, the following are “sure things” in 2016:
- There will be more mobile malware, and most of it is going to both originate in and have the most impact in China. If you look at some of my team’s discoveries in 2015, you’ll see that China is a hotbed of mobile security research and attacks.
- Attackers will continue to deploy ransomware for financial gain, and they will become increasingly specialized. In 2015 we saw widespread infections from ransomware, which encrypts files and demands a ransom for their safe return. Next year I expect attackers to use this technique in more specialized attacks, targeting high-value files and demanding ransoms much larger than the typical $500-700 we see today.
- Human beings and their passwords will continue to be the weakest link. Malware and exploit code are common attacker tools, but they aren’t always necessary to successfully accomplish a task. At some point in almost any major network breach, a human makes a mistake (clicks a link, opens a file, etc.) and that person’s password is captured and used for malicious purposes. This trend is not going away unless something significant changes in the world of passwords (See: Long Shot 2).
Now that the easy bets are out of the way, let’s move on to predictions that probably aren’t better than a coin flip but will be more interesting for you to discuss with your colleagues at the water cooler.
Long Shot #1: A cyberattack will impact the 2016 presidential election
While U.S. citizens don’t vote online (like Estonians), there are many ways that a cyberattack could impact the outcome of the election either directly or indirectly. For example:
- An attacker might release embarrassing information about a candidate at a critical junction, swaying public opinion or forcing that person to exit the race. Releasing private email messages, photos or documents could be very damaging and could be accomplished using a simple phishing email.
- A candidate’s social media account could be hijacked to spread false information about a candidate.
- A major news source could be hijacked to display false information about a candidate’s view.
- Voting machines are far from immune to attack, but I suspect this is the least-likely way the election will be impacted.
The impact on the election may not tip the scales in the favor of one candidate or another; but, between now and November 4, the political process could experience a significant cyber “nudge.”
Long Shot #2: Multifactor authentication will become common and expected
Passwords are the keys to nearly every lock on the Internet, yet attackers steal them every single day. Authentication systems that require only a username and password for access are known as “single factor.” “Multifactor” authentication systems require an additional form factor, typically something you “have” (a token) or something you “are” (biometrics.) These additional factors are most-often used by systems that require higher levels of security; but, in 2016, they may finally make it to the mainstream.
The most common form of two-factor authentication (2FA) in place today involves tokens that generate random numbers every 30 to 60 seconds. These are either physical tokens, which you might attach to your keychain, or software tokens installed on your smartphone. They are offered by a multitude of companies, sometimes for free, and offer an excellent mechanism to prevent a simple password theft from resulting in an account compromise. In other cases token 2FA systems are replicated using SMS messages that contain the token code and offer a similar level of protection. Companies across nearly every industry offer 2FA options, but some still lag behind.
How often do you use a fingerprint reader? If I’d posed this question at the end of 2014, a small number of people may have said occasionally, but very few, daily. With the addition of fingerprint readers to the iPhone 5S (announced 3 years ago) and many more smartphones since, this technology has begun proliferating widely, and I suspect many readers have a fingerprint reader in their pocket right now.
At the moment fingerprint readers are mostly used as a convenient way to avoid typing a pin code. Fingerprints generally should not be used as a primary form of authentication (you leave fingerprints everywhere); but, as these devices become ubiquitous, they will offer a two-factor opportunity that was not previously feasible at scale.
While biometric authentication is unlikely to become ubiquitous in 2016, demand for 2FA options will force more and more companies to support token-based systems and some will require 2FA to keep their users safe. Widespread adoption of 2FA would be one of the greatest blows the security community could deal to cyberattackers around the world.
Long Shot #3: Data destruction and modification take center stage
Data theft is always in the headlines. Organizations are breached, and attackers steal private information for their own benefit. Of course, “theft” isn’t the only action an attacker can take once they enter a network. Some attackers destroy log files or modify records to cover their tracks, but what about those who have no intention of stealing information in the first place?
Director of National Intelligence, James Clapper, recently stated that he expects the next wave of attacks to manipulate or delete data, rather than just steal it.
A data destruction attack, like the Shamoon malware attack against Saudi Aramco in 2012, could temporarily or permanently shut down an entire organization. Viewers of Mr. Robot (I highly recommend it.) will note that the fictional attack that plays out in the first season is all about destroying the financial records of a major corporation to erase debt and throw the financial system into chaos.
Subtle data manipulation attacks are much less common (or less publicized). Students break into school district systems to change their grades, but this likely isn’t the type of attack that worries General Clapper. The OPM breach disclosed earlier this year is a more likely concern. Modification of OPM records could be used to help someone gain, or to be denied, a top-secret security clearance.
While I don’t expect these types of attack to surpass data theft in volume, we may find that the top cyberattack headline of 2016 isn’t about how many records were stolen, but how many were silently modified or deleted.
Want to explore more of our top 2016 cybersecurity predictions? Register now for Ignite 2016.
[Palo Alto Networks Blog]