This is the first in a series of posts about what security experts think will happen in 2016.
2016 is right around the corner, and with it is a new year of unknowns just waiting to be discovered. Some people make resolutions about what they should do in the New Year to improve their lives. Others use it as an opportunity to reflect on what’s happened during the outgoing year. Many will do both.
F-Secure’s Chief Research Officer Mikko Hypponen spends much of his time looking forward, trying to anticipate what’s going to happen so that the team at F-Secure Labs is prepared to meet tomorrow’s threats. Here’s a glimpse of some of the things that Mikko thinks will define cybersecurity in 2016:
“Bitcoin value will rise to close to $1000 by the end of 2016, re-fueling criminal interest in botnet attacks using Bitcoin.”
Bitcoin is a virtual currency that has really taken off in comparison to other virtual currencies, but it has unfortunately attracted interest from online criminals. Mikko has pointed out in the past that Bitcoin offers criminals an extremely easy way to make transactions without exposing themselves to law enforcement or authorities, so the value of this virtual currency has ramifications for the kinds of online threats facing people and organizations.
“We will see recalls of consumer products not because of safety issues, but because of security issues (the Internet of Things).”
This is another topic Mikko has spoken about before, and has even gone so far as equating “smart” with “exploitable”. The Internet of Things (IoT) is an exciting new way to use Internet-connected technologies, and so it’s attracting interest from a wide variety of manufacturers creating a wide variety of new devices. But the downside of this is that many of those vendors have very little experience in building devices to be secure – a topic F-Secure Director of Product Management Mika Majapuro explored at length in this recent blog post. So even though F-Secure is already helping people prepare for these problems, we should all expect to hear more about the security shortfalls of IoT devices more in 2016.
“The unknown attacker behind the infamous Ashley Madison case will be caught and prosecuted.”
The infamous Ashley Madison hack that occurred earlier in the year highlighted how corporate cyberattacks can threaten people’s privacy. The hack, which saw the data of as many as 36 million people stolen from the dating website, was particularly notorious given the importance of privacy to the site’s users. Even though it was the company behind Ashley Madison that was targeted, they seem to have managed to benefit from the publicity the story generated. It’s the users who suffer the most from these attacks, as Hypponen reminded everyone during an interview with Bloomberg.
A group called The Impact Team has claimed responsibility for the attack, and according to the BBC, they were created specifically to go after the infidelity website. However, in an email interview with Motherboard, the group claimed to have plans to remain active in the future. We’ll see if they carry out their plans in a way that gives the authorities an opportunity to bring them to justice.
Mikko also thinks that “a major bank will announce that their internal systems have been hacked”, which may be one of the worst case scenarios that we could expect to occur during the coming year. But it’s well within the realm of possibility. A 2015 report from PricewaterhouseCoopers identifies financial service providers as “major targets”. And even though many banks take cybersecurity seriously, attackers are still able to find ways to get through. JP Morgan, one of the largest banks in the US, had data about as many as 83 million customers stolen in 2014. Some of these perpetrators were brought to justice last November, but it would be naïve to expect this to be the last security incident that involves a major bank.
In less than two months, the world has seen the two biggest ransomware outbreaks ever…
July 7, 2017
UPDATE: For the latest on Petya, check this F-Secure Labs post. Are we still calling…
June 28, 2017