2015 was not a good year for IT security in general, many breaches in large corporations and large amounts of personal data was leaked. I believe we are going to see a rise on such events in 2016. Ive put together a list of my 2016 cybersecurity predictions, as to where we will see new trends emerge and threats in the coming year.
A rise on Cyber-Terrorism
We will be seeing a rise on cyber-terrorism, as its an inexpensive weapon with a high damage output. Two of the most important advantages of cyber attacks are that they can be done remotely and at high anonymity. Looking from the perspective of the target, such attacks are costly for the other side. For example DDOS mitigation services are not cheap at all. Data leaks of personal information from government employs and other officials will put their safety at risk.
Website defacement’s are also a way that they can cause disruption and get their message to the people visiting the website. It could from recruiting material to even shocking videos in order to provoke fear and intimidation of the viewers. One thing is for sure we will see terrorist groups get more aggressive on in the field of cyber-terrorism.
Weaponization of domestic drones and the beginning of stronger regulation on them
Drones have hit the market and their sales are booming, tons of colors and sizes to choose from and all packed with tons of features.. Drones are open to modifications and in most cases their API is also available for developers. Some of the current models are capable of being controlled from 1.2miles away (2km).. If we look closely and understand the real drones potentials we will understand that they can be easily tampered with to be made into a remote weapon or a spying drone capable of video and audio recording.. They are untraceable and can be operated from great distance. All these are serious issues which raise security and privacy concerns.
As everything shows, drones are here to stay. I suspect in 2016 we will see stronger regulation on them and possibly from the manufacturers part. I certainly hope for a different approach from the current “register your drone”, which very few have done and with no validation of the authenticity of the data provided for the drones registered.
No legal documents are required for registering a drone in the USA. You only need an e-mail and a credit card in order to pay the 5$ registration fee and to “pinky swear” and accept an agreement given that your info is accurate and that you will fly your drone according to the FAA’s safety guidance list.
Online extortion and blackmail attacks on multiple industries and services.
The recent data breaches from many industries including websites you wouldn’t want others to know you were on *cough* ashley madison hack which has resulted into at least 3 suicides. Confidential, medical information was leaked from healthcare services, CareFirst Blue Cross – , and the anthem inc breach , along with Japans pension system. These are just some of the more noticed breaches of 2015 along with many more which have either not been publicly announced or not noticed yet.
Division between strong encryption and national security
In the recent terrorist attack in Paris on Nov. 13 it is said that the extremists were using encrypted messaging apps to communicate, which could not be intercepted by the law enforcement or government agencies. Such divisive topics are wrongly presented, it is not a war between encryption vs security as some think. Many have suggested that backdoors should be added in messaging applications and social networks for government and law enforcement agencies to have access to. This is a bad approach as these backdoors can be used by anyone who discovers them, including bad guys. One thing is for sure, backdoors are definitely not the answer.
Mobile payment services will be targeted
With the rise of mobile payment systems and their rapid acceptance, they are indeed a lucrative area for hackers to target. We will likely see attacks targeting wallet apps like Apple Pay, Google Wallet, Square Wallet, etc. In order to spoof your payment data and identity.
Automobile hacking and tampering
Automobile hacking and tampering is a trending hot topic as its something “cool” which we could never imagine was possible with older cars. There was of course the old school hacking classic, the cutting or tampering with the brakes but nothing as sophisticated as today’s methods. I am certain we will see automobile manufacturers make the security of their vehicles a golden selling point. For some who will neglect it, it will be a weakness which will hurt their sales and brand reputation.
You probably shouldn’t be worried as car hacking is not similar to computer hacking. Meaning that such attacks require many factors in order to be performed, such as the vehicle to be connected to the internet and also have a bug which can be exploited. In short, you need to be a great target for someone to go all that way.
We have seen cryptoware in windows with the notorious (CryptoLocker, Reveton, Cryptowall) Mac OS X (Mabouia, posing as FBI ransomware, phony tech support ransomware) and even on Linux (Linux.Encoder.1 and Ransom-C).
We have seen signs of mobile ransomware targeting the Android OS in 2015. But the mobile ransomware is a market which has not been tapped out yet. A rise is expected within 2016, targeting mostly Android devices. Most of them spread through pirated content and adult websites which have the highest download rate of such .apk files and other miscellaneous downloads.
Rise in piracy
The financial crisis has pushed people towards cuting down expenses and finding alternative ways to get their favorite song or game for free. So we will see a rise in piracy, in all fields from music, games, software, scripts, themes. Consequently, a rise on the amount of infected computers due to the malware many of those sites are packing the shared files.
No sight of regulation on cryptocurrencies in the EU
Cryptocurrencies have caught the attention of the EU and concerns have risen around them, especially after the latest attack on Paris. Some believe we might see some form of measures taken against virtual currencies. but I highly doubt it.