What are your 2017 infosec predictions?

Published: 2016-12-20
Last Updated: 2016-12-20 22:09:04 UTC
by John Bambenek (Version: 1)
6 comment(s)

It's that time of year again where the technical press starts running security prediction stories for the upcoming year.  I know I've done a few interviews on it already and sure other handlers have as well.  As things wind down for the year, what are your thoughts for what we can expect next year?  Have we hit peak ransomware?  Is election hacking a phase, or will it spread to the upcoming European elections? To what end?  What will be the next big DDoS target that Mirai takes on?

Comment below and let us know what you're thinking will be the "next big thing".

John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

6 comment(s)


I predict that the Mirai code will be modified to gain some more functionality such as data exfiltration from cameras/nas storage, selling the VPN/proxy connectivity to anonymize malicious users, use position of routers to steal network credentials such as HTTP session cookies, encrypt the network shares for ransom.

Linux malware will most probably go the same way as the windows malware to make the analysis harder - so it will start to detect linux sandboxes, encode the strings, resolve the functions dynamically, identify debuggers being used to trace the code.
A private breach will occur that rivals Panama Papers
A government breach will occur that rivals OPM
A Windows patch will be released that causes more harm than the DHCP incident last month that results in Microsoft re-re-thinking their patch strategy

I hate to be so cynical... Let me try for more positive predictions:

Brian Krebs will win a Pulitzer
A leading mainstream media outfit will catch up to the infosec world and publish a story about the growing uselessness of traditional AV
Rob Graham will successfully troll the President of the United States on Twitter
Well played on the Rob Graham troll. ;)

Some of my predictions:

- Several countries will uncover state-sponsored attacks \ assaults originating from their allies, not their traditional rivals.

- Less spams \ scams. More well crafted and tailored spearphishing campaigns, not targeting masses. Could be only for as minimum as one recipient (the right recipient).

- More creative ways to distract purposeful incident response efforts. More practical than DDoS.
My predictions... in no certain order.
Remember... these are predictions. Some I hope I am very wrong on. Others I feel are inevitable.
In any case, if they do happen, I reserve the right to say "I told you so!!!". :-)

- There will be more massive breach "discoveries". DUH!!!
Reasoning: As organizations of all sizes begin to adopt and improve security practices, they will discover more situations where they are or have been already hacked. Inevitably, some of these discoveries are going to be large... er... massive... er... disturbing.

- "Snowden" copy cats will occur.
I assure you, somewhere today, at this very moment, there are individuals already on the inside of government intelligence and security agencies that are in the process of collecting sensitive government information. This will become a worldwide problem, not just the US. It is not clear if any will have the same impact as Snowden, but there will be those who will try for whatever reasoning they can rationalize. Certainly, the espionage risk is always there, but the rogue "whistle blower" image is now popular enough to make movies and fame... albeit fame with legal risk.

- Services that offer federated identity management services will become more prominent. Identity as a service (IDaaS) may be set to become that next powerhouse IT sector. It remains to be seen how these services will look in the future, but the idea of selling IDaaS that has solid identity vetting and authentication integration practices like MFA support may be that next evolutionary step in IT security services. Piggy back on this would be the evolution of IDaaS to be focused on specific industry sectors like healthcare, financial, or infrastructure sectors as a means to prepackage the service to meet the specific needs of the targeted sector.

- Someone will disable a medical device that is maintaining/sustaining life.
With more and more implementation of commonly used (and known to be flawed) subsystem components as part of medical support systems, it is becoming more and more possible for a hacker to unintentionally hack a connected device and disable its operations without knowing what it is really doing. ICS systems may very well be the cause of such an event as well. I pray this doesn't happen, but I have fears it is just a matter of time.

- A university system will implement a required "1st semester" freshman course completely dedicated to teaching user awareness of personal information security.
This course will be mandatory for all students to attend and they must get a passing grade or retake the course. (Ok... this is more of a hopeful prediction, but it could happen very soon).

Have a wonderful holiday season and new year everyone.
I wish the very best for you and your families and loved ones.
I think one of the biggest changes you'll see will be on the defensive side. Mainly, with more emphasis on analysis on volitile memory and automating that process. Yes, there are tools that are at the "tip of the spear", but you will see it come more mainstream. Also, threat hunting won't be such a scary term for some organizations. These changes will force more advanced techniques from our adversaries--not sure what that will look like, but you better polish your incident response plan (myself included)!

Diary Archives