The world’s foremost hackers have given their forecast for the future – and there’s a lot to keep us up at night.
Every year, the Black Hat conference – widely considered an early warning system of problems on the horizon- is held in Las Vegas. It is attended by experts in security and technology; from hackers to corporate and government security analysts.
Many things predicted at Black Hat come to pass. Examples include interference with the U.S. election, Internet-of-Things botnet attacks (which happened with Mirai, shutting down large parts of the internet), and the rise of data weaponization.
Read their four biggest predictions here. Or don’t, if you want what’s coming in the next two years to be a surprise!
The Big Predictions From Black Hat 2017
1. Nation State Attacks Will Rise
World nations have built up an arsenal of cyber-weapons, and they’re looking for excuses to use them – both on their citizens and on other nations.
This was the clear message from security experts at Black Hat. They said we’ve already seen this happen when Sony was attacked by North Korea in 2014, which marked a massive turning point.
A former Department of Defense network security analyst and current director of global cyber risk services at Alvarez & Marsal, Terence Goggin, said government developed hacking tools were like ‘taking a tank to a gun fight’. They couldn’t even be compared with civilian tools.
“You have to think about these types of tools like they’re tanks or some other special weapons: They’re a certain type of tool that’s brought into service when it’s needed and only a specialized few people can even afford to purchase one,” Goggin said.
The situation is so dire that Microsoft’s President and Chief Legal Officer Brad Smith said a digital Geneva Convention should be drafted for these digital weapons of mass destruction. This would “commit governments to protecting civilians from nation-state attacks in times of peace.”
“With the Petya outbreak and WannaCry attacks, you have to consider the fact that nation states are testing their arsenals,” CEO of Reason Software Group, Andrew Newman said. “This stuff is really scary and it was just a proof of concept at Black Hat a few years ago.”
These attacks are already happening in the wild. It may be the newest form of ‘Cold War’ like espionage – indirect attacks with no way to easily point a finger at the perpetrator.
To highlight the concern, a whopping 98% of surveyed attendees felt that corporations should “develop special online defenses to protect their critical data from state-sponsored hacking from Russia, China, (and) other governments.”
2. A Major Compromise of U.S. Critical Infrastructure
A major and successful attack on U.S. critical infrastructure is inevitable, according to the majority of Black Hat attendants, and will occur between now and the summer of 2019.
This is a remarkably grim assessment, considering the attendees include top security agencies (FBI, CIA), government representatives, proxies for tech giants (Microsoft), and an assortment of white and black hat hackers.
Only 26 percent of respondents said felt the U.S. Government and defense forces were equipped and trained to respond appropriately. Unsurprisingly, this ties into the issue that many believe will come to the fore in the next few years – nation state actors.
The survey also found:
- 69% of IT security professionals believe that state-sponsored hacking from countries such as Russia and China has made US enterprise data less secure.
- Only 26% of information security pros believe that the new White House administration will have a positive impact on cybersecurity policy, regulation, and law enforcement over the
next four years.
- About two-thirds of respondents think it’s likely that their own organizations will have to respond to a major security breach in the next 12 months. Sixty-nine percent say they don’t
have enough staff to meet the threat; 58% believe they don’t have adequate budgets.
3. The Internet-of-Things (IOT) Is A Big Problem
It’s not a big surprise, but security experts and hackers alike are still warning about the massive threat that the IoT poses. Insecure IoT devices were the main cause of the Mirai botnet, which shut down large portions of the internet.
Mirai was much like WannaCry – it brought an issue to the fore and made people who hadn’t been paying attention finally start to take notice.
There are some efforts by companies such as IBM and Microsoft starting to build more secure IoT platforms. However, it’s not the big companies that are the problem, according to Black Hat attendees.
It’s the vast number of cheap internet-connected devices on the market. Lots of companies are flooding the market with ‘smart’ toasters, locks, cameras and coffee pots, and the end result is overwhelmingly ‘dumb’.
To prove this point, The Atlantic conducted a study late last year. It built a fake “smart toaster” with some AWS server space, and loaded it with the OS and software typically found on a smart device. They wanted to see how long it took before the toaster was hacked.
The result? On the first run, it took under an hour. After ten hours had passed, the “toaster” had been hacked almost 300 times.
4. The Rapid Increase of Ransomware Is A Big Deal
The rise of ransomware over the last 12 months isn’t all in your head. Ransomware was cited as “the most serious new cyberthreat to emerge in the past 12 months” by 36% of respondents.
Other threats these security experts flagged were social engineering ‘spear phishing’ attacks (19%), sophisticated malware that can circumvent current defenses (16%), and the possibility of a major data leak from a trusted third party (12%).
While ransomware as a threat isn’t exactly news, the fact it is rapidly growing and getting worse is. The majority identified that end users were the greatest current weakness in today’s IT environment – specifically ones who violate security policy and “are too easily fooled by social engineering attacks” (56%).