One of the most exciting aspects of belonging to a research group like the Trend Micro Forward-Looking Threat Research (FTR) team is practicing the intellectual exercise that is predicting the future. We can’t know what will happen but, with the data we have in hand, we can make educated guesses. We can predict the future. This intellectual exercise is what we refer to as the “FuTuRology” project.
“FuTuRology” started as a thought exercise that tries to tackle the future of the healthcare industry and how it might evolve to be susceptible to attacks. We realize that this exercise can also be applied to other critical industries like transportation, science and technology, agriculture, and more.
This is the first in a series of “Futurology” blog posts tackling the business of predicting threats in popular technologies. We will go deeper into the healthcare subject in our next entry but today we will focus on the prediction business.
Sounds good? Let’s go for it.
Prediction and “Black Swans”
To predict future attacks, we need to know how existing technologies are going to evolve. We know that the bad guys will go wherever the users are. In the Trend Micro security predictions for 2015 and beyond, for instance, we predicted how cybercriminals will uncover more mobile vulnerabilities based on their present interest in the platform. Halfway into the year and this has proven to be true with the emergence of the Samsung SwiftKey, Apache Cordova, and other vulnerabilities.
We have lots of hints and clues as to what is happening in the information security world, but sometimes, “black swans” manage to surprise us. By definition ‘black swans’ are unpredictable events so groundbreaking that, when they happen, cause an unexpected quake in our particular framing of the world and shake its very intellectual foundations. Black swans happen every now and again and make us think—uselessly—how we could have predicted they were going to happen (hint: we couldn’t have).
Let me give you some examples. There are the zero-day vulnerability worm attacks that plagued the net in 2003. We had known about vulnerability exploitation for many years before then but we still were surprised by Blaster in August 2003. How about the motivation shift from home-brewed academic viruses to professional crimeware back in 2001 and 2002? We could have predicted it. One could argue that we should have predicted it and yet, we were all caught by surprise by the new paradigm.
A Closer Look at Motivations
Speaking of motivations, it’s a basic fact that defense follows attack. We need to look at attackers and their motivations in order to guess what their next steps will be. These have been fairly stable since 2001 and 2002; it’s mostly cybercriminals trying to make a quick buck from innocent internet users. This is pretty obvious, but we need to look a bit further out. In order to make money, cyber thieves have secondary goals and that’s what we have to look for when trying to predict the future of the threat landscape.
- Abstract Assets
Cybercriminals mostly target user credentials but they also aim at other resources they can get their hands on, such as processing power, bandwidth, stored data, etc. Taking those abstract assets as possible criminal targets allows us to consider new attack avenues we haven’t even seen yet. How about targeting specifically the victim computer’s processing power? We have seen this happen with Bitcoin mining but there are more possibilities, from crowdsourced brute-force decryption services to prime-number derivation at a massive scale or even selling computing power as a service. These are just examples, of course.
And all this is for moneymaking attackers but we have also hacktivists (seeking destruction for political reasons or ethical disagreements) and attacks between organizations (trying to get a strategic or tactical advantage over their perceived enemies). In these two cases we have cyber-terrorism and cyber-war – as the media likes to call them.
In addition to those, there are all sorts of motivations that aren’t so clear-cut. We’ve seen journalists using hacking techniques to get their stories, politicians attacking their opponents’ infrastructures and ruling political parties polluting the twitter feeds of their political opposition. In short, monitoring attackers’ motivation drivers is a prediction field on its own.
The Future of InfoSec
The current attitude is worrying in that hacking seems to be viewed now as fair game. The moment that malware-writing becomes mainstream and not just underground merchandise, we can expect a new trend of malware attacks with all sorts of new adversaries playing this increasingly-muddled game. Then, predicting where the next threat might be coming from will become much more important.
Isn’t this exciting or what?
With “black swans” and motivations in mind, we will keep looking inside our particular crystal ball to predict the future of technologies and how they will be attacked. For the next blog post, we will look into the future of the healthcare industry and how it might evolve to be susceptible to attacks.