I continue not to see many people who make predictions for the coming year actually come back to review what they predicted. As I showed last year, I’m not one of those, so here is my review. I’ve included the original text below in blue, but the full article for my 2018 predictions is here.
1. There will be another large scale incident on a similar scale to WannaCry
Every year there are really large attacks using different methods to cause problems. In 2016 we saw huge floods of data attacking online services. This flood was caused by poorly secured internet connected security cameras. 2017 saw Ransomware worms in WannaCry and Petya/NotPetya. The latter of these was quite ingenious in the way it worked, as it used different methods to move around networks, once it successfully infected a machine. I’m going to guess that we’ll see something of similar complexity being used, perhaps in a more targeted way – possibly by way of altering a widely used application’s source code and lying dormant until activated.
There was one huge, record breaking event, but it didn’t feature in most of the global news as it affected a US based service provider. It was a large distributed denial of service attack, which I reported here. Earlier in the year, there was a situation where websites that used a certain popular plug-in were “mining” virtual currency for the bad guys. In September, there was number of well known websites, like Ticket Master and British Airways, who had their payment pages compromised. People who used those sites had their credit card information stolen.
I’ll take a partial on this, as the stories above didn’t have the same kind of media frenzy or global awareness as previous incidents.
2. Past Data Breaches will impact victims financially on a large scale
With so many data breaches occurring throughout 2017 (and for years earlier), there is a huge amount of useful and usable data that the evil doers can, if they used some big-data methodologies, mine to extract and target individuals and hit them financially. It’s not credit card numbers I’d be worried about, as the issuers are fairly good at catching fraud and protecting the card holder. It’s all of the other information that could be used to craft a very convincing e-mail/letter/WhatsApp message that will cause the victim to send money to the bad guys.
I reckon I got this one. Old passwords that were breached a long time ago (possibly from the 2012 LinkedIn breach), were used to make a sextortion e-mail appear more credible and a lot of people fell for it. According to some reports, 1,000 people paid approximately $500,000. An earlier analysis of the payments showed that some people paid up to $4,900, with the average being $1,900.
3. GDPR will cause a big Facebook-type company to be fined
I suspect there are individuals out there waiting in the long grass for May 25th 2018 to roll around so they can launch all manner of subject access requests on various companies and government departments that they don’t like. Just to be a nuisance. I do, however, expect that some large global corporation, that has a lot of personal data on a huge number of people, will end up being investigated and, either in 2018 or 2019, be levied a massive, multi-million Euro fine. But they will fight back and hold up the imposition of the fine for a number of years. They may even expose flaws in the GDPR legislation.
The cases are still under investigation, so I’ll take a partial on this, but it’s not a Facebook-type company that is going to be fined, but Facebook themselves. They currently have multiple post-GDPR investigations underway with the Data Protection Commission.
4. Crypto-currency hack
If BitCoin is still a valuable thing in 2018 (and hasn’t crashed and burned), I expect the evil doers will be doing their best to hack the BitCoin block chain in order to steal some of that sweet, sweet virtual currency.
This was a miss. I’ve not heard of any successful block chain hacks and BitCoin’s value has fallen so low, it’s probably not worth the effort to attempt to hack it any more.
5. Data breaches will see a massive increase in reporting in Ireland
While there have been data breaches reported in Ireland, they are few and far between. However, I fully expect that the requirement to report data breaches to the Data Protection Commissioner under the GDPR, will cause an increase in the reports of data breaches occurring. I have a useful short video here showing that there are many different types of data breach that might need to be reported.
This was a kinda easy one to predict. In 2017, there were on average 230 data breaches reported to the Data Protection Commissioner each month. Two months after the GDPR had been implemented, the Data Protection Commission (as it is now known) had received nearly 600 data breach notifications per month.
Results for my 2018 predictions
2 correct, 2 partials and 1 incorrect. Not too bad.
I don’t plan on doing this again next year. However, if enough people ask me to do so, then I’ll reconsider. Send me an e-mail at info@L2CyberSecurity.com and let me know if you want to see a 2019 set of predictions.
Wishing you and yours a safe and secure 2019.
Lets be careful out there.