While we may not be the only ones doing it, we at DomainTools thought it would be worth offering some predictions for Cyber 2016. For folks planning their budgets, security strategy, initiatives, etc., it’s worth considering what they are likely to be up against in the coming months and years, and for those of us helping supply the tools and data to boost those defenses, it’s valuable too. It pushes us to think about how we can best serve our users in their fight against cybercrime, hacking, cyber espionage, and more.
And so, in no specific order, here are our 2016 cybersecurity predictions:
Teams and training go front-and-center: More efforts/companies will invest inwardly, focusing on beefing up their internal security and incident response training, as demand for qualified personnel far outstrips supply. Related to that, we see 2016 as the “Year of the Team,” specifically red teams (security personnel attacking their own infrastructure to discover vulnerabilities) and hunt teams (analysts vigorously searching for signs of compromise).
Domain Profile, IP- and DNS-based OSINT (Open Source Intelligence) will become more prominent as a countermeasure: Okay, we admit we aren’t exactly unbiased observers of this one, but it is a prediction well-grounded in trends we’re seeing. There’s an increasing awareness of the “footprints” left by all manner of online activity, and for the kinds of criminal activities that involve DNS infrastructure (as opposed, say, to communications over various established media), security pros are examining domains, IP addresses, web servers, etc. to help nail the bad guys.
The (continuing) rise in nation-state activity turns deadly: As our own Bruce Roberts discussed in this article in SC Magazine, nation-states will continue to increase their investment in cybersecurity resources, both offensive and defensive, as cyberwarfare examples surface from and to countries beyond those normally making such news. In other words, it will be the breadth as well as the depth of such activity that marks 2016.
An acknowledged counterattack: Most organizations will go to great lengths to defend their own property and assets, but draw the line at counterpunching. We observed some small scale examples of counter strikes in 2015 (e.g. the Phishme hack); In 2016, however, we believe that at least one high-profile, successful, counterattack will occur, in which a breached organization (private sector or governmental) will identify, target, and compromise the threat actor(s) who breached them–and will publicly acknowledge doing so.
Fewer nonsensical (easy to detect) botnet domain names: Getting a little more technical: we believe that in 2016, illegitimate domains connected to botnets and malware will continue to become harder to detect, specifically by modifying automatic domain generation algorithms (DGAs) to make more natural-sounding domain names. Currently, it’s easy for a human, and increasingly easy for a machine, to identify a domain name that is gibberish, such as “s89xpw-ie0se8al39tf[.]com” (We made that one up, but there are a lot of domains that look more or less like that, and they’re not up to any good.) We think that more DGAs will be generating names that use natural language so as to avoid easy detection.
Pocket Botnet: Speaking of botnets, we foresee a rise in botnets running on mobile devices. They have all the right ingredients: more than enough computing power, near-constant Internet connectivity, weak links in their security (especially in the multitudes of apps that run on them), and great numbers. While they have existed before, we believe that 2016 will see an inflection point, with a marked increase in mobile botnet activity. And because so many mobile phones use IPv6 on the mobile networks, we see IPv4 (only) -based security measures representing a weak link in the security chain.
Writing cybersecurity predictions is an exercise in paradox: the head wants validation by seeing predictions come true, while the heart wants none of the darker predictions to actually happen. Regardless, here are two final predictions that you can take to the bank: 2016 will be an eventful year for cybersecurity, with lots of great advances as well as some scary stuff; and DomainTools will unveil exciting new capabilities for our customers engaged in the serious work of defending people and data.
With our best wishes for a prosperous–and secure–2016,
The DomainTools Team