End of Year Report

As we do every year, last year we made some predictions about what 2017 might hold for Information Security. We presented them at our annual security conference, called CloudBurst and held at the Leadenhall building up in the clouds on Landing 42.

We will of course be doing the same at this year’s event – ‘Safe and Secure‘ which is on Wednesday the 31st of January at Banking Hall, London.

So how did our predictions fare during the year?

Ransomware, ransomware and more pesky ransomware – we predicted an increase in the volume and methods of Ransomware – not that startling a prediction really, but one of the specifics we called out, that Ransomware would be available as a service for the use of criminals has come to pass. It even has its own Forbes article.

Mobile nasties – we predicted that the number of attacks against mobiles would be on the rise and it most certainly has been.

Internet of Tings – The Internet of Tings would continue to present an infection vector for botnets and the like is what we said. Looks like we were right.

Spy vs Spy – Shots fired – paranoid as we were then and remain to this day, nation state activity in hacking would be on the rise. Well unless you have been hiding in a trench on Mars, then you would have noticed the carnage reaped by the stolen NSA tools leading to WannaCry, NotPetya and the like. You will probably also not have missed the blame being placed firmly on the North Koreans.

DevOPS self-inflicted wounds – API carnage – We predicted that APIs would continue to be an attack vector and that furthermore misconfigurations of Internet facing shizzle would cause issues. Look no further than the Apache Struts issue that took out Equifax or any of the numerous API ‘incidents’, WordPress to name but one.

Browser exploitation – Browsers continue to be a primary attack vector. Many of you will have noticed Browser exploits being used to mine BitCoins etc. There is even a MetaSploit kit called ‘beef’ for exploiting web browsers.

Misconfigured (hybrid) cloud environments – Quite proud of this one because 2017 has been the year of data exposed through misconfigurations of stuff like Amazon S3 buckets.

So all in all, we think we did reasonably well last year and might struggle to pull off the feat this year. If you want to hear us talk through this year’s conjectures, please do sign up to our conference here. If you would like to get yourself on the list, fancy talking about anything that happened last year or are worried about for next year, please contact us at: [email protected] or call 0207 517 3900.

Wishing you all a Happy New Year.