At the end of every year, the WatchGuard Threat Lab research team pulls together a list of predictions about the infosec industry for the year to come. What new types of attacks will emerge, how the industry will respond, and what products and services will be developed? We also make a point to grade ourselves on our predictions from the year before and assess which ones came true and which ones did not. WatchGuard CTO Corey Nachreiner wrote a two-part guest article series for Forbes grading the Threat Labs’ 2019 predictions. You can read the first installment of the series here and the second one here. Overall, four and a half of the Threat Lab’s eight predictions have come true in 2019 so far.
Corey gave the team a full “passing grade” for four of their 2019 predictions. The first was that attackers would target ICT systems with ransomware in 2019, which was proven correct by the Norsk Hydro and City Power ransomware attacks. The second was that researchers would crack biometric security measures. Lo and behold, in January 2019 Dutch researchers published research explaining how they had defeated the Android Trusted Face facial recognition with static photos. Next, the Threat Lab predicted that a major WPA3 hack would exposing the lack of security built into wireless networking standards in 2019. Researchers published the “Dragonblood” vulnerabilities in WPA3 in April 2019. Finally, WatchGuard predicted that a new type of self-propagating, fileless “vaporworm” malware would appear. Just weeks after our prediction, Trend Micro released details about a fileless remote access Trojan that met our criteria.
The half point comes from a prediction about an attacker holding the internet hostage by attacking a basic networking protocol like Domain Name System (DNS) or the Border Gateway Protocol (BGP) to make large chunks of the internet unusable. While a major BGP/DNS hack did not happen in 2019, several accidental BGP hijacks showed that hackers could probably exploit this protocol fairly easily. Here’s an excerpt from the article explaining that issue in more detail.
While (taking the internet hostage) hasn’t happened yet, we have seen some incidents that do illustrate the issues with BGP, and they prove it’s possible for attackers to exploit it to hijack global traffic. For example, right after we released our predictions, we learned of a BGP configuration issue that temporarily rerouted Google’s traffic through China and Russia. A small Nigerian ISP took responsibility for the BGP configuration mistake. Cloudflare and many websites experienced hours of downtime due to BGP leaks, both accidental and potentially malicious. Finally, in July, European mobile traffic was rerouted to a Chinese telecom due to a BGP route leak.
So, while there was no massive internet hostage crisis in 2019 (so far), WatchGuard researchers found enough BGP issues that fell somewhere between accidental and malicious that Corey gave the team half credit. Given the weaknesses in the BGP protocol, it’s only a matter of time before a malicious hijack occurs.
Read Part 1 and Part 2 on Forbes to learn about the other three WatchGuard predictions that have not yet come to pass, listen to the Threat Lab discuss the predictions in full nerdy detail on The 443 podcast, and keep your eyes peeled for the Threat Lab’s next round of infosec prognostications for 2020 later this month.