Freely subscribe to our NEWSLETTER

© Boguslaw Mazu

• Fantasy sports

There’s big money in fantasy sports. According to the Fantasy Sports Trade Association, Americans spend about $15 billion playing fantasy sports. That’s about 32 million Americans each spending $467. Consider that each of those 32 million Americans also provide their name, address, email address, billing and/or credit card information, and you’re also looking at a truckload of customer data that could turn a reasonable profit on the black market.

Fantasy sports have not been immune to security threats. About two years ago application security testing firm NT OBJECTives discovered a vulnerability in Yahoo’s Fantasy Football mobile app. If exploited, attackers could change team lineups and post imposter comments on message boards. More recently, a DraftKings employee admitted to accidentally posting confidential data, which led to accusations of insider trading. This type of activity is likely to reoccur, if not in the realm of fantasy sports than perhaps in the world of financial trading, where traders trade in other accounts so they don’t get caught.

At any rate, we predict that one of the leading fantasy sports sites – FanDuel or DraftKings – will suffer a major hack in 2016. Attackers will be looking to steal customer data or manipulate results to win big pools, which can total hundreds of thousands of dollars.

• Presidential candidate

Four years is a long time when it comes to technological innovation. Consider social networks: CIO reports that candidates in the 2016 U.S. Presidential election use more social networks than politicians of the past. No one could’ve guessed in 2012 that Facebook and Twitter would be joined by the likes of Snapchat, Pinterest and Instagram as mainstream social networks. And there’s no telling what digital technologies will impact future presidential campaigns. However, one thing is for certain: With every campaign, more of the candidates’ personal information is online. In 2016, we believe that at least one candidate will get hacked. But that’s not all. The unveiling of confidential or private information will change the course of the election. With so much personal data available, extortion and blackmail-type schemes are likely to increase in 2016 as well.

• Planes, trains and automobiles

In July 2015, software engineers Charlie Miller and Chris Valasek demonstrated how they could remotely exploit a zero-day vulnerability to send commands through a Jeep Cherokee’s entertainment system to its dashboard functions, steering, brakes and transmission. To make matters worse, automobile manufacturers aren’t being forthright about hacker and privacy threats as a result of connected systems. Not only will we see more proof of concept scenarios in the coming year, but Damballa predicts that a major transport manufacturer will be hacked in the real world, with serious implications for personal safety.

Drones
With drones becoming more widely available, we expect them to also play a role in next year’s hacking activities. Researchers are already at work building software that can be loaded onto a drone and can penetrate consumer devices and networks, as well as enterprise networks. It won’t take long before an attacker uses this software (one system is already available on GitHub) to conduct a large-scale cyber attack. Healthcare and government organizations will be prime targets because of the type and value of information they hold. Alternatively, we may see attackers begin to target the drones themselves to achieve remote control.

Major sporting event
The World Cup, Summer Olympics or Super Bowl 50 – one of these major sporting events will also be a cyber event in 2016. It’s not too difficult to imagine a nation state tampering with Olympic timing machines, for example, to help its athletes win in a split-second race, or hackers tampering with scores to win large bets. Such an attack could have a significant impact on international politics as well as the popular culture associated with the event.

Even as these new attacks take front-and-center stage in the coming year, we will continue to see activity from tried-and-true attacks that are still going strong. For example, banking Trojans and spear phishing continue to be effective campaigns. We also continue to see activity from Nuclear, which has been around since 2011 and remains the most successful exploit kit available. Attackers continue to use SQL injection attacks as well to put malware on small websites as a repository.

We would love to be wrong about any one of these attacks occurring in 2016, but the acceleration of innovation combined with the lack of attention given to security and privacy only increase their likelihood. It is more important than ever that going into the New Year both companies and individuals take great care to protect themselves.