As hard as it is to believe, it’s once again time for our APT Predictions. Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. This allows us to understand the actual attack surface and attacker tactics and to further hone our hunting and detection to address new attacks. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Rather than consider each new breach as yet another example of the same, we see the compounding cumulative insecurity facing users, e-commerce, financial, and governmental institutions alike.
As we stated last year, rather than thinly-veiled vendor pitching, our predictions are an attempt to bring to bear our research throughout the year in the form of trends likely to peak in the coming year.