Yet Another Cyber Prediction Blog

It’s our industry’s favorite time of the year: Cyber predictions! I know. It’s hard to contain your excitement as a flood of predictions wash over you.

Annual cyber predictions are entertaining in my opinion. Some are half-baked conspiracy theories packed with buzz words and others are the obvious writings on the wall. In general, both are good for the community; they give us perspective and a range of what may be expected. The rest is up to the educated reader to determine if the threat prediction applies to their vertical or situation.

Nobody knows what exactly the future will hold for our industry, but strong indicators do help enable us to forecast trends in the coming years with some degree of accuracy.

A Quick Look Back

Last year I forecasted that 2019 would be an extension of the proverbial game of whack-a-mole that we saw in 2018. I also predicted that we would see categorical alterations to the current tactics, techniques and procedures seen in the Denial of Service landscape.

In 2019, the public cloud continuously experienced attacks. It seemed like almost every week, someone’s misconfigured server was being abused by cyber criminals. Ransom-based campaigns also continued to surge as many city governments across the United States were infected by ransomware, leaving many wondering what the future holds for connected smart cities.

[You may also like: Cities Are Under Attack. Here’s Why.]

In the realm of Denial of Service attacks, the first half of 2019 was quiet, due to a number of successful raids and take-downs targeting the DDoS-as-a-Service industry. Unfortunately, this hardly put a lasting dent in the overall activity or the economy.  For example, within 24 hours of the Dutch police raiding KV solutions, a notorious bulletproof hosting provider, bot herders immediately relocated their C2 infrastructure to new hosting providers.

As a result, we ended up seeing a resurgence in DDoS attacks going into the second half of the year. In the last quarter of 2019 things really picked up when attackers began targeting Amazon’s Route 53, as well as South African ISP’s and the gaming vertical. During some of these attacks, Radware observed several new DDoS amplification attack vectors, such as WS-Discovery, MacOS ARMS, and Telegram MTProxy being leveraged in an attempt to bypass mitigation techniques. We also saw bot herders altering their tactics, techniques and procedures when they launched TCP reflection attacks that gained amplification.

[You may also like: TCP Reflection Attacks: Then and Now]

What Will 2020 Hold?

Looking forward into 2020, I expect to see three evolutionary moments in the Denial of Service landscape.

  1. After four years of education, Script kiddies who grew up with Mirai will reach a new level of maturity and skill. As a result, we will see new bot herders become experts in their domain.
  2. With new criminal entrepreneurs coming of age, there will be new and expanded offerings via the DDoS-as-a-Service industry. As a result, there will be more raids, forcing criminals to consider new ways to host and advertise their services.
  3. There will be additional alterations to the current tactics, techniques and procedures seen in the Denial of Service landscape as new technology and defense mechanisms come of age.

Going into 2020, there will be many major world events, such as the Olympics and the U.S. presidential election, that will further underscore and amplify growing geopolitical tensions. As a result, cyber-related news will dominate headlines throughout 2020, leaving many to question whether society’s digital transformation is actually causing more problems than it was supposed to solve.

As industry leaders continue to invest in digital transformation to increase their competitive advantages and operational efficiencies, they will begin to realize these moves have only left them exposed and more vulnerable than ever before. They will begin to seek new security strategies as threat actors adjust to attacking new generation technology.

[You may also like: How to Recover from a DDoS Attack]

As always, bot herders will continue to research advanced technology with the goal of uncovering vulnerabilities and new techniques that will allow them to bypass modern security defenses. I believe in 2020 there will be a growth in the maturity level of what I call the ‘Mirai generation’, resulting in an increase in outages due to major Denial of Service attacks. This news will be largely amplified as a result of the expected 2020 news cycle.

Okay. That’s it! No more crystal balls until next year.

I hope everyone has a great, and most importantly safe, New Years!

Read “Radware’s 2019 Web Application Security Report” to learn more.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center