In the wake of the US election, we should expect geopolitical changes that will result in changed behavior by threat actors.  Our defenses need the agility to adapt.  Where you operate and your industry, should dictate what you do next.

Given President-elect Trump's more favorable relationship with President Putin, it's possible that the US threat from Russia will be diminished.  European support for the war in Ukraine will likely dictate if the same holds true there.  An emboldened Russia might increase DDoS attacks against western leaning states in the Balkans, Georgia, and Moldova while increasing the use of AI generated disinformation campaigns throughout western Europe.  Ransomware will continue to hit from multiple sources, but ransomware from eastern Europe is generally less prevalent in nations that the Kremlin views as friendly.

In contrast, the likelihood of armed conflict in the Middle East may drive more cyber attacks against nations seen as supporting Israel.  If Iran and Israel engage more significantly, regional groups will likely increase DDoS and hacktivist activities to draw attention to their cause.  At the same time, Iran may seek to increase the cost of supporting Israel through unattributed attacks against critical western infrastructure such as power generation, municipal water, and dams.

It's too soon to say how the US relationship with North Korea may change.  A rekindled discussion could lead to reduced sanctions, thereby reducing the DPRK's interest in financial theft.  If they no longer see a Trump administration as one who negotiates in good faith, financial attacks will continue and DDoS attacks could increase against South Korea and Japan.

That leaves China, where the likelihood of conflict is increasing.  To date, China's actions have been primarily focused on data theft, intelligence gathering, and preparing for cyber-war.  These all rely on stealth.  Should we impose sanctions that cripple their economy, or should they decide to take Taiwan by force, stealthy behavior could be replaced by something much more noisy.  Backdoors could be used to disable critical infrastructure in banking, power generation and distribution, communications, etc.  In the event of armed conflict with Taiwan, significant attacks against western infrastructure could be used to blunt our ability to intervene. 

Other than “hacktivist” groups seeking to draw attention to a cause, most cyber incidents rely on anonymity to shield the attacker from a response. We may name and shame whom we think is behind something, but plausible deniability is an attacker’s friend. One thing that’s becoming clear as bullets fly in Ukraine and the middle east is that the fear of attribution is weakening. We should expect less stealthy types of attacks from more capable actors, especially when they are engaged in a shooting war.

None of the specific scenarios above are guaranteed, but all are plausible.  What's certain is that adversaries have interests and their tactics reflect them.  Defenders need to consider how to adjust to a changing landscape as the threats change, or risk investing in immaterial controls at the expense of what's now needed.  Buckle up, it's likely to be a bumpy ride