Advanced Persistent Threats (APTs) as they are now known will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts.
In their predictions for 2016, experts revealed that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system. They will also rely more on off-the-shelf malware to minimize their initial investment.
Kaspersky Lab’s predictions for 2016 are based on the expertise of the Global Research and Analysis Team, the company’s 42 top security experts, located all over the world. Each member contributes unique expertise and, in 2015 alone, their insight and intelligence resulted in detailed public reports on 12 APT actors, “speaking” different languages, including French, Arabic, Chinese, Russian, English, among others.
Kaspersky Lab’s experts anticipate that 2016 will see: APTs lose letters and gain weight as there will be a dramatic change in how APTs are structured and operate; a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection; and rather than investing in bootkits, rootkits and custom malware that gets burned by research teams, an increase in the repurposing of off-the-shelf malware.
Experts also predict that thieves in the TV and/or crime in the coffee-maker as ransomware will gain ground on banking Trojans and is expected to extend into new areas such as OS X devices, often owned by wealthier and therefore more lucrative targets, in addition to mobile and the Internet-of-Things; new ways to make hack victims pay with alternative payment systems such as ApplePay and AndroidPay, as well as stock exchanges will become growing targets for financial cyber-attack; and a rise in the number of DOXing, public shaming and extortion attacks, as everyone from Hactivists to nation-states embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets.
“2016 will see significant evolution in cyberespionage tradecraft, as sophisticated threat actors minimize investment by repurposing commercially available malware and become more adept at hiding their advanced tools, infrastructure, and identities by ditching persistence altogether,” said Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab.
Juan Andrés Guerrero-Saade added that “2016 will also see more players entering the world of cyber-crime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder.”
For businesses and individuals to prepare to meet the cyber-risks of the future, actions recommended include: focus on cybersecurity education for staff; ignoring the detractors and implement mature, multi-layered Endpoint protection with extra proactive layers; patching vulnerabilities early, patch often, and automate the process; minding everything that’s mobile; implementing encryption for communications and sensitive data; and protecting all elements of the infrastructure – gateways, email, collaboration.
