Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky Lab’s top threat predictions for 2017

Kaspersky Lab’s discovery in 2016 of an APT able to create new tools for each victim has effectively killed off ‘Indicators of Compromise’ as a reliable means of detecting infection, according to the company’s Threat Predictions for 2017.

Kaspersky Lab’s discovery in 2016 of an APT able to create new tools for each victim has effectively killed off ‘Indicators of Compromise’ as a reliable means of detecting infection, according to the company’s Threat Predictions for 2017.  

Kaspersky Lab_KSB Predictions 2017_1.jpg

The predictions are prepared annually by the company’s expert Global Research and Analysis Team (GReAT) and are based on its wide-ranging insight and expertise.  The list for 2017 includes the impact of bespoke and disposable tools, the growing use of misdirection in terms of attacker identity, the fragility of an indiscriminately Internet-connected world, and the use of cyberattacks as a weapon of information warfare.

The decline of IoCs

Indicators of Compromise (IoCs) have long been an excellent way of sharing traits of known malware, allowing defenders to recognize an active infection. The discovery by GReAT of the ProjectSauron APT changed this. Analysis of the group revealed a bespoke malware platform where every feature was altered for each victim, rendering IoCs unreliable for detecting any other victim, unless accompanied by another measure, such as strong Yara rules.

Advertisement. Scroll to continue reading.

The rise of ephemeral infections

In 2017, Kaspersky Lab also expects to see the appearance of memory-resident malware that has no interest in surviving beyond the first reboot that will wipe the infection from the machine memory. Such malware, intended for general reconnaissance and the collection of credentials, is likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery.

Kaspersky Lab_KSB Predictions 2017_2.jpg

“These are dramatic developments, but defenders will not be left helpless. We believe that it is time to push for the wider adoption of good Yara rules.  These will allow researchers to scan far-and-wide across an enterprise, inspect and identify traits in binaries at rest, and scan memory for fragments of known attacks. Ephemeral infections highlight the need for proactive and sophisticated heuristics in advanced anti-malware solutions,” said Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team.

Other Top Threat Predictions for 2017

  • Attribution will flounder among false flags: As cyberattacks come to play a greater role in international relations, attribution will become a central issue in determining a political course of action – such as retaliation.  The pursuit of attribution could result in the risk of more criminals dumping infrastructure or proprietary tools on the open market, or opting for open-source and commercial malware, not to mention the widespread use of misdirection (generally known as false flags) to muddy the waters of attribution.

  • The Rise of Information Warfare: In 2016, the world started to take seriously the dumping of hacked information for aggressive purposes.  Such attacks are likely to increase in 2017, and there is a risk that attackers will try to exploit people’s willingness to accept such data as fact by manipulating or selectively disclosing information.

  • Alongside this, Kaspersky Lab expects to see a rise in Vigilante Hackers – hacking and dumping data, allegedly for the greater good.

  • Growing Vulnerability to Cyber-sabotage: As critical infrastructure and manufacturing systems remain connected to the Internet, often with little or no protection – the temptation to damage or disrupt them could prove overwhelming for cyberattackers, particularly those with advanced skills, and during times of rising geopolitical tension.

  • Espionage Goes Mobile: Kaspersky Lab expects to see more espionage campaigns targeted primarily at mobile, benefiting from the fact that the security industry can struggle to gain full access to mobile operating systems for forensic analysis.

  • The Commoditization of Financial Attacks: Kaspersky Lab expects to see the ‘commodification’ of attacks along the lines of the 2016 SWIFT heists in 2016 – with specialized resources being offered for sale in underground forums or through as-a-service schemes.

  • The Compromise of Payment Systems: As payment systems become increasingly popular and common, Kaspersky Lab expected to see this matched by a greater criminal interest.

  • The Breakdown of ‘Trust’ in Ransomware: Kaspersky Lab also anticipates the continuing rise of ransomware, but with the unlikely trust relationship between the victim and their attacker – based on the assumption that payment will result in the return of data – damaged as a lesser grade of criminal decides to enter the space. This could be the turning point in people being prepared to pay up.

  • Device Integrity in an Over-crowded Internet: As IoT-device manufacturers continue to pump out unsecured devices that cause wide-scale problems, there is a risk that vigilante hackers could take matters into their own hands and disable as many devices as possible.

  • The Criminal Appeal of Digital Advertising: Over the next year, we will see the kind of tracking and targeting tools increasingly used in advertising being used to monitor alleged activists and dissidents. Similarly, ad networks – which provide excellent target profiling through a combination of IPs, browser fingerprinting, browsing interest and login selectivity – will be used by advanced cyberespionage actors keen to precisely hit targets while protecting their latest toolkits.

The full text of the report “Kaspersky Lab Threat Predictions for 2017” is available on Securelist.

To look back at what the Kaspersky Lab experts expected to see in 2016, please read.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Delta will feature automation technologies for production efficiency, energy infrastructure to support electrification, and clean energy solutions to reduce carbon emissions.

HEADLINES

The Open Enterprise Linux Association (OpenELA) has published enterprise Linux sources compatible with Red Hat Enterprise Linux (RHEL) 9.5.

HEADLINES

The FarmTech training kit is composed of 10 smartphones, a tablet, a SmartBro pocket Wi-Fi with Smart prepaid load cards, an outdoor projector and...

HEADLINES

PLDT and Smart's Technolab serves as a facility for the exploration and testing of new and upcoming network technologies and solutions, such as 6G,...

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

The event emphasized the pivotal role of PLDT Enterprise’s Managed SD-WAN and Managed Network Service for businesses striving for operational excellence and digital transformation.

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

Advertisement