http://fortunascorner.com/2015/11/25/kaspersky-lab-2016-predictions-forecasts-the-end-of-advanced-persistent-threats-apts-nightmare-of-ransomware-to-continue-attacks-on-security-vendors-sabotage-extortion-apt-actors-dow/
You can never have too much information – knowledge is your best weapon!
November 25, 2015
Kaspersky Lab 2016 Predictions: Forecasts The End Of Advanced Persistent Threats (APTs); Nightmare Of Ransomware To Continue; Attacks On Security Vendors; Sabotage, Extortion, & Shame; APT Actors Down The Road; Future Of internet; Cryptoanalyze
Kaspersky Lab, the Russian-based cyber security firm that first discovered and dissected the Stuxnet cyber virus, has just published their look-ahead at the evolving cyber threat and what they think we’ll see in 2016. Surveying their cyber security experts from around the globe, Kaspersky has some interesting guesses about what the cyber threat landscape may look like next year.
The End Of Advanced Persistent Threats (APTs)
“Before you start celebrating,” Kaspersky says, “we should point out that we’re referring to the ‘Advanced,’ and ‘Persistent’ elements — both of which the threat actors would gladly drop for stealth.” Kaspersky “expects to see a decrease in the emphasis on persistence, placing a greater focus on memory-resident, or fileless malware. The idea will be to reduce the traces left on an infected system and thus avoid detection altogether. Another approach will be to reduce the emphasis on advanced malware. Rather than investing in bootkits, rootkits and custom malware that gets burned by research teams,” Kaspersky “expects an increase in the repurposing of off-the-shelf malware. Not only does this mean that the malware isn’t burned upon discovery; but, it also has the added benefit of hiding the actor and his [or her] interactions in a larger crowd of mundane uses for commercially available RAT. As the shrine of cyber-capabilities wears off, return on investment (ROI) will rule much of the decision-making of state-sponsored attackers — and, nothing beats low initial investment for maximizing ROI,” Kaspersky says.
The Nightmare Of Ransomware Continues
Kaspersky “expects to see the success of Ransomware to spread to new frontiers. Ransomware has two advantages over traditional banking threats: direct monetization; and, relatively low-cost per victim. This amounts to decreased interest from well-resourced third parties — such as banks, as well as low levels of reporting to law enforcement agencies. Not only does Kaspersky Lab expect ransomware to gain ground on banking trojans; but, Kaspersky also expects it to transition into other platforms. Weak attempts at bringing ransomware to mobile (SimpleLocker) and Linux (RansomLinuxCryptor) have already been witnessed…….but, perhaps the more desirable target platform is OS X. Kaspersky expects to see ransomware to cross the Rubicon — to not only target Macs, but also charge ‘Mac prices.’ Then, in the longer term, there is the likelihood of the Internet of Things (IoT) ransomware — begging the question, how much would you be willing to regain access to your TV programming? Your fridge? Your car?”
Betting Against The House: Financial Crimes At The Highest Level
“The merging of cyber crime and APTs, has emboldened financially motivated criminals — who have gracefully transitioned from attacking end users, to going after financial institutions themselves,” Kaspersky says. “The past year has seen plenty of examples of attacks on point-of-sale (PoS) systems, and ATMs, not to mention the daring Carbanak heist that pilfered hundreds of millions of dollars. In the same vein,” Kaspersky predicts “cyber criminals to set their sights on novelties like alternate pay systems (ApplePay and AndroidPay) whose increasing rate of adoption should offer a new means of immediate monetization. Another inevitable point of interest is stock exchanges, — the true mother lode. While frontal attacks may yield quick payoffs, we mustn’t overlook the possibility of more subtle means interference, such as going after the black-box algorithms employed in high-frequency trading — to ensure prolonged gains — with a lower likelihood of getting caught.”
Attacks On Security Vendors
“As attacks on security vendors rises,” Kaspersky expects to see an interesting vector in compromising industry-standard, reverse-engineering tools like IDA and Hiew, debugging tools like OllyDog, and WinDbg, or virtualization tools like VMware, suite and VirtualBox. CVE-2014-8485, a vulnerability in the Linux implementation of ‘strings’,’ presents an example of the vulnerable landscape of nontrivial security research tools that determined attackers may choose to exploit when targeting researchers themselves. In a similar vein, the sharing of freeware research tools through code repositories like Github — is an area ripe for abuse, as users will more often than not — pull code and execute it on their systems, without so much as a glance. Perhaps we should also be casting a suspicious glance towards popular implementations of PGP — so eagerly embraced by the infosec community.”
Sabotage, Extortion, & Shame
“From dumps of celebrity nudes, to the Sony and Ashley Madison hacks, and the HackingTeam dump, there has been an undeniable increase in DOXing, public shaming, and extortion. Hacktivists, criminals, and state-sponsored attackers alike, have embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets. While some of these attacks are strategically targeted, some are also the product of opportunism, taking advantage of poor cyber security to feign hacker prowess. Sadly, we can only expect this practice to continue to rise exponentially,” Kaspersky forecasts.
Whom Do You Trust?
“Perhaps the scariest commodity in the current Internet-age…….is trust,” Kaspersky observes. “Abuse of trusted resources will further drive this scarcity. Attackers will continue to enlist open-source libraries and white-listed resources for malicious purposes.” Kaspersky “expects another form of trust to be abused — that of a company’s internal resources: as crafty attackers seek to expand their foothold on an infected network, they may target resources limited to the company intranet — such as waterholing Sharepoint, file server, or ADP portals. Perhaps we’ll even witness the furtherest extension of the already rampant abuse of trusted certificates as attackers establish an entirely fabricated certificate authority to issue certificates to their malware.”
APT Actors Down The Road
“The probability of cyber espionage has not escaped the attention of our foes,” Kaspersky Lab notes, and as expected by the company — [cyber] mercaaries [this cyber gun for hire] have been populating the scene. This trend will only increase [in 2016] Kapersky forecasts, “to match the demand for cyber capabilities by both companies, as well as known APT actors looking to outsource less critical tasking — without risking [exposing] their tools and [networked] infrastructure. We could flost the term ‘APT-as-a-Service,’ but perhaps more interestingly,” Kaspersky expects the evolution of targeted attacks, to yield ‘Access-as-a-Service.’ The latter entails the sale of high-profile, targets that have already fallen victim to [cyber] mercenaries.”
“Looking further into the future of cyber espionage,” Kaspersky sees members of well-established APT teams[APT 1% users if you like] potentially coming out of the shadows. This will happen in one of two forms: 1) As part of the private sector with the proliferation of ‘hacking back,’ or, by sharing their insights with the larger infosec community, perhaps by joining us at a conference to share the other side of the story. [In the meantime, we can expect the APT Tower of Babel to incorporate a few more languages.”
The Future Of The Internet
“The infrastructure of the Internet itself, has shown signs of tension, and cracks in recent years”: Kapersky Lab notes. “Concerns over massive router botnets, PBG hijacking and dampening, DNS attacks enmasse, or server-powered DDoSes betray betray a lack of accountability and enforcement on a global scale. Looking further down the line to long-term predictions,” Kasperskly says “we can consider what the Internet might look like — if that narrative of a globall;y connected village continues to wither. We may end up with a balkanized Internet divided by national borders. At that point, concerns over availability may come down to attacks on the service junctures that provide access to different sections, or perhaps geopolitical tensions that target the cables that target that connect large swatches of the Internet. Perhaps we’ll even see the rise of a black market activity for connectivity. Similarly, we can expect that as technologies that power the Internet’s underbelly continue to gain mainstream attention and widespread adoption, developers with a stake in shadow [digital] markets, exchanges, and forumsare likely to develop better technologies to keep the underground truly underground.”
The Future Of Transportation
“As investment and high-end research capabilities are dedicated to developing autonomous vehicles for both commercial and personal distribution,” Kaspersky Lab forecasts that “we will witness the rise of distributed systems to manage the routes and traffic of large volumes of these vehicles,. These attacks may not focus on the distributed systems themselves, but perhaps on the interception and of protocols they rely on (a proof-of-concept of the vulnerabilities of the the widely adopted Global Star satcom system was presented by a Synack researcher at this year’s BlackHat conference). Foreseeable intentions behind these attacks include theft of high-value good, or kinetic damage resulting in loss of life.”
What Else Might We See That Kaspersky Didn’t Discuss?
Interesting article and no doubt some very likely trends that will play out in 2016. But, I wonder if Kaspersky Lab left out some of the more serious, and damaging cyber threats that could emerge next year. With the Islamic State and al Qaeda vying to be the alpha male of the militant jihadists — one wonders if these darker angels of our nature will evolve from the suicide-type terrorist attacks in Paris and elsewhere — to weapons of mass disruption in the cyber realm.
With the cutting of Internet cables in California in the past two years, to the vulnerability of our undersea Internet cables, to our satellites, and critical infrastructure — it is an inviting — target-rich environment for terrorists.
Will 2016 finally see a larger-scale cyber attack here in the U.S. and abroad? An attack on our financial hubs? Our SCADA and power networks? The list is rich; and, the threat is high, and real.
Will cyber-guns-for-hire; and/or, a ‘Dr. No’ in the digital world come to the fore?
How will attribution and encryption play out? What new avenues will we see on The Dark Web?
Will digital nano dust, metadata tagging, and other digital techniques enable tyrants to know their citizens every digital move?
How will stealth malware, cyber spoofing, stay-behinds, remote and clandestine/covert downloading or corruption of data change?
How will denial and deception in the digital;world impact the spy vs. spy, espionage, and intelligence collection disciplines?
Will more sophisticated and serious techniques emerge that makes our stand-alone systems and networks even more vulnerable?
How will biometrics, identity management, and authentication change?
Will we see the emergence of lethal, offensive cyber weapons — where the objective is to cause loss of life? up till now, cyber weapons users have only considered loss of life — unintended consequences.
Will we have our first serial killer in cyber space? Hacking into patient medical devices to alter medication and/or, other life-saving patient devices/equipment/
Will there be an attempt to hack in
No comments:
Post a Comment