Kasper­sky Lab’s threat pre­dic­tions 2017

Kuwait Times - - TECHNOLOGY -

DUBAI: Kasper­sky Lab’s dis­cov­ery in 2016 of an APT able to cre­ate new tools for each vic­tim has ef­fec­tively killed off ‘In­di­ca­tors of Com­pro­mise’ as a re­li­able means of de­tect­ing in­fec­tion, ac­cord­ing to the com­pany’s Threat Pre­dic­tions for 2017.

The Pre­dic­tions are pre­pared an­nu­ally by the com­pany’s ex­pert Global Re­search and Anal­y­sis Team (Great) and are based on its wide-rang­ing in­sight and ex­per­tise. The list for 2017 in­cludes the im­pact of be­spoke and dis­pos­able tools, the grow­ing use of mis­di­rec­tion in terms of at­tacker iden­tity, the fragility of an in­dis­crim­i­nately In­ter­net-con­nected world, and the use of cy­ber­at­tacks as a weapon of in­for­ma­tion war­fare.

The de­cline of Iocs

In­di­ca­tors of Com­pro­mise (Iocs) have long been an ex­cel­lent way of shar­ing traits of known mal­ware, al­low­ing de­fend­ers to rec­og­nize an ac­tive in­fec­tion. The dis­cov­ery by Great of the Pro­jec­tSau­ron APT changed this. Anal­y­sis of the group re­vealed a be­spoke mal­ware plat­form where ev­ery fea­ture was al­tered for each vic­tim, ren­der­ing Iocs un­re­li­able for de­tect­ing any other vic­tim, un­less ac­com­pa­nied by another mea­sure, such as strong Yara rules.

The rise of ephemeral in­fec­tions

In 2017, Kasper­sky Lab also ex­pects to see the ap­pear­ance of mem­ory-res­i­dent mal­ware that has no in­ter­est in sur­viv­ing be­yond the first re­boot that will wipe the in­fec­tion from the ma­chine mem­ory. Such mal­ware, in­tended for gen­eral re­con­nais­sance and the col­lec­tion of cre­den­tials, is likely to be de­ployed in highly sen­si­tive en­vi­ron­ments by stealthy at­tack­ers keen to avoid arous­ing sus­pi­cion or dis­cov­ery. “These are dra­matic de­vel­op­ments, but de­fend­ers will not be left help­less. We be­lieve that it is time to push for the wider adop­tion of good Yara rules. These will al­low re­searchers to scan far-and-wide across an en­ter­prise, inspect and iden­tify traits in bi­na­ries at rest, and scan mem­ory for frag­ments of known at­tacks. Ephemeral in­fec­tions high­light the need for proac­tive and so­phis­ti­cated heuris­tics in ad­vanced anti-mal­ware so­lu­tions,” said Juan An­drés Guer­rero-Saade, Se­nior Se­cu­rity Ex­pert, Global Re­search and Anal­y­sis Team.

Other Top Threat Pre­dic­tions for 2017

• At­tri­bu­tion will floun­der among false flags: As cy­ber­at­tacks come to play a greater role in in­ter­na­tional re­la­tions, at­tri­bu­tion will be­come a cen­tral is­sue in de­ter­min­ing a po­lit­i­cal course of ac­tion – such as re­tal­i­a­tion. The pur­suit of at­tri­bu­tion could re­sult in the risk of more crim­i­nals dump­ing in­fra­struc­ture or pro­pri­etary tools on the open mar­ket, or opt­ing for open-source and com­mer­cial mal­ware, not to men­tion the wide­spread use of mis­di­rec­tion (gen­er­ally known as false flags) to muddy the wa­ters of at­tri­bu­tion.

• The Rise of In­for­ma­tion War­fare: In 2016, the world started to take se­ri­ously the dump­ing of hacked in­for­ma­tion for ag­gres­sive pur­poses. Such at­tacks are likely to in­crease in 2017, and there is a risk that at­tack­ers will try to ex­ploit peo­ple’s will­ing­ness to ac­cept such data as fact by ma­nip­u­lat­ing or se­lec­tively dis­clos­ing in­for­ma­tion.

• Along­side this, Kasper­sky Lab ex­pects to see a rise in Vig­i­lante Hack­ers – hack­ing and dump­ing data, al­legedly for the greater good.

• Grow­ing Vul­ner­a­bil­ity to Cy­ber-sab­o­tage: As crit­i­cal in­fra­struc­ture and man­u­fac­tur­ing sys­tems re­main con­nected to the In­ter­net, of­ten with lit­tle or no protection – the temp­ta­tion to dam­age or dis­rupt them could prove over­whelm­ing for cy­ber­at­tack­ers, par­tic­u­larly those with ad­vanced skills, and dur­ing times of ris­ing geopo­lit­i­cal ten­sion.

• Es­pi­onage Goes Mo­bile: Kasper­sky Lab ex­pects to see more es­pi­onage cam­paigns tar­geted pri­mar­ily at mo­bile, ben­e­fit­ing from the fact that the se­cu­rity in­dus­try can strug­gle to gain full ac­cess to mo­bile op­er­at­ing sys­tems for foren­sic anal­y­sis.

• The Com­mod­i­fi­ca­tion of Fi­nan­cial At­tacks: Kasper­sky Lab ex­pects to see the ‘com­mod­i­fi­ca­tion’ of at­tacks along the lines of the 2016 SWIFT heists in 2016 – with spe­cial­ized re­sources be­ing of­fered for sale in un­der­ground fo­rums or through as-a-ser­vice schemes.

• The Com­pro­mise of Pay­ment Sys­tems: As pay­ment sys­tems be­come in­creas­ingly pop­u­lar and com­mon, Kasper­sky Lab ex­pected to see this matched by a greater crim­i­nal in­ter­est.

• The Break­down of ‘Trust’ in Ran­somware: Kasper­sky Lab also an­tic­i­pates the con­tin­u­ing rise of ran­somware, but with the un­likely trust re­la­tion­ship be­tween the vic­tim and their at­tacker – based on the as­sump­tion that pay­ment will re­sult in the re­turn of data - dam­aged as a lesser grade of crim­i­nal de­cides to en­ter the space. This could be the turn­ing point in peo­ple be­ing pre­pared to pay up.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.