Advanced Persistent Threats, or APTs, as we know them as of today, will cease to be in the current year itself, according to Kaspersky Lab experts, replacing them with deeper, embedded attacks that are harder to detect and trace back to the perpetrators.
In their Predictions for 2016, the experts reveal that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system. They will also rely more on off-the-shelf malware to minimise their initial investment.
Kaspersky Lab’s predictions are based on the expertise of its Global Research and Analysis Team — the company’s 42 top security experts, located all over the world. In 2015 alone, their insight and intelligence resulted in detailed public reports on 12 APT actors, “speaking” different languages, including French, Arabic, Chinese, Russian, English, among others.
Kaspersky Lab’s experts anticipate that 2016 will see:
⇒ With APTs losing letters, there will be a dramatic change in how APTs are structured and operate:
o There could be a decreased emphasis on ‘persistence’, with greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection; and
o Rather than investing in bootkits, rootkits and custom malware that gets burned by research teams, the Kaspersky Lab expects to see an increase in the repurposing of off-the-shelf malware. As the urge to demonstrate superior cyber-skills wears off, return on investment will rule much of the nation-state attacker’s decision-making and nothing beats low initial investment for maximizing ROI.
⇒ Thieves in the TV or crime in the coffee-maker: Ransomware will gain ground on banking Trojans and is expected to extend into new areas, such as OS X devices, often owned by wealthier and therefore more lucrative targets, in addition to mobile and the Internet-of-Things.
⇒ New ways to make you pay: Alternative payment systems, such as ApplePay and AndroidPay, as well as stock exchanges will become growing targets for financial cyber-attack.
⇒ A Leaked life: 2015 saw a rise in the number of DOXing, public shaming and extortion attacks, as everyone from Hactivists to nation-states embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets. Sadly, Kaspersky Lab expects this practice to continue to rise exponentially in 2016.
Some of the longer-term predictions of the Lab experts include:
• Evolution of APT attacks – Access-as-a-Service. An expectation that more newcomers will enter the APT space. Cyber-mercenaries will grow in number as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.
• Balkanization of the Internet – The appearance of a balkanized Internet, divided by countries, is likely.
If that happens, Internet availability in any region could be controlled by attacks on the service junctures that provide access across different boundaries. Such a landscape could even lead to a black market for connectivity. Similarly, as the technologies that power the Internet’s underground continue to gain mainstream attention and widespread adoption, developers with a stake in shadow markets, exchanges, and forums will develop better technologies to keep the underground truly underground.
The action plan suggested by the expert team can be summarised as below:
• Ignore the detractors and implement mature, multi-layered Endpoint protection with extra proactive layers
• Patch vulnerabilities early, patch often, and automate the process
• Mind everything that’s mobile
• Implement encryption for communications and sensitive data
• Protect all elements of the infrastructure – gateways, email, collaboration
Actions for tomorrow-
• Create and deploy a complete security strategy – from the Prediction of possible dangers and risks to the Prevention of ongoing threats, all supported by effective Detection and an efficient Response
• Cybersecurity is too complex and serious to mix it with generic IT. Consider creating a dedicated Security Operations Center
Suggestions for individuals-
• Invest in a robust security solution for all devices
• Explore and make use of the extra options that come with your protective solution, such as Default Deny Execution Controls, Whitelisting, Encryption, and Automated Backups.
• Study the basics of cybersecurity and teach your friends
• Switch to encrypted communication
• Consider revising your online habits, and what information you share. Once uploaded, the information stays in the Internet forever and can be used against you or your company.
Kaspersky Lab is one of the world’s top cybersecurity companies and the largest one among the privately-owned ones. The company has been ranked by IDC among the world’s top four vendors of security solutions for endpoint users. Since 1997, Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.