Kaspersky Lab’s experts revealed their predictions for 2016, which are based on the expertise of the Global Research and Analysis Team, the company’s 42 top security experts, located all over the world. Each member contributed unique expertise and, in 2015 alone, their insight and intelligence resulted in detailed reports on 12 APT actors, “speaking” different languages, including French, Arabic, Chinese, Russian, English, among others.
“2016 will also see more players entering the world of cyber-crime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder,” said Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky Lab’s experts anticipate that in 2016 we will see significant evolution in cyber espionage tradecraft. First, there will be a dramatic change in how APTs are structured and operated. It is expected to see a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection. Besides the experts see that there is less urge to demonstrate superior cyber-skills, so return on investment will rule much of the nation-state attacker’s decision-making. Therefore there will be an increase in the repurposing of off-the-shelf malware rather than investment in bootkits, rootkits and custom malware that gets burned by research teams.
In a more long-term perspective, there is an expectation that more newcomers will enter the APT space. Cyber-mercenaries will grow in number as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.
Consumer threats will also evolve. According to experts ransomware will be gaining more ground on banking Trojans and is expected to extend into new areas such as OS X devices, often owned by wealthier and therefore more lucrative targets in addition to mobile and the Internet-of-Things.
Cyber criminals are constantly looking for new ways to may their victims pay. Therefore, alternative payment systems such as ApplePay and AndroidPay, as well as stock exchanges are expected to become growing targets for financial cyber-attack.
In 2015 Kasperksy Lab experts witnessed a rise in the number of DOXing, public shaming and extortion attacks, as everyone from Hactivists to nation-states embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets. Sadly, Kaspersky Lab expects this practice to continue to rise exponentially in 2016.
In order to be able to minimise the future risks connected with cyber-attacks of the future, businesses should create and deploy a complete security strategy. It is important to educate staff about cyber security, implement multi-layered Endpoint protection with extra proactive layers and protect all elements of infrastructure, patch vulnerabilities, mind everything that is mobile and implement encryption for communication and sensitive data. Companies that have high risks of encountering cyberattacks should consider creating a dedicated Security Operations Centre.
Individuals should invest in a robust security solution for all devices and switch to encrypted communication. However, they should not solely rely on technology. Studying the basics of cybersecurity and exploring options that come with the protective solution can save from many incidents. Besides with more and more of our lives being exposed online – it might be useful to revise online habits, as once the information is uploaded it stays online forever and can be used against you or your company.
The full text of the “2016 Prediction: It’s the end of the world for APTs” report is available on the Securelist website.