The discovery by Kaspersky Lab 2016 a threat type APT (Advanced Persistent Threat) with the ability to create new ones tools for each victim has effectively "killed" "Breach Indicators" as a reliable way to detect "infection", according to the company's 2017 Threat Forecasts.
Forecasts are prepared annually by the company's Global Research and Analysis Group (GReAT) and are based on its extensive experience and know-how. The 2017 list includes the impact of disposable and customized tools, the increasing use of misconduct as to the identity of the attacker, the fragile nature of an Internet-connected world without restrictions, and the use of digital attacks as a weapon in base war the information.
The fall of IoCs
IoCs have long been an excellent way to share malware-known features, allowing connoisseurs to recognize an active infection. Its discovery ProjectSauron APT by the GReAT team brought the change. The team's analysis revealed an on-demand malware platform where each feature changed for each victim, defining IoCs unreliable to identify any other victim, unless this is accompanied by another means, such as strong Yara rules.
The increase in ephemeral "infections"
2017, Kaspersky Lab expects the emergence of malicious memory-resident software that has no interest in surviving beyond the first reboot that will eliminate the "infection" from the machine's memory. Such malicious software, intended for general surveillance and data collection, is likely to be sent in particularly sensitive environments by silent actors who try to avoid being caught or discovered.
"These are dramatic developments but the defenders will not be helpless. We believe that the time has come to push for wider ownership of good rules Yara. These will allow researchers to look into all aspects of a business, inspect and identify items in binary that are not used, and scan the memory for fragments of known attacks. The ephemeral "infections" highlight the need for preparation and developed heuristics in advanced anti-malware solutions, " δήλωσε ο Andrés Guerrero-Saade, Senior Security Consultant, Global Research and Analysis Group.
Other major threat forecasts for 2017
- The report will have problems with false flags: As digital attacks will play a more important role in international relations, the petition will be a central issue in defining a policy direction and action - for example retaliation. Claiming the petition may result in the risk of more criminals to launch proprietary tools or infrastructure tools in the open market, or to choose malicious software with a commercial or open-source character, not to mention the widespread use of the wrong direction (generally known as false flags) to blur the reference water.
- Increased war on information: 2016, people began to take seriously the release of broken information for offensive purposes. Such attacks are likely to increase 2017, and there is a risk that attackers will try to exploit people's willingness to accept such data as actually by manipulating or selectively disclosing information.
- In conjunction with this, the Kaspersky Lab expects an increase in Vigilante Hackers - hacking and releasing data, claiming it is for general good.
- Increasing risk of digital sabotage: As critical infrastructure and production systems remain connected to the Internet, often with little or no connectivity protection – the temptation to damage or disrupt them can seem great to digital attackers, especially those with advanced skills, and especially in times of heightened geopolitical tension.
- Espresso on Portable Devices: Kaspersky Lab expects more espionage efforts to primarily target mobile devices, taking advantage of the fact that the security industry may have problem gain full access to mobile operating systems for forensic analysis.
- Commercialization of financial attacks: Kaspersky Lab expects the commercialization of attacks on a line similar to SWIFT robberies 2016 - with specialized resources being offered for sale in underground fora or through service offerings.
- The risk faced by payment systems: As payment systems are becoming more and more popular and popular, Kaspersky Lab also expects a corresponding increase in the interest of criminals.
- The collapse of "trust" in Ransomware: Also, Kaspersky Lab expects the ongoing increase in ransomware programs, but with the unexpected trust relationship between the victim and the offender - based on the assumption that the payment will result in the return of the data - collapse as lower-level criminals decide to enter the area. This can be the turning point in the number of people who are willing to pay.
- Integrity of devices in a crowded Internet: As IoT manufacturers continue to produce unsecured devices that pose problems in a broad context, there is a risk that vigilante hackers may get things in their hands and deactivate as many devices as possible.
- The attractive side criminals see in digital advertising: Over the next year, we will see the type of tracking and targeting tools increasingly used in advertising used to track so-called activists and dissidents. At the same time, ad networks - which provide excellent profile targeting through a combination of IPs, browser fingerprinting, browsing, and selectivity login - will be used by advanced digital espionage agents who want to hit targets while protecting their latest tools.
The full text of the 'Threat forecasts from Kaspersky Lab for 2017"Is available on the dedicated site Securelist.com.
To see what Kaspersky Lab experts predicted about 2016, you can read here.
More information: the YARA is a tool for detecting malicious files and suspicious activity practices on systems or networks that have similarities. The rules YARA - essentially search lines search strings - help analysts find, group and categorize related malware samples and make connections to them to build malicious software families and identify attack groups that may not be otherwise detected.
Download PDF version
Download EPUB
Download Full Report PDF
Download Full Report EPUB