The discovery by Kaspersky Lab 2016 a threat type APT (Advanced Persistence Threat) with the ability to create new tools for each victim has basically "killed" their "Breakthrough Indicators" as a credible way of detecting "infection", according to 2017's Threat Forecasts.
Forecasts are prepared annually by the company's Global Research and Analysis Group (GReAT) and are based on its extensive experience and know-how. The 2017 list includes the impact of disposable and customized tools, the increasing use of misconduct as to the identity of the attacker, the fragile nature of an Internet-connected world without restrictions, and the use of digital attacks as a weapon in base war the information.
The fall of IoCs
IoCs have long been an excellent way to share malware-known features, allowing connoisseurs to recognize an active infection. Its discovery ProjectSauron APT by the GReAT team brought the change. The team's analysis revealed an on-demand malware platform where each feature changed for each victim, defining IoCs unreliable to identify any other victim, unless this is accompanied by another means, such as strong Yara rules.
The increase in ephemeral "infections"
2017, Kaspersky Lab expects the emergence of malicious memory-resident software that has no interest in surviving beyond the first reboot that will eliminate the "infection" from the machine's memory. Such malicious software, intended for general surveillance and data collection, is likely to be sent in particularly sensitive environments by silent actors who try to avoid being caught or discovered.
"These are dramatic developments but the defenders will not be helpless. We believe that the time has come to push for wider ownership of good rules Yara. These will allow researchers to look into all aspects of a business, inspect and identify items in binary that are not used, and scan the memory for fragments of known attacks. The ephemeral "infections" highlight the need for preparation and developed heuristics in advanced anti-malware solutions, " said Andrés Guerrero-Saade, Senior Security Expert, Worldwide Research and Analysis Group.
Other major threat forecasts for 2017
- The report will have problems with false flags: As digital attacks play a more important role in international relations, reporting will become a central issue in determining policy direction and action – for example retaliation. Claiming the report may result in the risk of more criminals releasing proprietary or infrastructure tools into the open market, or opting for commercial or open-source malware.source not to mention the extensive use of the wrong direction (commonly known as false flags) to blur the reference waters.
- Increased war on information: 2016, people began to take seriously the release of broken information for offensive purposes. Such attacks are likely to increase 2017, and there is a risk that attackers will try to exploit people's willingness to accept such data as actually by manipulating or selectively disclosing information.
- In conjunction with this, the Kaspersky Lab expects an increase in Vigilant Hackers - hacking and releasing data, claiming it is for general good.
- Increasing risk of digital sabotage: As critical infrastructure and production systems remain connected to the Internet, often with little or no protection - the temptation to break or break them can be great for digital invaders, especially those with advanced skills, especially at times of increased geopolitical tension.
- Mobile spying Appliances: Kaspersky Lab expects more espionage activities to target mainly mobile devices, exploiting the fact that the security industry may have trouble getting full access to portable operating systems for forensic analysis.
- Commercialization of financial attacks: Kaspersky Lab expects the commercialization of attacks on a line similar to SWIFT robberies 2016 - with specialized resources being offered for sale in underground fora or through service offerings.
- The risk faced by payment systems: As payment systems are becoming more and more popular and popular, Kaspersky Lab also expects a corresponding increase in the interest of criminals.
- The collapse of "trust" in Ransomware: Also, Kaspersky Lab expects the ongoing increase in ransomware programs, but with the unexpected trust relationship between the victim and the offender - based on the assumption that the payment will result in the return of the data - collapse as lower-level criminals decide to enter the area. This can be the turning point in the number of people who are willing to pay.
- Integrity of devices in a crowded Internet: As IoT manufacturers continue to produce unsecured devices that pose problems in a broad context, there is a risk that vigilante hackers may get things in their hands and deactivate as many devices as possible.
- The attractive side criminals see in digital advertising: Over the next year, we will see the type of tracking and targeting tools increasingly used in advertising used to track so-called activists and dissidents. At the same time, ad networks - which provide excellent profile targeting through a combination of IPs, browser fingerprinting, browsing, and selectivity login - will be used by advanced digital espionage agents who want to hit targets while protecting their latest tools.
The full text of the 'Threat forecasts from Kaspersky Lab for 2017"Is available on the dedicated site Securelist.com.
To see what Kaspersky Lab experts predicted about 2016, you can read here.
More information: the YARA is a tool for detecting malicious files and suspicious activity practices on systems or networks that have similarities. The rules YARA - essentially search lines search strings - help analysts find, group and categorize related malware samples and make connections to them to build malicious software families and identify attack groups that may not be otherwise detected.
Download PDF version
Download EPUB
Download Full Report PDF
Download Full Report EPUB