The discovery by Kaspersky Lab 2016 a threat type APT (Advanced Persistence Threat) with the ability to create new tools for each victim has basically "killed" their "Breakthrough Indicators" as a credible way of detecting "infection", according to 2017's Threat Forecasts.
Forecasts are prepared annually by the company's Global Research and Analysis Group (GReAT) and are based on its extensive experience and know-how. The 2017 list includes the impact of disposable and customized tools, the increasing use of misconduct as to the identity of the attacker, the fragile nature of an Internet-connected world without restrictions, and the use of digital attacks as a weapon in base war the information.
The fall of IoCs
IoCs have long been an excellent way to share malware-known features, allowing connoisseurs to recognize an active infection. Its discovery ProjectSauron APT from the GReAT team brought her change. The team's analysis revealed a bespoke malware platform where every feature changed for every victim, rendering IoCs unreliable for detecting any other victim unless accompanied by some other means, such as strong Yara rules.
The increase in ephemeral "infections"
In 2017, Kaspersky Lab expects it appearance κακόβουλου λογισμικού memory-resident που δεν έχει κανένα ενδιαφέρον να επιβιώσει πέρα από το πρώτο reboot που θα εξαλείψει τη «μόλυνση» από τη μνήμη του μηχανήματος. Τέτοιου είδους κακόβουλο λογισμικό, που προορίζεται για γενική παρακολούθηση και συλλογή στοιχείων, είναι πιθανό να αποσταλεί σε ιδιαίτερα ευαίσθητα περιβάλλοντα από αθόρυβους δράστες που προσπαθούν να αποφύγουν να τραβήξουν την προσοχή ή να ανακαλυφθούν.
"These are dramatic developments but the defenders will not be helpless. We believe that the time has come to push for wider ownership of good rules Yara. These will allow researchers to look into all aspects of a business, inspect and identify items in binary that are not used, and scan the memory for fragments of known attacks. The ephemeral "infections" highlight the need for preparation and developed heuristics in advanced anti-malware solutions, " said Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Group.
Other major threat forecasts for 2017
- The report will have problems with false flags: As digital attacks play a more important role in international relations, reporting will be a central issue in defining a policy and action - for example retaliation. Claiming the petition may result in the risk of more criminals launching proprietary tools or infrastructure tools in the open market, or choosing malware with commercial or open-source not to mention the extensive use of the wrong direction (commonly known as false flags) to blur the reference waters.
- Increased war on information: 2016, people began to take seriously the release of broken information for offensive purposes. Such attacks are likely to increase 2017, and there is a risk that attackers will try to exploit people's willingness to accept such data as actually by manipulating or selectively disclosing information.
- In conjunction with this, the Kaspersky Lab expects an increase in Vigilante Hackers - hacking and releasing data, claiming it is for general good.
- Increasing risk of digital sabotage: Καθώς οι κρίσιμες υποδομές και τα συστήματα παραγωγής παραμένουν συνδεδεμένα στο Internet, συχνά με λίγη ή καθόλου προστασία – ο πειρασμός για την damage ή διακοπή τους μπορεί να φανεί μεγάλος για τους ψηφιακούς εισβολείς, ειδικά εκείνους που έχουν προηγμένες δεξιότητες, και ειδικά σε καιρό αυξημένης γεωπολιτικής έντασης.
- Espresso on Portable Devices: Kaspersky Lab expects more espionage activities to target mainly mobile devices, exploiting the fact that the security industry may have trouble getting full access to portable operating systems for forensic analysis.
- Commercialization of financial attacks: Kaspersky Lab expects the commercialization of attacks on a line similar to SWIFT robberies 2016 - with specialized resources being offered for sale in underground fora or through service offerings.
- The risk faced by the systems payments: As payment systems are becoming more and more popular and popular, Kaspersky Lab also expects a corresponding increase in the interest of criminals.
- The collapse of "trust" in Ransomware: Also, Kaspersky Lab expects the ongoing increase in ransomware programs, but with the unexpected trust relationship between the victim and the offender - based on the assumption that the payment will result in the return of the data - collapse as lower-level criminals decide to enter the area. This can be the turning point in the number of people who are willing to pay.
- Integrity of devices in a crowded Internet: As IoT manufacturers continue to produce unsecured devices that pose problems in a broad context, there is a risk that vigilante hackers may get things in their hands and deactivate as many devices as possible.
- The attractive side that criminals see in digital advertising: Over the next year, we will see the kind of monitoring and targeting tools used more and more in advertising being used to monitor so-called activists and dissidents. At the same time, ad networks - which provide excellent profile targeting through a combination of IPs, browser fingerprinting, browsing interest and login selectivity – will be used by advanced digital espionage agents who want to hit targets while protecting their latest tools.
The full text of the 'Threat forecasts from Kaspersky Lab for 2017" is available on the dedicated website Securelist.com.
To see what Kaspersky Lab experts predicted about 2016, you can read here.
More information: the YARA is a tool for detecting malicious files and suspicious activity practices on systems or networks that have similarities. The rules YARA – ουσιαστικά γραμμές searchς search strings - help analysts find, group and categorize related malware samples and make connections to them to build malicious software families and identify attack groups that may not be otherwise detected.
Download PDF version
Download EPUB
Download Full Report PDF
Download Full Report EPUB