Technology is evolving at a rapid pace, with mobile, cloud, analytics and other big initiatives driving significant shifts in the IT world. Rest assured that cybercriminals are doing their best to keep pace.
Security experts predict that malicious threat actors will differentiate their tactics in the coming months in order to capitalize on the changing technology landscape. In addition to refining the ransomware tactics that worked so well in 2016, hackers are likely to make increasing use of emerging malware platforms that are functionally disposable, highly targeted and stripped of any of the typical clues that would normally indicate a computer intrusion, experts say.
Intel Security’s McAfee Labs has called 2016 “the year of ransomware,” noting that new ransomware samples in 2016 totaled 3,860,603 — an increase of 80 percent in total ransomware samples since the beginning of the year. Beyond the leap in volume, the firm said ransomware exhibited notable technical advances in 2016, including partial or full disk encryption, encryption of web sites used by legitimate applications, more-sophisticated exploit kits for ransomware delivery, and more ransomware-as-a-service developments.
In a December 2016 Trend Micro survey of 225 U.S. organizations, 53 percent of respondents said they were victims of a ransomware attack in 2016. However, Trend Micro says that as organizations develop better defenses against these attacks, malicious attackers are likely to shift their tactics. The firm says likely new targets for ransomware in 2017 will likely include IoT devices and non-desktop computing terminals such as point-of-sale systems and ATMs.
Kaspersky Lab and McAfee Labs both expect an imminent emergence of difficult-to-detect malware platforms in which legitimate code is infected with Trojans that leverage the legitimacy to remain hidden as long as possible. There are a number of ways hackers can accomplish this, including changing executable files on the fly through man-in-the-middle attacks.
Kaspersky Lab also warns that cybercriminals are increasingly using malicious PowerShell scripts to create functionally disposable malware designed to be deployed in highly sensitive environments. These so-called “ephemeral infections” perform reconnaissance, collect sensitive information and then disappear without a trace when the infected computer is rebooted.
Kaspersky says another particularly insidious threat gaining steam is “bespoke malware.” Unlike most classes of malware that are designed for wide distribution, this is a custom-designed threat in which every feature is altered for a specific target. Because of this customization, there are none of the telltale signs — known as Indicators of Compromise (IOCs) — that would point to non-human behavior. Without common IOCs such as suspicious file and registry changes, network traffic spikes or unusual account activity, these threats are nearly impossible to discover using traditional methods.
Kaspersky Lab says these new threats highlight the need for proactive and sophisticated heuristics in advanced anti-malware solutions. The firm also advocates the increased use of the open-source YARA tool to scan networks and uncover malware patterns. YARA provides a robust language for identifying and classifying malware, making it easier to reverse engineer malicious code.
Security has always been a cat-and-mouse game, in which IT and cybercriminals continually refine their tactics in an attempt to stay one step ahead of the other. Organizations must remain vigilant and continue to enhance their security environment. Our next post will offer 9 best practices for protecting your organization against emerging technology threats.
