2017: What cyber threats?

The predictions from Kaspersky experts for 2017 deal with the impact of tailored and freely available tools, the increasing use of false information regarding the attackers behind it, the vulnerability of arbitrary Internet connections and thus further security problems in the Internet of Things, and the use of cyberweapons in the context of an information war. Cybersecurity experts also anticipate increased vulnerability of critical infrastructure via cyber sabotage as well as an increase in espionage on mobile devices.

Indicators of cyber attacks questionable

For a long time, IT security experts were able to gain knowledge about known malware via indicators of cyberinfection and thus detect an active infection, for example. However, this method has become obsolete with the discovery of ProjectSauron [2] proved to be outdated. This is because the APT group behind it used a customized malware platform, via which each function used was modified for each targeted victim. Findings about other victims via previously used indicators were thus unreliable; unless combined with another measure such as Yara rules. (Yara is a tool to detect malicious files or patterns of suspicious activity in systems or networks that have similarities).

Increase in short-lived infections

For 2017, Kaspersky Lab expects an increase in malware active in memory, which has no interest in still being available after a reboot and therefore deletes itself from memory. Such malware, which may be intended for espionage and credential collection in general, is likely to be used by covert attackers in highly sensitive environments. This way, the detection of the attack can be disguised.

"Our predictions point to dramatic developments, however, there are defenses in place," said Juan Andrés Guerrero-Saade, senior security expert at Kaspersky Lab "We believe it is time to encourage adoption of strong YARA rules. These allow experts to deeply analyze an enterprise, examine and identify features in binary code, and scan memory for fragments of known attacks. Short-lived infections increase the need for proactive and sophisticated heuristics in advanced anti-malware solutions."

Other possible threats for 2017

False flag attribution: As cyberattacks play an increasingly large role in international relations, their attribution will be a central issue in determining political action processes - for example, in a retaliatory action. The quest for attribution could lead criminals to release their infrastructure or proprietary toolkits for mass use. Or they might opt for open-source or commercial malware to disguise their own identity and conduct the attack under a false flag.

The emergence of an information war: Already in 2016, there were increased publications about hacked information for aggressive purposes. Such attacks are likely to increase further in 2017. There is a risk that attackers will exploit people's willingness to regard such information as true by manipulating information or passing it on only in a selected manner.

The rise of the vigilant hacker: Kaspersky Lab experts also believe that hacking and dissemination of data will increase, ostensibly for the greater good.

Device integrity in a crowded Internet: As Internet of Things manufacturers continue to ship unsecured devices that cause widespread security problems, there is a risk that vigilant hackers will exploit this and disable as many devices as possible.

Growing vulnerability to cyber sabotage: Because critical infrastructure and manufacturing systems are also connected to the Internet - usually with little or no protection - the temptation for cybercriminals to damage or disrupt them is great; especially for advanced attackers and at a time of rising geopolitical tensions.

Mobile device spying: Expect to see increased espionage targeting mobile devices. One reason for this: The security industry is fighting for complete access to mobile operating systems in order to perform forensic analyses.

Commercialization of financial attacks: A commercialization of financial attacks is expected. An example of this from 2016 is the attack on the SWIFT payment system. These financial attacks are carried out with resources offered for sale or as-a-service in underground forums.

Compromise of payment systems: As payment systems become more popular and widespread, they will also attract high interest from criminals.

Loss of confidence in ransomwareAccording to Kaspersky Lab experts, the continuing rise of ransomware is accompanied by an increasing loss of trust between victims and their attackers. The reason: until now, many victims could still often rely on the attackers to unlock their data after paying a ransom. However, new cybercriminals are entering the ransomware market, and the quality assurance of the attackers seen so far could suffer as a result; the consequence would be a loss of trust on the part of the victims when it comes to paying the demanded ransom.

The criminal appeal of digital advertising: Over the coming year, we will see the kind of tracking and targeting tools increasingly used in advertising to monitor suspected activists and dissidents. Similarly, ad networks that provide excellent target profiling through a combination of IP addresses, browser fingerprints, browsing interests, and login selectivity will be used by advanced cyber espionage actors to precisely hit their targets while protecting their latest toolkits.

Source: Kaspersky Lab