Security predictions from Kaspersky
Looking at the threat landscape for 2016, Kaspersky's experts foresee a major shift in Advanced Persistent Threats, or APTs, with deeper attacks that leave fewer traces and will therefore be harder to trace. In the longer term, more cyber mercenary groups will also get involved in the APT sector, in some cases offering new business models such as "access-as-a-service".
Security provider Kaspersky predicts for 2016:
APTs will change dramatically in structure and approach: Continuous, i.e. persistent, threats will decrease in favor of 'memory-resistant' malware that no longer uses its own files if possible. Attackers thus reduce traces and detection of the malware becomes more difficult. Instead of expensive investments in complex bootkits, rootkits, and malware specifically tailored to victims, cybercriminals could rely on existing off-the-shelf malware. Attackers supported by nation states in particular do not want to flaunt their capabilities, but instead strictly orient themselves to the cost/result ratio of their attacks.
Greater threat from ransomware: Extortionist ransomware will continue to gain ground over banking Trojans. Mac and mobile devices will be increasingly attacked. Kaspersky Lab also expects the Internet of Things to be attacked by ransomware.
Alternative payment systems such as ApplePay and AndroidPay, as well as stock market trading, will increasingly come into focus in the financial sector.
Exposed privacy: Last year saw an increase in so-called DOXing attacks [3], public exposures, and cyber extortion. This is because virtually all attackers - from hacktivists to state actors - strategically use information accessible on the web, such as private photos, information, customer lists or code, to expose their victims. Kaspersky expects this trend to continue in 2016.
"Balkanization of the Internet: The Internet is also likely to continue to divide into national units beyond the coming year. Once isolated Internet units have emerged, the availability of the Internet in each region can be controlled via attacks on the network nodes that provide cross-border access to the Internet. Therefore, a kind of black market for connectivity can emerge. Moreover, the more darknet technologies spread, the more it will bring developers operating on the dark side of the Internet. They will coordinate to keep the darknet hidden.
Access-as-a-Service - new business model for cyber mercenaries: Kaspersky Lab experts believe that new players will get involved in APT in the coming year. Because more and more parties want to profit from cyberattacks, there will also be more cyber mercenaries than before. Those willing to spend money on online attacks will consider the attack expertise of cyber mercenaries. This is where a new business model will take root: Via "access-as-a-service," cyber mercenaries could offer digital access to high-profile victims
"We expect new players to want to participate in the undoubtedly lucrative business of cyberattacks," predicts Juan Andrés Guerrero-Saade of Kaspersky Lab. "Cyber mercenaries will fulfill the growing requests for new malware or carry out attacks themselves right away. This creates a kind of 'access-as-a-service' business model, where cybercriminals collect the data of potential victims to sell to customers at the highest bid."
Recommendations for companies
Here's what companies can do immediately to combat the coming cyber threats:
- Cybersecurity training for employees
- Protect endpoints comprehensively, multilayered and proactively
- Fast, regular and automated elimination of program vulnerabilities via patches
- Extend security focus to mobile devices
- Encryption of communication channels and critical data
- Protect all elements of the infrastructure, including gateways, email, and other collaboration tools
In addition, companies should implement the following recommendations:
- Develop and implement an appropriate security strategy. This should cover the prediction of possible threats and risks as well as the prevention of current threats. The effective detection of and response to threats is crucial.
- Establishment of a dedicated Security Operations Center with appropriate specialists. Cyber threats are too complex and threatening to be defended against in addition to the general day-to-day IT business.