Trends for 2019: Threat actors operate more covertly
In the coming year, threat actors in the APT (advanced persistent threat) space will split into two groups: In addition to the traditional, well-equipped and highly experienced attackers, energetic, inexperienced newcomers will enter the APT playing field.
According to Kaspersky Lab's forecast (see more detailed Report) on the threat of targeted attacks for 2019, however, the former group will be the greater challenge for companies. The reason: even more sophisticated techniques that will become increasingly difficult to detect and attribute.
Forecast: No more major APTs
After the cybersecurity industry was able to uncover some complex state-sponsored operations in recent years, cybersecurity experts believe that threat actors will tend to retreat underground; thus, staying under the public radar and minimizing the risk of being detected. Armed with sufficient resources, actors should be able to further refine their toolkits and practices, making detection and attribution extremely difficult.
"In 2018, threat actors have triggered a paradigm shift," said Vicente Diaz, security researcher at Kaspersky Lab. "Public awareness has grown and investigations by experts have brought extensive cyber operations to the light of day. This will lead to a change in the cyber landscape: Experienced threat actors will shy away from attention and go underground, increasing their likelihood of success. But this will also make the detection of new, large-scale, sophisticated operations very unlikely, and the art of detection and attribution will definitely have to reach a new level."
This new approach will most likely include the development of tools that target network hardware. Victims are thus attacked via a core component of networking and threat actors can refocus their activities: on attacks via hidden botnets or other devious attacks against selected targets.
More predictions for targeted attacks in 2019
Attacks on supply chains remain: They are among the most feared and successful attack vectors of the past two years. Suppliers will remain an effective attack vector in 2019.
Mobile malware continues to be an issue: For many threat actors, mobile malware is part of the attack campaign to reach as many potential victims as possible. Even if no large outbreaks are expected here, experienced attackers will look for new ways to access their victims' devices.
IoT botnets will continue to grow inexorably: This warning is repeated year after year, but it should by no means be underestimated. Because the more powerful IoT botnets become, the more devastating their effect can be if they fall into the wrong hands.
Spear phishing will gain in importance: Various attacks on social networks such as Facebook, Instagram, but also LinkedIn and Twitter have opened up a marketplace for stolen data. The recent large data leaks on several social media can help attackers make spear phishing attacks even more promising for attackers.
New APT (Advanced Persistent Threat) actors are entering the scene: While APT players who have been active for a long time are likely to go underground, new players will enter the field, because the hurdles have never been so low. This is because the market, with hundreds of effective tools, re-engineered, leaked exploits, and all kinds of frameworks, is richly populated and open to anyone. New players are expected primarily in Southeast Asia and the Middle East.
Public backlash: The findings of recent memorable attacks, such as on Sony Entertainment Network or the Democratic Party in the U.S., have brought the question of justice and exposure of the threat actors more into the center of public debate. The outrage could prompt calls for more and more serious diplomatic consequences around the world.
Source: Kaspersky Lab