Advanced Persistent Threats, or APTs, will cease to exist in 2016, but they will be replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, experts from leading software-security company Kaspersky Lab say.
In their predictions for this year, the experts reveal that, while the “Threat” will remain, the concept of “Advanced” and “Persistent” will disappear to reduce the traces left in an infected system. They will also rely more on off-the-shelf malware to minimize their initial investment.
The predictions are based on the expertise of Kaspersky Lab’s global research and analysis team, made up of 42 top security experts from all over the world.
Each team member contributes unique expertise and, in 2015 alone, their insights and intelligence resulted in detailed public reports on 12 APT actors, “speaking” different languages, including French, Arabic, Chinese, Russian and English.
Kaspersky Lab experts say 2016 will see:
• APTs losing letters, gaining weight. There will be a dramatic change on how APTs are structured and operate. Kaspersky Lab expects to see a decreased emphasis on persistence and a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and, thereby, avoiding detection.
Rather than investing in bootkits, rootkits, and custom malware that gets burned by research teams, Kaspersky Lab expects to see an increase in the repurposing of off-the-shelf malware. As the urge to demonstrate superior cyberskills wears off, return on investment (ROI) will rule much of the nation-state attacker’s decision-making and nothing beats low initial investment for maximizing ROI.
• Thieves in the television set and/or crime in the coffee-maker. Ransomware will gain ground on banking Trojans and is expected to extend into new areas, such as OS X devices, which are often owned by wealthier and, therefore, more lucrative targets, in addition to mobile and the Internet-of-Things.
• New ways to make you pay. Alternative payment systems, such as ApplePay and AndroidPay, and stock exchanges will become growing targets for a financial cyberattack.
• A leaked life. Last year saw a rise in the number of DOXing, public shaming and extortion attacks, as everyone, from hactivists to nation-states, used the strategic dumping of private pictures, information, customer lists and codes to shame their targets. Sadly, Kaspersky Lab expects this practice to continue in 2016.
“2016 will see a significant evolution in cyber espionage tradecraft, as sophisticated threat actors minimize investment by repurposing commercially available malware and become more adept at hiding their advanced tools, infrastructure and identities by ditching persistence altogether,” said Juan Andrés Guerrero-Saade, a senior security expert at the global research and analysis team of Kaspersky Lab.
“2016 will also see more players entering the world of cybercrime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder,” he added.