2016 is expected to see significant evolution in cyber-espionage tradecraft, according to Kaspersky Lab experts.
They believe there will be a dramatic change in how APTs are structured and operated. It is expected to see a decreased emphasis on “persistence”, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection.
In addition, the experts see that there is less urge to demonstrate superior cyber-skills, so return on investment will rule much of the nation-state attacker’s decision-making. Therefore, there will be an increase in the repurposing of off-the-shelf malware rather than investment in bootkits, rootkits and custom malware that gets burned by research teams.
In a more long-term perspective, there is an expectation that more newcomers will enter the APT space. Cyber-mercenaries will grow in number as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.
Consumer threats will also evolve. According to experts ransomware will be gaining more ground on banking Trojans and is expected to extend into new areas such as OS X devices, often owned by wealthier and therefore more lucrative targets in addition to mobile and the Internet of Things (IoT).
Cybercriminals are constantly looking for new ways to make their victims pay. Therefore, alternative payment systems such as ApplePay and AndroidPay, as well as stock exchanges are expected to become growing targets for financial cyber-attacks.
In 2015, Kasperksy Lab experts witnessed a rise in the number of DOXing, public shaming and extortion attacks, as everyone from Hactivists to nation-states embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets. Sadly, Kaspersky Lab expects this practice to continue to rise exponentially in 2016.
“As for South Africa, we see a decrease in Internet pricing from Internet Service Providers and more affordable mobile data plans being available,” says Dirk Kollberg, senior security researcher: Global Research & Analysis Team at Kaspersky Lab. “Therefore, we are likely to get an increase in online users together with an increase in the number of attacks targeting their financial and personal data on mobiles and PCs. Ransomware has seen a rise this year in South Africa, and unfortunately the trend will not change.
“Also, there are more and more companies choosing to keep their data in the cloud due to the reduced costs and the grown Internet speed, so the opportunity for malware writers to steal company data has become a much bigger risk than a few years ago.”