classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Clues are dead
February 2017, News, Cyber Security

Kaspersky Lab’s discovery in 2016 of an APT able to create new tools for each victim, has effectively killed off ‘Indicators of Compromise’ as a reliable means of detecting infection, according to the company’s Threat Predictions for 2017. The predictions are prepared annually by the company’s expert Global Research and Analysis Team (GReAT) and are based on its wide-ranging insight and expertise.

The decline of IoCs

Indicators of Compromise (IoCs) have long been an excellent way of sharing traits of known malware, allowing defenders to recognise an active infection. The discovery by GReAT of the ProjectSauron APT changed this. Analysis of the group revealed a bespoke malware platform where every feature was altered for each victim, rendering IoCs unreliable for detecting any other victim, unless accompanied by another measure, such as strong YARA1 rules.

The rise of ephemeral infections

In 2017, Kaspersky Lab also expects to see the appearance of memory-resident malware that has no interest in surviving beyond the first reboot that will wipe the infection from the machine memory. Such malware, intended for general reconnaissance and the collection of credentials, is likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery.

“These are dramatic developments, but defenders will not be left helpless. We believe that it is time to push for the wider adoption of good YARA rules. These will allow researchers to scan far-and-wide across an enterprise, inspect and identify traits in binaries at rest, and scan memory for fragments of known attacks. Ephemeral infections highlight the need for proactive and sophisticated heuristics in advanced anti-malware solutions,” said Juan Andrés Guerrero-Saade, senior security expert, Global Research and Analysis Team, Kaspersky Lab.

Other top threat predictions for 2017

• Attribution will flounder among false flags: As cyber attacks come to play a greater role in international relations, attribution will become a central issue in determining a political course of action – such as retaliation. The pursuit of attribution could result in the risk of more criminals dumping infrastructure or proprietary tools on the open market, or opting for open-source and commercial malware, not to mention the widespread use of misdirection (generally known as false flags) to muddy the waters of attribution.

• The rise of information warfare: In 2016, the world started to take seriously the dumping of hacked information for aggressive purposes. Such attacks are likely to increase in 2017, and there is a risk that attackers will try to exploit people’s willingness to accept such data as fact by manipulating or selectively disclosing information. Alongside this, Kaspersky Lab expects to see a rise in vigilante hackers – hacking and dumping data, allegedly for the greater good.

• Growing vulnerability to cyber-sabotage: As critical infrastructure and manufacturing systems remain connected to the Internet, often with little or no protection – the temptation to damage or disrupt them could prove overwhelming for cyber attackers, particularly those with advanced skills, and during times of rising geopolitical tension.

• Espionage goes mobile: Kaspersky Lab expects to see more espionage campaigns targeted primarily at mobile, benefiting from the fact that the security industry can struggle to gain full access to mobile operating systems for forensic analysis.

• The commodification of financial attacks: Kaspersky Lab expects to see the ‘commodification’ of attacks along the lines of the 2016 SWIFT heists in 2016 – with specialised resources being offered for sale in underground forums or through as-a-service schemes.

• The compromise of payment systems: As payment systems become increasingly popular and common, Kaspersky Lab expects to see this matched by a greater criminal interest.

• The breakdown of ‘trust’ in ransomware: Kaspersky Lab also anticipates the continuing rise of ransomware, but with the unlikely trust relationship between the victim and their attacker – based on the assumption that payment will result in the return of data – damaged as a lesser grade of criminal decides to enter the space. This could be the turning point in people being prepared to pay up.

• Device integrity in an over-crowded Internet: As IoT device manufacturers continue to pump out unsecured devices that cause wide-scale problems, there is a risk that vigilante hackers could take matters into their own hands and disable as many devices as possible.

• The criminal appeal of digital advertising: Over the next year, we will see the kind of tracking and targeting tools increasingly used in advertising being used to monitor alleged activists and dissidents. Similarly, ad networks – which provide excellent target profiling through a combination of IPs, browser fingerprinting, browsing interest and login selectivity – will be used by advanced cyber espionage actors keen to precisely hit targets while protecting their latest toolkits.

The full text of the report Kaspersky Lab Threat Predictions for 2017 is available on https://securelist.com

Reference

1 YARA is a tool for uncovering malicious files or patterns of suspicious activity on systems or networks, which share similarities. YARA rules – basically search strings – help analysts to find, group, and categorise related malware samples and draw connections between them in order to build malware families and uncover groups of attacks that might otherwise go unnoticed.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Another day, another attack
    July 2017, Technews Publishing, News
    One of the sad things about South Africa is that we have all become hardened to crime, especially violent crime. For whatever reason, the media does not report most of the crime that happens, unless it ...
  • Residential Estate Security Conference 2017
    July 2017, Technews Publishing, This Week's Editor's Pick, News, Conferences & Events
    Hi-Tech Security Solutions, in cooperation with Rob Anderson, will be hosting a full day conference covering residential estate security in Johannesburg on 15 August 2017.
  • ASSA ABLOY acquires Inhep
    July 2017, Inhep Electronics Holdings, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, News
    Inhep is the latest South Africa security designer and manufacturer to be snapped up by ASSA ABLOY. It seems that local is internationally lekker.
  • Axis moves to new offices
    July 2017, Axis Communications SA, News
    Axis Communications has moved its Johannesburg offices to The Crossing, 372 Main Road in Bryanston, only a short distance from its old offices.
  • Morpho becomes OT-MORPHO
    July 2017, Morpho South Africa, News, Access Control & Identity Management
    Safran has announced the completion of the sale of its identity and security activities to Advent International for Euro 2.4 billion.
  • Dahua secures its IoT
    July 2017, Dahua Technology, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News
    Dahua Technology announced its selection of Synopsys to enhance the security of its Internet of Things (IoT) devices and solutions.
  • Sensor first to offer a 5-year warranty
    July 2017, Sensor Security Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News
    Sensor Security takes the lead and offers 5-year warranty for all Hikvision network IP equipment.
  • Crest launches SkillsGrid
    July 2017, News, Security Services & Risk Management
    Crest Advisory Arica has announced its appointment as certified consultants for SkillsGrid, an intelligent system designed to assist in deploying people optimally in the workplace.
  • Avigilon integrates Virdi
    July 2017, Avigilon, News, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
    Avigilon Access Control Manager integrated with Virdi’s biometric system provides additional authentication for sites requiring a high level of security.
  • Mtrack declares WAR
    July 2017, News, Asset Management, EAS, RFID
    Mtrack is announcing its latest hardware platform, the MtrackWAR, the next level of technology in wireless asset tracking and recovery.
  • New brand open day for Came BPT
    July 2017, Came BPT South Africa, News, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
    Came BPT South Africa held open days on 6 and 7 June 2017 at its Johannesburg office in order to have customers experience the new Came BPT brand as well as the new VisionBPT and MileSight ranges.
  • Stallion hosts open day
    July 2017, This Week's Editor's Pick, News, Security Services & Risk Management
    Stallion Security hosted an open day in June in which clients and potential clients were invited to the company’s Johannesburg headquarters to learn more about the company and the various services it ...

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.