跳到主体内容

The End of the World for APTs As We Know Them in 2016

2015年11月18日

Advanced Persistent Threats as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts

Advanced Persistent Threats as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts.  In theirPredictions for 2016, the experts reveal that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system.  They will also rely more on off-the-shelf malware to minimize their initial investment.

Predictions-No-more-APTs.png

Kaspersky Lab’s Predictions for 2016 are based on the expertise of the Global Research and Analysis Team, the company’s 42 top security experts, located all over the world. Each member contributes unique expertise and, in 2015 alone, their insight and intelligence resulted in detailed public reports on 12 APT actors, “speaking” different languages, including French, Arabic, Chinese, Russian, English, among others. 

Kaspersky Lab’s experts anticipate that 2016 will see:

  • APTs lose letters, gain weight.  There will be a dramatic change in how APTs are structured and operate:
    • Kaspersky Lab expects to see a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection.
    • Rather than investing in bootkits, rootkits and custom malware that gets burned by research teams, Kaspersky Lab expects to see an increase in the repurposing of off-the-shelf malware. As the urge to demonstrate superior cyber-skills wears off, return on investment will rule much of the nation-state attacker’s decision-making and nothing beats low initial investment for maximizing ROI.
  • Thieves in the TV and/or crime in the coffee-maker. Ransomware will gain ground on banking Trojans and is expected to extend into new areas such as OS X devices, often owned by wealthier and therefore more lucrative targets, in addition to mobile and the Internet-of-Things.
  • New ways to make you pay. Alternative payment systems such as ApplePay and AndroidPay, as well as stock exchanges will become growing targets for financial cyber-attack.
  • A Leaked life. 2015 saw a rise in the number of DOXing, public shaming and extortion attacks, as everyone from Hactivists to nation-states embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets. Sadly, Kaspersky Lab expects this practice to continue to rise exponentially in 2016.

2016 will see significant evolution in cyberespionage tradecraft, as sophisticated threat actors minimize investment by repurposing commercially available malware and become more adept at hiding their advanced tools, infrastructure, and identities by ditching persistence altogether,” saidJuan AndrésGuerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab.

“2016 will also see more players entering the world of cyber-crime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder.” addedJuan AndrésGuerrero-Saade.

Kaspersky Lab’s longer-term predictions include, among others:

  • Evolution of APT attacks – Access-as-a-Service. An expectation that more newcomers will enter the APT space. Cyber-mercenaries will grow in number as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.
  • Balkanization of the Internet. The appearance of a balkanized Internet, divided by countries.  If this point is reached, Internet availability in any region could be controlled by attacks on the service junctures that provide access across different boundaries. Such a landscape could even lead to a black market for connectivity. Similarly, as the technologies that power the internet’s underground continue to gain mainstream attention and widespread adoption, developers with a stake in shadow markets, exchanges, and forums will develop better technologies to keep the underground truly underground.

“A new year of challenging developments lies ahead for the IT security industry. We believe that sharing insights and predictions with our colleagues across the industry as well as with government, law enforcement, and private-sector organizations will promote the necessary collaboration to proactively face oncoming challenges head-on.” concludedJuan AndrésGuerrero-Saade.

How businesses and individuals can prepare to meet the cyber-risks of the future

Actions a business should take today:

  • Focus on cybersecurity education for staff.
  • Ignore the detractors and  implement mature, multi-layered Endpoint protection with extra proactive layers
  • Patch vulnerabilities early, patch often, and automate the process
  • Mind everything that’s mobile
  • Implement encryption for communications and sensitive data
  • Protect all elements of the infrastructure – gateways, email, collaboration

Actions a business should take tomorrow:

  • Create and deploy a complete security strategy – from the Prediction of possible dangers and risks to the Prevention of ongoing threats, all supported by effective Detection and an efficient Response
  • Cybersecurity is too complex and serious to mix it with generic IT. Consider creating a dedicated Security Operations Center

And what about individuals?

  • Invest in a robust security solution for all devices 
  • Explore and make use of the extra options that come with your protective solution, such as Default Deny Execution Controls, Whitelisting, Encryption, and Automated Backups.
  • Study the basics of cybersecurity and teach your friends
  • Switch to encrypted communication
  • Consider revising your online habits, and what information you share. Once uploaded, the information stays in the Internet forever and can be used against you or your company.

The full text of the “2016 Prediction: It’s the end of the world for APTs” report is available on the Securelist website.

To look back at what the Kaspersky Lab experts expected to see in 2015, please read the article from Kaspersky Security Bulletin 2014, Predictions 2015 and “A look into the APT crystal ball” by Costin Raiu, Director of Global Research and Analysis Team.

The End of the World for APTs As We Know Them in 2016

Advanced Persistent Threats as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻