Kaspersky Lab researchers release threat predictions for 2018 with legitimate software likely to be used to target users

Kaspersky Lab announced this week that its targeted threat predictions for 2018, which are prepared annually by the company’s expert Global Research and Analysis Team (GReAT), drawing on the research and experience gained over the course of the year. For 2018, Kaspersky Lab has complemented its targeted threat predictions with a series of industry and technology threat predictions.

According to the predictions, in the coming year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate.

Other hard-to-block attacks, such as those involving high-end mobile malware, are also set to rise as attackers resort to new tricks to breach increasingly well-protected targets.

In 2017, supply chain attacks such as Shadowpad and ExPetya demonstrated how easily third party software could be used to gain entry into enterprises. This threat is expected to increase in 2018 as some of the world’s most dangerous threat actors start adopting the approach as an alternative to watering hole techniques — or because previous attempts to break in have failed.

“Supply chain attacks have proven to be as much of a nightmare as we had previously theorized. As advanced threat actors continue to gain access to vulnerable development companies, back-dooring of popular or regionally-popular software will become an increasingly desirable attack vector,” said Juan Andrés Guerrero-Saade, principal security researcher, Global Research and Analysis Team. “Supply chain attacks will allow attackers to successfully gain access to multiple enterprises in target sectors while flying under the radar of system administrators and security solutions alike.”

Over the last couple of years, the security community has uncovered advanced mobile malware which, when combined with exploits, constitute a powerful weapon which there is little protection against. The Shamoon 2.0 and StoneDrill attacks reported in early 2017 and the June ExPetr/NotPetya attack revealed a growing enthusiasm for destructive wiper attacks.

More attacks will lead with reconnaissance and profiling to protect attackers’ most precious exploits. Attackers will spend more time on reconnaissance and using profiling toolkits such as ‘BeEF’ to determine if a less-costly, non-zero day exploit will do.

The Unified Extensible Firmware Interface (UEFI) is the software interface between the firmware and the OS on modern PCs. Kaspersky Lab expects more threat actors will make use of UEFI’s highly advanced capabilities to create malware that can be launched before any anti-malware solution, or even the OS itself, has had a chance to start. The area of vulnerability has been largely ignored as a tool for advanced targeted attackers. They sit at a critical juncture for an attacker intent on gaining persistent and stealthy access to a network, and could even allow an attacker to hide their trail.

Alongside these advanced threat predictions, Kaspersky Lab’s industry and technology threat predictions aim to help some of the most connected sectors understand and prepare for the security challenges they could face over the next year.

The predictions for 2018 include that connected vehicles are likely to face new threats as a result of growing supply chain complexity leading to a scenario where no one player has visibility of, let alone control over, all of a vehicle’s source code. This could make it easier for attackers to break in and bypass detection. In healthcare, attacks breaching private networks to target medical equipment and data with the aim of extortion, malicious disruption or worse could rise as the volume of specialized medical equipment connected to computer networks continues to grow.

In financial services, the increased security of online payments means that fraudsters will turn their attention to account takeover attacks. Industry estimates suggest fraud of this type will run into billions of dollars. Industrial security systems are likely to be at increased risk of targeted ransomware attacks. Operational technology systems are more vulnerable than corporate IT networks and are often exposed to the Internet.

Kaspersky Lab also expects to see targeted attacks on companies for the purpose of installing cryptocurrency In time, this could become a more lucrative, long-term business proposition than ransomware.

Leave a Reply

WWPI – Covering the best in IT since 1980