Industry Predictions for 2014; Part 2: Malware

Share

Related Links

Related Stories

  • 2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement
    An international cooperative effort involving Microsoft, the FBI, Europol and A10 Networks has disrupted the ZeroAccess (Sirefef) P2P ad fraud botnet. ZeroAccess is believed to use up to 800,000 out of a total of two million infected PCs at any time, mostly in the US and Europe, capable of stealing $2.7 million from online advertisers every month.
  • German Police Arrest Two Bitcoin-mining Botnet Operators
    Two alleged hackers have been arrested in Bavaria and Lower Saxony on suspicion of operating a botnet of compromised PCs to perform bitcoin mining. In related raids, the authorities discovered bitcoins currently valued at around €700,000 and evidence of other criminal activity involving copyright and pornography offenses.
  • Faced with CryptoLocker, Local Police Pay the Ransom
    One of the most-dreaded computer infections out there is ransomware, which locks up one’s system and renders files unusable until a set amount is paid to the hackers responsible for it. In other words, it amounts to little more than extortion, and law enforcement generally recommends that infected users simply bite the bullet and move on rather than pay the ransom. On Nov. 10, the Swansea, Mass., police department decided to eschew best practices, ponying up a significant payment to criminals.
  • Millions in the UK Targeted by CryptoLocker Ransomware Spam
    CryptoLocker, the ransomware menace that has been snowballing in profile of late, is stepping up its game even further. The UK’s National Crime Agency (NCA) is warning that its National Cyber Crime Unit are aware of a mass email spamming event that is affecting tens of millions of residents.
  • CryptoLocker Most Current Prolific Malware
    CryptoLocker is a new breed of ransomware that encrypts victims' data with public key encryption, and demands payment for the decryption key – the only way that infected victims can regain access to their data.

Top 5 Stories

News

Industry Predictions for 2014; Part 2: Malware

17 December 2013

In Part 2 of our series on the information security industry's predictions for 2014 we examine the future of malware and how malware-related attacks are likely to evolve. If there is one consistent theme, it is this: despite increased activity from law enforcement, things are not going to get any easier.

The basic belief is that the criminals are becoming better organized and more sophisticated; in short, they are better at adapting to new situations than users are at defending them. Apparently on the plus side, the development of new advanced malware is slowing down (according to telemetry); but in reality, warns Carl Leonard, senior security research Manager at Websense, "this is bad news for organisations." Criminals will instead "use lower volume, more targeted attacks to secure a foothold, steal user credentials and move unilaterally throughout infiltrated networks."

This new concentration on targeted attacks is a consistent theme in the predictions. "Attacks will get more and more personal," warns Greg Day, EMEA CTO at FireEye. The reason is increased targeting of low volume, high value intellectual property over high volume, low value personal data. Lior Arbel, CTO at Performanta Ltd, agrees almost verbatim: we "will see an increase in the targeting of specific intellectual properties rather than widespread attacks." Vijay Basani, co-founder, president and CEO of EiQ Networks, suggests, "Malware will become a lot more targeted [with] attacks that infiltrate networks and steal valuable data."

But before the network is targeted, the user must be breached. "We will see increasingly precise and sophisticated phishing attacks," warns Rodney Smith, director of field engineering at Guidance Software, "which result in a single person unwittingly handing over the keys to the corporate data kingdom with everything from intellectual property to customer data  suddenly up for grabs." Matt Middleton-Leal, UK & Ireland regional director at CyberArk, agrees with this prognosis. "In 2014, expect social engineering to escalate [and] privileged and administrative credentials to be traded," he says, with "administrative passwords and privileged credentials... likely to become the most sought after items on the cyber black market."

Improving criminal sophistication is another recurring theme. Matt Hines, product manager at FireMon, points to the continuing evolution of botnets as an example. "While researchers and vendors have made a great deal of progress knocking down botnets with centralized command and control centers, the emerging P2P command model is proving harder to derail and as such we’ll likely see more use of this model in 2014 and subsequent years."

Lance James, head of intelligence at Vigilant by Deloitte, also sees a worrying future driven by such sophistication. The criminals will respond to law enforcement successes "by developing more sophisticated evasion and resilience techniques. We’ve seen the beginning of this with Cryptolocker which has (finally) pioneered the use of asymmetric encryption. More malicious campaigns will utilize Tor, leveraging its layered encryption and anonymous routing capabilities, to add a new layer of obfuscation. We will see more techniques similar to Dirt Jumper’s “-smart” feature, which attempts to detect and analyze mitigation attempts and bypass them. Though the potential of this new offensive may not be fully realized in 2014, it does portends a scenario in which hackers could execute an APT-style attack to gain access, spread malware laterally, and implant remediation detection sensors capable of taking retaliatory action that could cause significant enterprise-level escalation."

CryptoLocker is perhaps the nastiest variant of a nasty strain of malware seen in 2013: ransomware. And ransomware is not going away. "Although ransomware has been around for years," comments Tracey Pretorius, director, Trustworthy Computing at Microsoft, "to date, ransomware infections have been on a much smaller scale than other types of malware. But, given increased levels of success attackers have had with this type of extortion scheme in 2013, I predict more attackers will embrace this business model in 2014 and ransomware infections will rise."

"Ransomware isn’t going anywhere," warns Brian Contos, VP and CISO at Blue Coat. "In fact, it is growing, getting more sophisticated and going up in price." Fred Touchette, senior security analyst at AppRiver, agrees: " I think we’ll witness an epidemic of venomous ‘Ransomware’ following the success of Citadel and CryptoLocker in 2013... This has proved to be highly effective for cybercriminals and, when something works for the bad guys, they tend to stick with it." Sean Sullivan, security advisor at F-Secure, notes that the only thing holding back ransomware in the past has been the labor involved in getting paid. Cryptocurrencies will change that. "The more frictionless digital currencies become," he says, "the easier it will be to extort people over their data."

But not everything will be new next year. "Legacy problems will escalate," warns Catherine Pearce, security consultant at Neohapsis. "Whether it's the use of substandard security, or simply systems that were designed in a different age, legacy systems will ever-increasingly fall prey to attack... These systems include everything from abandoned parts of websites to critical national infrastructure and they will haunt us for decades to come."

The biggest legacy problem of all in 2014 is likely to be XP. "On April 8 2014," explains Tim Rains, director Trustworthy Computing at Microsoft, "support will end for Windows XP. This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. This venerable platform, built last century, will not be able to keep pace with attackers, and more Windows XP-based systems will get compromised." It will still be possible to defend XP, warns F-Secure's Sullivan, "but once it is compromised it is very difficult to repair."

Botnets are likely to be a continuing and increasing problem. Rather than simply compromise a PC in order to steal its contents, the criminals will seek to recruit it into a botnet. "The reality is," says Geoff Webb, director of solution strategy at NetIQ, "the processing power of the device is often more directly saleable than anything you might have stored on it." Ramece Cave, a research analyst II at Solutionary, specifically expects "an uptick in web-based botnet (Javascript) applications utilizing frameworks such as phantom.js and node.js." 

Throughout these predictions, the single dominant theme is that the attackers are getting more sophisticated. Garry Sidaway, global director of security strategy at NTT Com Security, warns that users must become equally sophisticated in their defenses. "As long as business are connected the internet, we will continue to see malcode develop," he says. "We have to shift our thinking away from trying to trap malcode at the perimeter and move this into cloud defenses. We are already seeing that unpacking potential threats within a virtual server is beginning to fail as malcode becomes more and more sophisticated. We have to look to software defined networks and perimeter to replicate exactly the corporate environment. From here we can start to determine what is good rather than trying still to determine what is bad. We will also see a focus on determining where the malcode has been within an organization. At present we can determine where and possibly how it got in and when and how it started calling home, but not what happened in between."

This article is featured in:
Application Security  •  Cloud Computing  •  Data Loss  •  Encryption  •  Internet and Network Security  •  Malware and Hardware Security

 

Comments

craig kensek says:

18 December 2013
You're going to see a broadening of attacks in three different dimensions next year - (1) The level of sophistication will continue to increase (2) The attacks will broaden to more vertical marketing than infrastructure, financial services, et. (3) The size of the organization (in terms of knowledge workers) attacked will continue to shrink. It won't just be enterprises that will be attacked.

And like whack a mole - as soon as you slam one cybercriminal or botnet, another will pop up.
Craig Kensek - Director Marketing, AhnLab

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×