Tech

Security in 2016: The death of advanced persistent threats

Kaspersky predicts that APTs will cease to exist next year -- but what will take their place?

Written by Charlie Osborne, Contributing Writer Nov. 17, 2015 at 8:05 a.m. PT

The enterprise and consumers alike are constantly at threat from advanced persistent threats. Kaspersky Labs predicts these will no longer exist in 2016 -- but cyberattacks are only going to become more vicious and difficult to detect.

Security

The cybersecurity firm's predictions for the 2016 threat landscape state that advanced persistent threats (APTs) will cease to exist next year, only to be replaced with deeper and more damaging attacks which are harder to detect and trace back to the cybercriminals involved. While the threat itself will remain, the persistency will vanish -- in order to remove the traces of an attack on a compromised system.

According to Juan Andrés Guerrero-Saade, Senior Security Expert of Global Research and Analysis Team at Kaspersky Lab, "access-as-a-service" -- access to already hacked targets for the highest bidder -- will take the place of APTs.

In 2016, Kaspersky believes access-as-a-service will take over from APTs as one of the core threats to enterprise security. Mercenaries-for-hire will offer their cybersecurity knowledge and compromised network access for the highest financial reward, as well as access to individual targets for whoever is willing to pay.

Guerrero-Saade commented:

"2016 will see significant evolution in cyberespionage tradecraft, as sophisticated threat actors minimize investment by repurposing commercially available malware and become more adept at hiding their advanced tools, infrastructure, and identities by ditching persistence altogether."

The executive also believes that next year we are likely to see more players enter the world of cybercrime; unsurprising considering the lucrative, sensitive data now stored not only on corporate networks but the devices we carry in our pockets. There will also be a higher emphasis on memory-resident or fileless malware to reduce detection, and cybercriminals will choose off-the-shelf malware in comparison to bootkits, rootkits and custom suites which require extra investment.

"As the urge to demonstrate superior cyber-skills wears off, return on investment will rule much of the nation-state attacker's decision-making and nothing beats low initial investment for maximizing ROI," Kaspersky says.

In addition, the company expects a "balkanized" Internet -- divided by countries -- to become more apparent next year. Not only could this affect individual rights and censorship, but balkanization may lead to a black market for connectivity in particularly restricted countries.

The Internet of Things (IoT), connected devices ranging from smart fridges and home security systems to coffee makers, will also see an uptake in malware and cyberattacks, joining an increased attack rate against OS X devices and mobile.

Specifically, Kaspersky believes ransomware will surge in popularity. Ransomware is a particularly nasty breed of malicious code which locks PC systems, encrypting files and demanding payment in return for the cryptographic key required for a user to retrieve their files. While security companies release rescue kits to help those infected, they remain a popular tool to generate revenue from victims.

"A new year of challenging developments lies ahead for the IT security industry. We believe that sharing insights and predictions with our colleagues across the industry as well as with government, law enforcement, and private-sector organizations will promote the necessary collaboration to proactively face oncoming challenges head-on." Guerrero-Saade concluded.

In order to protect your business from these cyberthreats in the future, Kaspersky recommends a new focus on educating employees about the current threats in the digital landscape, including phishing campaigns, malware and malicious websites.

In addition, corporations should consider implementing multi-layer endpoint protection solutions, making sure all software is patched and up-to-date, and protecting every element of a business network -- including gateways, email channels and applications.