Cyber Mercenaries to challenge enterprise security in 2016

It looks like the enterprise and consumer threat landscape is in for a tectonic shift in 2016 and beyond. Clearly the last few years, one of the most challenging facet of enterprise computing has been security. We all know that the threat landscape is changing by the day as new threats manifest only to expose the vulnerabilities in the enterprise security framework.But is our current defense mechanism enough to combat for what lies ahead?  Not really. We need a blend of policy, intelligence, technology and strategy to combat security threats in the days ahead and going by the recent reports on security, it states that the very taxonomy of the threat landscape is in for the change.

What Lies Ahead?

According to experts at Kaspersky Lab, they say that , “Advanced Persistent Threats (APT) as we know them today will cease to exist in 2016 and will be replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators.  In their Predictions for 2016, the experts reveal that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system. They will also rely more on off-the-shelf malware to minimize their initial investment.”

Its indeed a serious observation because the experts believe that there will be a dramatic change in how APTs are structured and operate. Kaspersky Lab expects a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection.

So clearly, rather than investing in bootkits, rootkits and custom malware that gets burned by research teams, companies like Kaspersky Lab expects to see an increase in the repurposing of off-the-shelf malware. As the urge to demonstrate superior cyber-skills wears off, return on investment will rule much of the nation-state attacker’s decision-making and nothing beats low initial investment for maximizing ROI.

According to Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab says: " The year 2016 will see significant evolution in cyberespionage tradecraft, as sophisticated threat actors minimize investment by repurposing commercially available malware and become more adept at hiding their advanced tools, infrastructure, and identities by ditching persistence altogether.” 

“2016 will also see more players entering the world of cyber-crime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder.” adds Juan Andrés Guerrero-Saade. 

Meanwhile Intel Security’s McAfee Labs in its predictions for 2016 and beyond also indicate the plethora of challenges and the unique challenges in managing the threats. Vincent Weafer, vice president of Intel Security’s McAfee Labs, drives home the point with an interesting analogy. He says, ““The best hockey players navigate within the ice rink, grapple with opposing players, take advantage of opportunities when available, and, critically (as Wayne Gretzky said) always skate  to where the puck is going to be—not where it has been. To address the business, technology, and threat landscape realities facing them, we must help organizations get to where they need to be, using technologies that will enable and not hinder their businesses, and understand what kinds of threats could be confronting them tomorrow, and far into the future.”

So how does one go about? The answer lies in : “Keeping pace with, anticipating, and preempting adversaries requires that we match the intelligence exchange, cloud computing and delivery power, platform agility, and human resource assets that cybercriminals regularly leverage. To win battles against future threats, organizations must see more, learn more, detect and respond faster, and fully utilize all the technical and human resources at their disposal,” adds Weafer.

Meanwhile experts at Kaspersky Labs in its long term security outlook sums up two key trends:

Evolution of APT attacks – Access-as-a-Service: An expectation that more newcomers will enter the APT space. Cyber-mercenaries will grow in number as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.

Balkanization of the Internet: The appearance of a balkanized Internet, divided by countries.  If this point is reached, Internet availability in any region could be controlled by attacks on the service junctures that provide access across different boundaries. Such a landscape could even lead to a black market for connectivity. Similarly, as the technologies that power the internet’s underground continue to gain mainstream attention and widespread adoption, developers with a stake in shadow markets, exchanges, and forums will develop better technologies to keep the underground truly underground.

McAfee’s 2016 Threat Predictions

The 2016 threat predictions put by the company run the gamut of trends, from the likely threats around ransomware, attacks on automobile systems, infrastructure attacks, and the warehousing and sale of stolen data, among other likely issues in 2016:

• Attacks on all types of hardware and firmware will likely continue, and the market for tools that make them possible will expand and grow. Virtual machines could be targeted with system firmware rootkits.
• Anonymizing networks and payment methods could continue to fuel the major and rapidly growing threat of ransomware. In 2016, greater numbers of inexperienced cybercriminals will leverage ransomware-as-a-service offerings which could further accelerate the growth of ransomware.
• While tracking a relatively small amount of personal information, wearable platforms could be targeted by cybercriminals working to compromise the smartphones used to manage them. The industry will work to protect potential attack surfaces such as operating system kernels, networking and WiFi software, user interfaces, memory, local files and storage systems, virtual machines, web apps, and access control and security software.
• Attacks through employee systems and Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus and increasingly attack enterprises through their employees, by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
• Cloud services and Cybercriminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Home to an increasing amount of business confidential information, such services, if exploited, could compromise organizational business strategy, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
• Security researchers will continue to focus on potential exploit scenarios for connected automobile systems lacking foundational security capabilities or failing to meet best practice security policies. IT security vendors and automakers will proactively work together to develop guidance, standards, and technical solutions to protect attack surfaces such as vehicle access system engine control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps, and smartphone access.
• Warehouses of stolen data.Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.
• Integrity attacks : One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators, such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, McAfee Labs predicts that we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber thieves.
• Sharing threat intelligence: Threat intelligence sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may will be taken making it possible for companies and governments to share threat intelligence with government. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat intelligence cooperatives between industry vendors will expand.

Security Best Practices for 2016:

With these challenges in the backdrop what can CIOs and CISO’s do to insulate themselves from the threats and how businesses and individuals can prepare to meet the cyber-risks of the future? These are the recommendations given by experts at Kaspersky Lab: 

Actions a business should take today:

- Focus on cybersecurity education for staff.

- Ignore the detractors and  implement mature, multi-layered Endpoint - protection with extra proactive layers

- Patch vulnerabilities early, patch often, and automate the process

- Mind everything that’s mobile

- Implement encryption for communications and sensitive data

- Protect all elements of the infrastructure – gateways, email, collaboration 

Actions a business should take tomorrow:

- Create and deploy a complete security strategy – from the Prediction of possible dangers and risks to the Prevention of ongoing threats, all supported by effective Detection and an efficient Response

- Cybersecurity is too complex and serious to mix it with generic IT

- Consider creating a dedicated Security Operations Center

 And what about individuals?

- Invest in a robust security solution for all devices

- Explore and make use of the extra options that come with your protective solution, such as Default Deny Execution Controls, Whitelisting, Encryption, and Automated Backups.

- Study the basics of cybersecurity and teach your friends

- Switch to encrypted communication

- Consider revising your online habits, and what information you share. Once uploaded, the information stays in the Internet forever and can be used against you or your company.

With a combination of best practices, clearly enterprises and consumers can significantly tweak they digital security backbone in 2016 and beyond.