The year ahead will see the APT world split into two groups — energetic and inexperienced newcomers who want to play the game and the traditional, well-resourced and most advanced actors.
The latter group poses a huge challenge for businesses, as experienced threat actors explore new and ever more sophisticated techniques, which will be much more difficult to discover and attribute, according to Kaspersky Lab’s Targeted Threat Predictions for 2019.
The annual predictions have been developed by Kaspersky Lab’s experts, based on their expertise and insights gained over the previous year and the targeted threat predictions prepared by the Global Research and Analysis Team. The insights, along with a series of industry and technology threat predictions, will help some of the most connected sectors understand and prepare for the security challenges they could face over the coming 12 months.
While the cybersecurity industry has consistently discovered very sophisticated government-sponsored operations, threat actors will go underground and below the radar to avoid publicity and the likelihood of being “found-out”. With enough resources, they will be able to diversify toolkits and practices, making detection and attribution extremely difficult.
One of the most likely scenarios is that this new approach will lead to the deployment of tools specialized for targeting victims at their very core – compromising networking hardware. The new strategy will allow threat actors to focus their activities on discreet botnet-style compromise or to perform more sneaky attacks on the selected targets.
Other targeted threat predictions for 2019 include:
- Supply chain attacks are here to stay. This is one of the most worrying attack vectors which has been successfully exploited during the last two years. It made everyone think about the number of providers they work with and how secure they are. In 2019, this will continue to be an effective infection vector.
- Mobile malware isn’t moving either. A lot of threat actors have a mobile component to their campaigns, to help broaden the list of potential victims. While there won’t be any big outbreak in mobile targeted malware, we will see continuous activity and new ways for advanced attackers to get access to victims’ devices.
- IoT botnets will keep growing at an unstoppable pace. This might be a recurring warning year after year, but one that should never be underestimated. As IoT botnets continue to grow stronger, they can be incredibly powerful in the wrong hands.
- Spear-phishing will become even more important in the near future. Data obtained from different attacks on social media giants such as Facebook, Instagram, LinkedIn or Twitter, are now available on the market for anyone to acquire. Recent large-scale data leaks from different social media platforms might help attackers to improve the success of this infection vector.
- APT newcomers will arrive on the scene. While the most advanced actors will seemingly “vanish” from the radar, new players will enter the field. The barrier to entry has never been so low, with hundreds of very effective tools, re-engineered leaked exploits and all kinds of frameworks, publicly available for anyone to use. There are two regions in the world where such groups are becoming more prevalent — South East Asia and the Middle East.
- Public retaliation will shape the industry. Investigations into recent notable attacks – such as the Sony Entertainment Network hacks or the attack against the Democratic National Committee – have raised justice and public exposure of threat actors to a new level. Exposure and outrage can be used to create a wave of opinion to form part of the argument for more serious diplomatic consequences across the globe.
“In 2018, threat actors have led to new paradigms. Public awareness has grown and expert investigations have highlighted big cyber-operations, making the topic front page news across the world. This will lead to a change in the cyber-landscape, as sophisticated threat actors seek silence and obscurity for their attacks in order to increase the likelihood of success. This shift makes the finding of new, large-scale, sophisticated operations very unlikely, and will definitely take the art of detection and attribution to the next level,” says Vicente Diaz, security researcher at Kaspersky Lab.