Kaspersky predicts decline of APTs and rise of the hacktivist
And while Kaspersky is predicting the decline of APTs, it is not necessarily good news for users or businesses targeted by this form of attack over the past year
Nov 25, 2015
Over the next year cyber criminals will focus on stealth over sophistication, shunning the advanced persistent threat (APT) approach of the past and instead opting to use off-the-shelf malware, according to a report by Kaspersky Lab.
The report, titled ‘It's the end of the world for APTs as we know them', predicts that cyber criminals usually accustomed to infiltrating organisations and scooping up mass amounts of data over time will now embrace smaller and more targeted attacks using existing malware.
These malicious tools, all readily available for purchase on dark web marketplaces, include ransomware software, denial of service (DoS) programmes and random access Trojans.
And while Kaspersky is predicting the decline of APTs, it is not necessarily good news for users or businesses targeted by this form of attack over the past year.
"Before you start celebrating, we should point out that we're referring to the ‘advanced' and ‘persistent' elements, both of which the threat actors would gladly drop for overall stealth," states the report.
"We expect to see a decrease in the emphasis on persistence, placing a greater focus on memory-resident or fileless malware. The idea will be to reduce the traces left on an infected system and thus avoid detection altogether."
David Emm, principal security researcher at Kaspersky Lab explained to V3: "People are now going to the cyber underground for something that has already been developed rather than building it from scratch.
"What we have seen with some of these very sophisticated campaigns in the past is they obviously have a lot of intelligence behind them and they have gone to a lot of trouble to develop code to make [the attack] very resilient and stealthy," he said.
"The advanced and the persistent bits of APT are going to change and we are going to start seeing things which maybe aren't necessarily advanced and maybe don't try to linger as long within the target organisation."
The criminals responsible for these attacks may also be evolving as we move away from the stereotypical notion that hackers within China, Russia and Iran are responsible for the worst cyber offences.
"We are seeing a broadening of who is involved. APTs are speaking a greater number of languages," Emm explained.
Indeed, the Sony Pictures hack in 2014 established North Korea as a potential upcoming threat, while terrorist groups such as Islamic State continue to take advantage of the cyber world to plan attacks and communicate.
Sabotage, extortion and shame
In many ways 2015 has been a record year for cyber breaches. Numerous high-profile cases such as Ashley Madison, TalkTalk, Experian, Hacking Team and the US Office of Personnel Management (OPM) made headlines and, in many instances, destroyed careers.
In its 2016 predictions report, Kaspersky records an "undeniable increase" in public shaming and cyber extortion in the past year alone.
"Hacktivists, criminals, and state-sponsored attackers alike have embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets," the report states.
"While some of these attacks are strategically targeted, some are also the product of opportunism, taking advantage of poor cybersecurity to feign hacker prowess. Sadly, we can only expect this practice to continue to rise exponentially."
According to Emm, hacktivism has become a bigger threat in the past year and will only continue to grow as cheap tools appear online.
"It's not necessarily that it's new, there have been hacktivist attacks for some time," he said.
"But I suppose the initial ones were fairly low level in the sense they would be web defacement or maybe the publishing of information in order to make a political point. I think what we are seeing now is a widening and a deepening of that approach whereby if you want to extort money you can do that."
Furthermore, he echoed the view that cyber attacks will continue to have significant consequences for enterprises of all sizes.
"If you look at a lot of these [2015] breaches, not all of them end up with massive data leakage, but certainly a significant amount of them did and in some cases we are talking about them impacted an awful lot of people. The Office of Personnel Management hack in the US for example had huge ramifications," he said.
"There's a general understanding that breaches occur, so nobody expects any organisation to be so resilient that it's impossible for anyone to break in.
"Yet on the other hand when attackers get away with sensitive information very easily then we all raise our eyebrows and question how can organisations not be protecting their data adequately.
Additionally, for the cyber criminals, business remains lucrative.
"The profitability of cyber espionage has not escaped the attention of our foes and, as we expected, mercenaries have begun populating the scene," reveals the Kaspersky report.
"This trend will only increase to match the demand for cyber-capabilities by both companies as well as known APT actors looking to outsource less critical tasking without risking their tools and infrastructure."
Juan Andrés Guerrero-Saade, a senior expert with Kaspersky's global research and analysis team, said he believes that 2016 will bring a "significant evolution in cyber espionage tradecraft."
"The profitability of cyber attacks is indisputable and more people want a share of the spoils," Guerrero-Saade warned.
"As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of access-as-a-service, offering up access to already hacked targets to the highest bidder."
And as the frequency of cyber attacks rises, the internet itself threatens to fundamentally change as countries continue to silo their networks and data centres from outside adversaries.
"We may end up with a balkanised internet divided by national borders," the report warns.
"Concerns over [internet] availability may come down to attacks on the service junctures that provide access between different sections, or perhaps geopolitical tensions that target the cables that connect large swathes of the internet. Perhaps we'll even see the rise of a black market for connectivity."
The future of protection
It often seems like cyber criminals are always one step ahead of security teams, researchers and law enforcement. However David Emm said the key for businesses is to get into the mindset of the criminal in order to identify what data is most valuable in an organisation.
"Obviously this is very applicable to small to medium businesses (SMBs) because these are the ones that tend to have less in-house expertise," he said.
"It must seem like a very daunting task when they read the headlines and see that Ashley Madison or TalkTalk can't keep the hackers out.
"Cyber security has to be broader than just the technology because we have a lot of attacks that occur because of human fallibility so we need to think about educating staff and we need to think about cyber security being broader than just the IT department."
It's not just Kaspersky Lab predicting the rise of cyber crime and ransoms. Most recently, Sean Sullivan, a security researcher with Helsinki-based security firm F-Secure told V3 that extortion is the future of online crime.
The report, titled ‘It's the end of the world for APTs as we know them', predicts that cyber criminals usually accustomed to infiltrating organisations and scooping up mass amounts of data over time will now embrace smaller and more targeted attacks using existing malware.
These malicious tools, all readily available for purchase on dark web marketplaces, include ransomware software, denial of service (DoS) programmes and random access Trojans.
And while Kaspersky is predicting the decline of APTs, it is not necessarily good news for users or businesses targeted by this form of attack over the past year.
"Before you start celebrating, we should point out that we're referring to the ‘advanced' and ‘persistent' elements, both of which the threat actors would gladly drop for overall stealth," states the report.
"We expect to see a decrease in the emphasis on persistence, placing a greater focus on memory-resident or fileless malware. The idea will be to reduce the traces left on an infected system and thus avoid detection altogether."
David Emm, principal security researcher at Kaspersky Lab explained to V3: "People are now going to the cyber underground for something that has already been developed rather than building it from scratch.
"What we have seen with some of these very sophisticated campaigns in the past is they obviously have a lot of intelligence behind them and they have gone to a lot of trouble to develop code to make [the attack] very resilient and stealthy," he said.
"The advanced and the persistent bits of APT are going to change and we are going to start seeing things which maybe aren't necessarily advanced and maybe don't try to linger as long within the target organisation."
The criminals responsible for these attacks may also be evolving as we move away from the stereotypical notion that hackers within China, Russia and Iran are responsible for the worst cyber offences.
"We are seeing a broadening of who is involved. APTs are speaking a greater number of languages," Emm explained.
Indeed, the Sony Pictures hack in 2014 established North Korea as a potential upcoming threat, while terrorist groups such as Islamic State continue to take advantage of the cyber world to plan attacks and communicate.
Sabotage, extortion and shame
In many ways 2015 has been a record year for cyber breaches. Numerous high-profile cases such as Ashley Madison, TalkTalk, Experian, Hacking Team and the US Office of Personnel Management (OPM) made headlines and, in many instances, destroyed careers.
In its 2016 predictions report, Kaspersky records an "undeniable increase" in public shaming and cyber extortion in the past year alone.
"Hacktivists, criminals, and state-sponsored attackers alike have embraced the strategic dumping of private pictures, information, customer lists, and code to shame their targets," the report states.
"While some of these attacks are strategically targeted, some are also the product of opportunism, taking advantage of poor cybersecurity to feign hacker prowess. Sadly, we can only expect this practice to continue to rise exponentially."
According to Emm, hacktivism has become a bigger threat in the past year and will only continue to grow as cheap tools appear online.
"It's not necessarily that it's new, there have been hacktivist attacks for some time," he said.
"But I suppose the initial ones were fairly low level in the sense they would be web defacement or maybe the publishing of information in order to make a political point. I think what we are seeing now is a widening and a deepening of that approach whereby if you want to extort money you can do that."
Furthermore, he echoed the view that cyber attacks will continue to have significant consequences for enterprises of all sizes.
"If you look at a lot of these [2015] breaches, not all of them end up with massive data leakage, but certainly a significant amount of them did and in some cases we are talking about them impacted an awful lot of people. The Office of Personnel Management hack in the US for example had huge ramifications," he said.
"There's a general understanding that breaches occur, so nobody expects any organisation to be so resilient that it's impossible for anyone to break in.
"Yet on the other hand when attackers get away with sensitive information very easily then we all raise our eyebrows and question how can organisations not be protecting their data adequately.
Additionally, for the cyber criminals, business remains lucrative.
"The profitability of cyber espionage has not escaped the attention of our foes and, as we expected, mercenaries have begun populating the scene," reveals the Kaspersky report.
"This trend will only increase to match the demand for cyber-capabilities by both companies as well as known APT actors looking to outsource less critical tasking without risking their tools and infrastructure."
Juan Andrés Guerrero-Saade, a senior expert with Kaspersky's global research and analysis team, said he believes that 2016 will bring a "significant evolution in cyber espionage tradecraft."
"The profitability of cyber attacks is indisputable and more people want a share of the spoils," Guerrero-Saade warned.
"As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of access-as-a-service, offering up access to already hacked targets to the highest bidder."
And as the frequency of cyber attacks rises, the internet itself threatens to fundamentally change as countries continue to silo their networks and data centres from outside adversaries.
"We may end up with a balkanised internet divided by national borders," the report warns.
"Concerns over [internet] availability may come down to attacks on the service junctures that provide access between different sections, or perhaps geopolitical tensions that target the cables that connect large swathes of the internet. Perhaps we'll even see the rise of a black market for connectivity."
The future of protection
It often seems like cyber criminals are always one step ahead of security teams, researchers and law enforcement. However David Emm said the key for businesses is to get into the mindset of the criminal in order to identify what data is most valuable in an organisation.
"Obviously this is very applicable to small to medium businesses (SMBs) because these are the ones that tend to have less in-house expertise," he said.
"It must seem like a very daunting task when they read the headlines and see that Ashley Madison or TalkTalk can't keep the hackers out.
"Cyber security has to be broader than just the technology because we have a lot of attacks that occur because of human fallibility so we need to think about educating staff and we need to think about cyber security being broader than just the IT department."
It's not just Kaspersky Lab predicting the rise of cyber crime and ransoms. Most recently, Sean Sullivan, a security researcher with Helsinki-based security firm F-Secure told V3 that extortion is the future of online crime.