APT Predictions for 2016: There will be no more APTs! Oh, wait…

In their predictions for 2016, the GReAT team said that APTs will be replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators.

APT will go away soon, said Kaspersky Lab’s GReAT team. Unfortunately this news wasn’t a quantum of solace.

In their predictions for 2016, the GReAT team said that APTs will be replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators. APT stands for “Advanced Persistent Threat”. Cybercriminals, GReAT predicted, will gladly drop both the “advanced” and “persistent” elements for the sake of overall stealth.

“We expect to see a decrease in the emphasis on persistence, placing a greater focus on memory-resident or fileless malware. The idea will be to reduce the traces left on an infected system and thus avoid detection altogether”, authors said.

Another approach will be to reduce the emphasis on advanced malware. Rather than investing in bootkits, rootkits, and custom malware, an increase in the repurposing of off-the-shelf malware is expected – simply to minimize the initial investment.

As with any other business, illicit or legitimate, cybercriminals and other threat actors are extremely interested in keeping costs as low as possible, thus maximizing ROI.

This may mean that the number of actors at the APT theater will grow. As the methods and techniques of APTs become more and more generally available, along with the appropriate off-the-shelf tools, there will be a definite switch towards money-earning.

“2016 will… see more players entering the world of cyber-crime. The profitability of cyber-attacks is indisputable and more people want a share of the spoils. As mercenaries enter the game, an elaborate outsourcing industry has risen to meet the demands for new malware and even entire operations. The latter gives rise to a new scheme of Access-as-a-Service, offering up access to already hacked targets to the highest bidder,” said Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab.

It is also predicted that a number of cyber-mercenaries will grow, and they will start offering “access-as-a-service” – digital access into the infrastructure of high-profile victims to anyone willing to pay for it.

Businesses are recommended to take a number of steps to protect themselves as soon as possible (if they haven’t yet done so):

Actions a business should take today:

  • Focus on cybersecurity education for staff.
  • Ignore the detractors and implement mature, multi-layered Endpoint protection with extra proactive layers
  • Patch vulnerabilities early, patch often, and automate the process
  • Mind everything that’s mobile
  • Implement encryption for communications and sensitive data
  • Protect all elements of the infrastructure – gateways, email, collaboration

It is also recommended to create and deploy a complete security strategy – Prediction, Prevention, Detection, Response. Creating a dedicated Security Operations Center separated from generic IT, may be extremely beneficial as well.

Full report is available here.

Tips