Kaspersky Lab is releasing its targeted threat predictions for 2019, in which company researchers forecast that the year ahead will see the APT world split into two groups: energetic and inexperienced newcomers; and the traditional, well-resourced and most advanced threat actors. The latter group will continue to pose a significant challenge for businesses, as experienced threat actors explore new and increasingly sophisticated techniques that are more difficult to discover and attribute.
The following targeted threat predictions have been developed by Kaspersky Lab’s Global Research and Analysis Team (GReAT), based on their research and insights gained over the last year. These predictions, along with additional threat predictions relating to specific technologies and industry verticals, will help some of the most connected sectors understand and prepare for the security challenges that they could face over the coming year.
No More Big APTs
While the cybersecurity industry has consistently discovered highly sophisticated government-sponsored operations, threat actors will now go underground and stay below the radar to avoid publicity and reduce the likelihood of being exposed. With enough resources, they will be able to diversify their toolkits and practices, making detection and attribution extremely difficult.
It is likely that this new approach will lead to the deployment of specialized tools used for targeting victims at their very core – by compromising networking hardware. This new strategy will allow threat actors to focus their activities on discreet botnet-style compromise or to perform sneakier attacks on the selected targets.
Other targeted threat predictions for 2019 include:
- Supply chain attacks are here to stay. This is one of the most worrying attack vectors which has been successfully exploited during the last two years. In 2018, supply chain attacks caused businesses to consider the number of providers they work with and how secure these third-parties are. In 2019, this will continue to be an effective infection vector for threat actors.
- Mobile malware isn’t moving. Many threat actors have a mobile component to their campaigns, helping to broaden the list of potential victims. While there likely will not be a big outbreak in targeted mobile malware, we will see continuous activity and new ways for advanced attackers to gain access to victims’ devices.
- IoT botnets will keep growing at an unstoppable pace. This might be a recurring warning year after year, but one that should never be underestimated. As IoT botnets continue to grow stronger, they can be incredibly powerful in the wrong hands.
- Spear-phishing will become even more important. Data obtained from different attacks on social media giants, such as Facebook, Instagram, LinkedIn or Twitter, is now available on the market for anyone to acquire. Recent large-scale data leaks from various social media platforms might help attackers improve the success of this infection vector.
- APT newcomers will arrive on the scene. While the most advanced actors will seemingly ‘vanish’ from the radar, new players will enter the field. The barrier to entry has never been so low, with hundreds of very effective tools, re-engineered leaked exploits and all kinds of frameworks publicly available for anyone to use. Such groups are becoming more prevalent in the South East Asia and the Middle East regions.
- Public retaliation will shape the industry. Investigations into recent notable attacks – such as the Sony Entertainment Network hacks or the attack against the Democratic National Committee – have raised public exposure of threat actors to a new level. Exposure and outrage can shape public opinion, helping to form a strong argument for more serious diplomatic consequences across the globe.
“In 2018, threat actors were led to new paradigms; public awareness has grown, and expert investigations have highlighted big cyber-operations, making the topic front page news across the world,” said Vicente Diaz, security researcher at Kaspersky Lab. “This will now lead to a change in the cyber-landscape, as sophisticated threat actors seek silence and obscurity for their attacks in order to increase the likelihood of success. This shift makes the finding of new, large-scale, sophisticated operations very unlikely, and will definitely take the art of detection and attribution to the next level.”
These predictions have been developed with the help of Kaspersky Lab threat intelligence services from around the world. The company was recently cited as a ‘Strong Performer’ by independent research firm Forrester, in its evaluation of threat intelligence providers.
The full list of Kaspersky Lab Threat Predictions for 2019 is available on Securelist.