Over the past two decades, I’ve developed an intense fascination with malware.
When studying evasive malware alongside Lastline co-founders Dr. Giovanni Vigna and Dr. Christopher Kruegel as part of our academic research years before we founded the company, the term “malware” was esoteric and evasive malware didn’t really exist.
Fast forward to today and malware is widespread, sophisticated and increasingly evasive while security technologies are struggling to keep up. At the same time, more and more people and things are connected to the Internet every day, exposing terabits of personal and proprietary information to cybercrime.
Here are 5 malware trends on the horizon that IT professionals should be on the lookout for as they impact organizations and individuals across the globe.
1) Malware is becoming increasingly aggressive and evasive
In the past year, we’ve seen a 2000% increase in evasive malware behavior. Evasive malware is designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways. Going forward, we will see the trend toward more sophisticated, aggressive and evasive behavior in malware already observed.
In the past, evasive maneuvers have made static malware analysis approaches insufficient. Thus, dynamic analysis has rapidly gained traction. In turn, malware writers are focusing more on making their programs resistant to it. The next step in this arms race must be novel technologies for the automated detection of evasive behavior.
2) Two-factor authentication is vulnerable
In mobile-based two-factor authentication, a smartphone is a user’s secure token, which provides a unique, ever-changing key that is required to access a mobile service like email, photo sharing or banking. Two-factor authentication makes brute force attacks more difficult by establishing a strong obstacle for accessing protected mobile apps from a new device.
Since smartphones are a computing platform similar to those in laptops and desktops, it is still possible to compromise an individual’s smartphone and PC at the same time and defeat two-factor authentication. We have already seen reports of two-factor authentication vulnerabilities. The good news will be that more people will opt-in to two-factor authentication, strengthening the protection of their personal and corporate information. The bad news is that we will likely see an increase in attacks target two-factor as it gains widespread adoption.
3) Targeted attacks will give way to mass exploit customization
By and large, targeted attacks require a substantial amount of manual work on the part of the attackers in order to identify victims, engineer attack vectors that can fool the victim as well as perform customized compromise development and target reconnaissance. However, attackers will soon discover that some steps of the process can be automated, bringing the sophistication of targeted attacks to the domain of opportunistic attacks, in which a wide net is cast to attract and compromise as many victims as possible with little to no manual work.
Therefore, security that requires manual work or signature updates will become less and less effective. Furthermore, fighting fire with fire, security teams will need to automate certain defenses to keep up with the increasing efficiencies attackers are enjoying.
4) More consumer and enterprise data leaks via cloud apps
It hardly needs saying that we are more and more dependent on cloud services. Because there is more valuable data for the taking, there are more attackers aimed at the cloud now than ever. There will no doubt be more cloud leak scandals.
Awareness of the implications of putting personal and commercial data and media in the cloud are growing less rapidly than the cloud security breaches themselves, leaving a widening cloud security gap. Moreover, as cloud data management becomes unwieldy, new security vulnerabilities may become public. Cloud breaches may go undetected for months or even years, and the full extent of these breaches may never be fully known or reported.
5) Your refrigerator is running exploits
Retail point-of-sale (PoS) systems have been under attack at a dizzying pace and ATM vulnerabilities have been repeatedly exploited. With the “Internet of things” continuing its inevitable march from early adopters to the mainstream, the next big threat vector might surprise people. It could be anything from thermostats to wearables to streaming media players. Even devices that weren’t previously connected like home appliances, cars or photo frames, could become the weakest link in our always-on lifestyles.
As everything moves online and adoption grows markedly, there will be attacks through systems we haven’t even considered yet. And since people will be bringing their connected personal devices into the office and then bringing their connected business devices home to share the same networks and applications, the Internet of things becomes a new domain for both consumer and business security.
At the same time, after spending years immersed in cyber-security research and development, I feel it is important to note that security breaches happen all the time. While there have recently been many high profile security breaches, these attacks are nothing new. The above five malware trends I see looming in our near-future are based on observations of the ongoing evolution of threats facing people and organizations today. By keeping our eyes on that horizon, the cybersecurity community can address evolving malware threats head-on and pave the way for a more secure future.
About the Author: In addition to being co-founder and chief architect at Lastline (@LastlineInc), Engin Kirda is a Professor at the Northeastern University in Boston, and the director of the Northeastern Information Assurance Institute. Before that, he has held faculty positions at Institute Eurecom in the French Riviera and the Technical University of Vienna where he co-founded the Secure Systems Lab that is now distributed over five institutions in Europe and US. Engin’s recent research has focused on malware analysis (e.g., Anubis, Exposure, Fire) and detection, web application security, and practical aspects of social networking security. His recent work on the deanonymization of social network users received wide media coverage.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Android Malware Poses as Games on Google Play Store, Infects Millions of Users
- Adobe Flash 0-Day Vulnerability Serves Up Bedep Malware on Adult Website
Image courtesy of ShutterStock.