1) Malware is becoming increasingly aggressive and evasiveIn the past year, we’ve seen a 2000% increase in evasive malware behavior. Evasive malware is designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways. Going forward, we will see the trend toward more sophisticated, aggressive and evasive behavior in malware already observed. In the past, evasive maneuvers have made static malware analysis approaches insufficient. Thus, dynamic analysis has rapidly gained traction. In turn, malware writers are focusing more on making their programs resistant to it. The next step in this arms race must be novel technologies for the automated detection of evasive behavior.
2) Two-factor authentication is vulnerableIn mobile-based two-factor authentication, a smartphone is a user’s secure token, which provides a unique, ever-changing key that is required to access a mobile service like email, photo sharing or banking. Two-factor authentication makes brute force attacks more difficult by establishing a strong obstacle for accessing protected mobile apps from a new device. Since smartphones are a computing platform similar to those in laptops and desktops, it is still possible to compromise an individual’s smartphone and PC at the same time and defeat two-factor authentication. We have already seen reports of two-factor authentication vulnerabilities. The good news will be that more people will opt-in to two-factor authentication, strengthening the protection of their personal and corporate information. The bad news is that we will likely see an increase in attacks target two-factor as it gains widespread adoption.
3) Targeted attacks will give way to mass exploit customizationBy and large, targeted attacks require a substantial amount of manual work on the part of the attackers in order to identify victims, engineer attack vectors that can fool the victim as well as perform customized compromise development and target reconnaissance. However, attackers will soon discover that some steps of the process can be automated, bringing the sophistication of targeted attacks to the domain of opportunistic attacks, in which a wide net is cast to attract and compromise as many victims as possible with little to no manual work. Therefore, security that requires manual work or signature updates will become less and less effective. Furthermore, fighting fire with fire, security teams will need to automate certain defenses to keep up with the increasing efficiencies attackers are enjoying.
4) More consumer and enterprise data leaks via cloud appsIt hardly needs saying that we are more and more dependent on cloud services. Because there is more valuable data for the taking, there are more attackers aimed at the cloud now than ever. There will no doubt be more cloud leak scandals. Awareness of the implications of putting personal and commercial data and media in the cloud are growing less rapidly than the cloud security breaches themselves, leaving a widening cloud security gap. Moreover, as cloud data management becomes unwieldy, new security vulnerabilities may become public. Cloud breaches may go undetected for months or even years, and the full extent of these breaches may never be fully known or reported.
5) Your refrigerator is running exploitsRetail point-of-sale (PoS) systems have been under attack at a dizzying pace and ATM vulnerabilities have been repeatedly exploited. With the “Internet of things” continuing its inevitable march from early adopters to the mainstream, the next big threat vector might surprise people. It could be anything from thermostats to wearables to streaming media players. Even devices that weren’t previously connected like home appliances, cars or photo frames, could become the weakest link in our always-on lifestyles. As everything moves online and adoption grows markedly, there will be attacks through systems we haven’t even considered yet. And since people will be bringing their connected personal devices into the office and then bringing their connected business devices home to share the same networks and applications, the Internet of things becomes a new domain for both consumer and business security. At the same time, after spending years immersed in cyber-security research and development, I feel it is important to note that security breaches happen all the time. While there have recently been many high profile security breaches, these attacks are nothing new. The above five malware trends I see looming in our near-future are based on observations of the ongoing evolution of threats facing people and organizations today. By keeping our eyes on that horizon, the cybersecurity community can address evolving malware threats head-on and pave the way for a more secure future.
- Android Malware Poses as Games on Google Play Store, Infects Millions of Users
- Adobe Flash 0-Day Vulnerability Serves Up Bedep Malware on Adult Website