Top 5 Malware Trends on the Horizon

Wednesday, February 11, 2015

Tripwire Inc

Bd07d58f0d31d48d3764821d109bf165

Over the past two decades, I’ve developed an intense fascination with malware.

When studying evasive malware alongside Lastline co-founders Dr. Giovanni Vigna and Dr. Christopher Kruegel as part of our academic research years before we founded the company, the term “malware” was esoteric and evasive malware didn’t really exist.

Fast forward to today and malware is widespread, sophisticated and increasingly evasive while security technologies are struggling to keep up. At the same time, more and more people and things are connected to the Internet every day, exposing terabits of personal and proprietary information to cybercrime.

Here are 5 malware trends on the horizon that IT professionals should be on the lookout for as they impact organizations and individuals across the globe.

1) MALWARE IS BECOMING INCREASINGLY AGGRESSIVE AND EVASIVE
In the past year, we’ve seen a 2000% increase in evasive malware behavior. Evasive malware is designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways. Going forward, we will see the trend toward more sophisticated, aggressive and evasive behavior in malware already observed.

In the past, evasive maneuvers have made static malware analysis approaches insufficient. Thus, dynamic analysis has rapidly gained traction. In turn, malware writers are focusing more on making their programs resistant to it. The next step in this arms race must be novel technologies for the automated detection of evasive behavior.

2) TWO-FACTOR AUTHENTICATION IS VULNERABLE
In mobile-based two-factor authentication, a smartphone is a user’s secure token, which provides a unique, ever-changing key that is required to access a mobile service like email, photo sharing or banking. Two-factor authentication makes brute force attacks more difficult by establishing a strong obstacle for accessing protected mobile apps from a new device.

Since smartphones are a computing platform similar to those in laptops and desktops, it is still possible to compromise an individual’s smartphone and PC at the same time and defeat two-factor authentication. We have already seen reports of two-factor authentication vulnerabilities. The good news will be that more people will opt-in to two-factor authentication, strengthening the protection of their personal and corporate information. The bad news is that we will likely see an increase in attacks target two-factor as it gains widespread adoption.

3) TARGETED ATTACKS WILL GIVE WAY TO MASS EXPLOIT CUSTOMIZATION
By and large, targeted attacks require a substantial amount of manual work on the part of the attackers in order to identify victims, engineer attack vectors that can fool the victim as well as perform customized compromise development and target reconnaissance. However, attackers will soon discover that some steps of the process can be automated, bringing the sophistication of targeted attacks to the domain of opportunistic attacks, in which a wide net is cast to attract and compromise as many victims as possible with little to no manual work.

Therefore, security that requires manual work or signature updates will become less and less effective. Furthermore, fighting fire with fire, security teams will need to automate certain defenses to keep up with the increasing efficiencies attackers are enjoying.

4) MORE CONSUMER AND ENTERPRISE DATA LEAKS VIA CLOUD APPS
It hardly needs saying that we are more and more dependent on cloud services. Because there is more valuable data for the taking, there are more attackers aimed at the cloud now than ever. There will no doubt be more cloud leak scandals.

Awareness of the implications of putting personal and commercial data and media in the cloud are growing less rapidly than the cloud security breaches themselves, leaving a widening cloud security gap. Moreover, as cloud data management becomes unwieldy, new security vulnerabilities may become public. Cloud breaches may go undetected for months or even years, and the full extent of these breaches may never be fully known or reported.

5) YOUR REFRIGERATOR IS RUNNING EXPLOITS
Retail point-of-sale (PoS) systems have been under attack at a dizzying pace and ATM vulnerabilities have been repeatedly exploited. With the “Internet of things” continuing its inevitable march from early adopters to the mainstream, the next big threat vector might surprise people. It could be anything from thermostats to wearables to streaming media players. Even devices that weren’t previously connected like home appliances, cars or photo frames, could become the weakest link in our always-on lifestyles.

As everything moves online and adoption grows markedly, there will be attacks through systems we haven’t even considered yet. And since people will be bringing their connected personal devices into the office and then bringing their connected business devices home to share the same networks and applications, the Internet of things becomes a new domain for both consumer and business security.

At the same time, after spending years immersed in cyber-security research and development, I feel it is important to note that security breaches happen all the time. While there have recently been many high profile security breaches, these attacks are nothing new. The above five malware trends I see looming in our near-future are based on observations of the ongoing evolution of threats facing people and organizations today. By keeping our eyes on that horizon, the cybersecurity community can address evolving malware threats head-on and pave the way for a more secure future.

About the Author: In addition to being co-founder and chief architect at Lastline (@LastlineInc), Engin Kirda is a Professor at the Northeastern University in Boston, and the director of the Northeastern Information Assurance Institute.

This was cross-posted from Tripwire's The State of Security blog. 

18718
Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
Default-avatar
Jerry Shaw I am in agreement with lots of information in this article. You're a unique author with the ability to put your views into crystal clear sentences.
http://howtonono.com
1423743173
Default-avatar
Chandu chandu teluguwap,Telugu4u

http://www.Telugu4u.Net

http://www.Tollywood365.com

telugu mp3 songs , teluguwap , telugu4u , telugu videos

tollywood movie Updates , movie reviews
1423946872
Default-avatar
Kuldeep Sharma packers and movers kolkata,movers and packers kolkata
http://www.europackersandmovers.com/
1424023385
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.