With a turbulent 2015 and a 15-year-history of fighting malware as a guide, here is what 2016 may bring for the security industry, the online criminal underworld, and corporate and private consumers.
I am keenly aware that “prediction is very difficult, especially if it’s about the future.” But we are a very sharp group, and we’ve been right in the past: Last year, we predicted then-current trends would lead to actual human casualties. In under-reported incidents this year, two people committed suicide after receiving particularly worrisome ransomware demands and one died of a heart attack after reading the ransom note.
So, as we approach what we hope is a Happy New Year, our tech experts offer a message of caution to corporations and private citizens, gamers and CEOs, moms and dads, IT staffers, social media addicts and mobile fans both iOS and Android.
We, of course, also offer a stern warning to hackers, malware crafters and fraudsters: We are getting pretty good at figuring out what you are up to.
Please keep these five points in mind as you go about your connected life in 2016:
• Cybercriminals first focus on the low-hanging fruits. It’s the easiest way to profit and it worked well for them in 2015. I firmly believe we will witness notable developments in the PUA space (adware and greyware), especially on Mac platforms.
• Our experts rank ransomware second. It’s easy to create and hard to detect, its behavior looks almost completely legit and it can be made to work on any operating system. We’ve already seen ransomware for Linux, Windows and Android. Mac OS is just around the corner. It targets both consumers and companies, and the 2016 versions not only will encrypt files and ask for ransom, but will also make all documents available on the internet if ransom is not paid. In an ironic twist, the victim will be able to recover encrypted files – when they are uploaded on the internet for public shaming. Or better yet, encrypting files for 50% of the ransom and publishing on the web the victims online services credentials for the other 50% of the ransom. This year, Bitdefender managed to crack the encryption algorithm of the first two variants of Linux ransomware and help thousands of victims worldwide. I can tell you that Version 3 is out there already, encrypting files with GPG, which means decryption is no longer possible without paying the ransom.
• On the consumer side, Android malware is rapidly copying developments on the Windows platform. While rootkits are on a downward spiral on Windows, they will likely become standard fare on Android and maybe iOS, as both platforms are becoming increasingly complex and feature a large attack surface. New mobile malware with wormable features or a massive mobile botnet are two other possible developments for the next year. These attacks might be driven by social engineering or by the exploitation of major vulnerabilities (such as Stagefright) on unpatched platforms.
• On the business side we will see an increase of targeted attacks and strongly obfuscated bots, with a short lifespan and frequent updates. Most of these attacks will specialise in information theft. Attackers will be in and out of an organisation in a few days, maybe even hours. APT, which currently stands for Advanced Persistent Threats, should change to Advanced Penetration Threats, or even BA for Blitzkrieg Attacks. Lateral movement in the infrastructure of cloud service providers will increase with the advent of tools that allow hackers to compromise the hypervisor from a virtual instance and jump to a different virtual machine. This scenario is particularly dangerous in “bad neighbourhood” environments where an ill-intended party could get to share a physical system with a legitimate service provider or business.
• After all the debates about privacy and cryptography combined with the Snowden case and corroborated with the latest terrorist attacks, we might see major changes on the internet. Countries might start thinking about applying the Great Firewall of China model. French institutions are already thinking about blocking TOR and forbidding free Wi-Fi. We might see a split in the internet along regional borders and a more intense focus on cryptography and security.
Lastly, and very importantly: antimalware solution vendors must up their game. The coming year will likely bring advanced attacks against the security solution itself.