Story image

Cyber security evasion techniques will escalate in 2016

By Catherine Knowles, Fri 4 Dec 2015
FYI, this story is more than a year old

In the new year the Internet of Things (IoT) and cloud will continue to dominate cyber security conversations, but new malicious tactics and strategies will characterise emerging threats and create unique challenges for businesses.

FortiGuard Labs, Fortinet’s threat research division, have made their annual predictions of the most significant trends in malware and network security going into 2016.

The researchers predict increasingly sophisticated evasion techniques will emerge and push the boundaries of detection and forensic investigation as hackers face increasing pressure from law enforcement.

“With the FortiGuard Labs 2016 predictions, we can see that the security landscape is changing to accommodate for more sophisticated threats and that a ‘tighter’ integration is required for security solutions,” says Jack Chan, Fortinet network and security strategist.

“The wider adoption of the cloud blurs the traditional perimeter which means that security vendors need to be flexible and agile in their offerings,” he says.

According to Chan, “While IoT brings immeasurable benefits to our daily lives, it also raises people’s awareness around security.

“Both consumers and business need to work with security vendors/partners they can trust to provide adequate security and make technology ‘worry free’.”

The top cybersecurity trends for 2016, according to FortiGuard, includes:

Increased M2M attacks and propagation between devices

Several troublesome proofs of concept made headlines in 2015 demonstrating the vulnerability of IoT devices, the researchers say.

In 2016, though, Fortinet expects to see further development of exploits and malware that target trusted communication protocols between these devices.

FortiGuard researchers anticipate that IoT will become central to ‘land and expand’ attacks in which hackers will take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect.

Worms and viruses designed to specifically attack IoT devices

While worms and viruses have been costly and damaging in the past, the potential for harm when they can propagate among millions or billions of devices from wearables to medical hardware is orders of magnitude greater, the researchers say.

FortiGuard researchers and others have already demonstrated that it is possible to infect headless devices with small amounts of code that can propagate and persist.

Worms and viruses that can propagate from device to device are definitely on the radar, FortiGuard says.

Attacks on cloud and virtualised infrastructure

The Venom vulnerability that surfaced this year gave a hint about the potential for malware to escape from a hypervisor and access the host operating system in a virtualised environment, says the researchers.

Growing reliance on virtualisation and both private and hybrid clouds will make these kinds of attacks even more fruitful for cybercriminals, according to the research.

At the same time, because so many apps access cloud-based systems, mobile devices running compromised apps can potentially provide a vector for remotely attacking public and private clouds and corporate networks to which they are connected, says FortiGuard.

New techniques that thwart forensic investigations and hide evidence of attacks

Rombertik garnered significant attention in 2015 as one of the first major pieces of ‘blastware’ in the wild.

However, while blastware is designed to destroy or disable a system when it is detected (and FortiGuard predicts the continued use of this type of malware), ‘ghostware’ is designed to erase the indicators of compromise that many security systems are designed to detect.

Thus, it can be very difficult for organisations to track the extent of data loss associated with an attack, FortiGuard says.

Malware that can evade even advanced sandboxing technologies

Many organisations have turned to sandboxing to detect hidden or unknown malware by observing the behavior of suspicious files at runtime, says FortiGuard.

Two-faced malware, though, behaves normally while under inspection and then delivers a malicious payload once it has been passed by the sandbox.

This can prove quite challenging to detect but can also interfere with threat intelligence mechanisms that rely on sandbox rating systems, according to the researchers.

Each of these trends represents a significant and novel challenge for both organisations deploying security solutions and for vendors developing them, FortiGuard says.

Ken Xie, Fortinet founder and CEO, says, “As we look ahead at the threats associated with our increasing connectedness and the proliferation of new devices, Fortinet is committed to delivering uncompromising security and further enhancing our solutions to meet both the current and future needs of our customers.”

Recent stories
More stories