Among the new challenges for online security in 2016 include new Internet of Things (IoT) exploits and malware that can escape sandboxes and move from an isolated hypervisor to the host operating system. And, all the while, hackers are finding new way to avoid detection and hide evidence of tampering.
These are some of the findings of New Rules: The Evolving Threat Landscape in 2016 (PDF), a new report from FortiGuard Labs, the research division of cybersecurity provider FortiGuard, and is based on the analysis of threat intelligence feeds from millions of devices deployed worldwide.
The report notes that, similar to years past, IoT and cloud technologies are key enabling technologies but they’re also subject to new malicious tactics and strategies that service providers and organizations will have to deal with. And evasion techniques will increasingly overcome detection and forensic investigation from law enforcement, meaning that systems could remain compromised for longer after security incidents – increasing their potential impact.
The top 5 cybersecurity trends for 2016 include:
- M2M Attacks and Propagation Between Devices
FortiGuard researchers anticipate that IoT devices lacking adequate security could be an easy entry point for attackers. Connected consumer devices could provide a foothold within corporate networks to wage a “land and expand” attack.
Proofs of concept for this type of attack were seen in 2015, and FortiGuard expects further development of exploits and malware that target trusted communication protocols between these devices and the network.
2. Worms and Viruses Targeting IoT Devices
While worms and viruses have been costly and damaging in the past, the potential for harm when they can propagate among millions or billions of devices from wearables to medical hardware is orders of magnitude greater. FortiGuard researchers and others have already demonstrated that it is possible to infect headless devices with small amounts of code that can propagate and persist. Worms and viruses that can propagate from device to device are definitely on the radar.
3. Attacks On Cloud and Virtualized Infrastructure
Virtualization might not provide the isolation needed to keep threats within virtual machines. Vulnerabilities like Venom suggest that malware could escape from a hypervisor and access the host operating system. This could mean that vulnerabilities within one client system (even a mobile device) could compromise an entire public or private cloud system.
4. Undetectable “Ghostware” Attacks
FortiGuard predicts the use of “ghostware” that erases the indicators of compromise, making it difficult for organizations to track the extent of data loss or what systems are compromised.
Researcher also predict that “Blastware” like Rombertik, which is designed to destroy or disable a system when it is detected, will grow in 2016, but undetectable Ghostware could haunt systems for a long time.
5. Malware That Tricks Sandboxes
Sandboxing is sort of like a bomb disposal container where any potentially dangerous activity is set off in a controlled environment. Executing runtimes in a self-contained sandbox helps determine if code has a malicious payload to deliver.
But what’s interesting is that researchers have found “two-faced malware” that behaves differently during a Sandbox inspection so it will pass a sandbox inspection and be able to deliver its payload when executed on the system proper.
Blackhat hackers are finding new ways to exploit trends in devices and IT delivery, making it important for service providers and organizations to keep security in mind while adopting new technologies – and updating their existing services as new vulnerabilities are found.