For both consumers and corporates, the security threat landscape will this year become even more treacherous with experts predicting an increase in zero-day exploits and massive changes in the way ransomware operates.
According to Bitdefender’s threat analysis unit, malware authors will continue to target both individuals and enterprises; malware and password-grabbing utilities such as Mimikatz will aggressively exploit “wormable” security vulnerabilities.
Mimikatz has in recent months gained notoriety as an undeniably ubiquitous hacker tool that allows intruders to quickly leapfrog from one connected machine to a network to the next as soon as they gain an initial foothold.
For example, last year’s NotPetya and BadRabbit ransomware strains were paired with Mimikatz and leaked NSA hacking tools to create automated attacks – these infections rapidly saturated networks with disastrous results.
Bitdefender also predicts that malicious SPAM e-mail attachments will increase as well as Fileless attacks – Windows 10 adoption is becoming universal which means the platform’s support for Powershell or Linux Bash utilities will be exploited.
Looking at Fileless malware, these attacks target already-stalled applications, therefore, those that are whitelisted and known to be safe. For example, fileless malware exploit kits can target browser vulnerabilities to make it run malicious code, take advantage of Microsoft Word macros or use the Powershell utility.
The adage, money talks remains true for the threat landscape; malware like ransomware, banker Trojans and digital currency will undergo major changes in the way it performs. Bitdefender, for example, expects that ransomware will start leveraging GPU (Graphics Processing Unit) for encryption which will enable it to move faster in attempts to circumvent antimalware products.
Leo Meyer, MD of Black Castle Technologies, official Bitdefender country partner for consumer products comments: “There is no doubt that the security landscape is going to be a bumpy one in 2018 – consumers and companies alike must become extra vigilant, ensuring their technology and information assets are protected and adapted to deal with the newest threats.”
IoT botnets – the new normal
The continued vulnerability of WiFi and Bluetooth remains a major concern and will increasingly be used to launch attacks, this in turn will lead to IoT botnets, says Bitdefender. Already Bitdefender confirmed the existence of a botnet named HNS (Hide ‘N Seek) and as of 26 January 2018 it controls over 33 000 IoT devices, that continues to evolve and uses samples from various architectures as payloads.
And while botnets have been around for years; mainly used for DDoS (Distributed Denial of Service) attacks, the discoveries made during the investigation of the HNS bot reveal greater levels of complexity and novel capabilities such as information theft – potentially suitable for espionage or extortion adds Bitdefender.
HNS is one example and the source code for IoT bots is readily available online; cybercrime groups interested in compromising IoT devices have a solid platform to customise their attacks and launch it.