Threat Actors will come up with new Targeted Attack Tactics that Circumvent Current Anti-evasion Solutions
In the Trend Micro 2017 Security Predictions report, we cover many of the threats that organizations will have to deal with this year and none could be more challenging that a targeted attack. We recently saw a report from the Identity Theft Resource Center which said 2016 had the most data breaches in US history. Within this report it showed hacking/phishing/skimming was the fastest growing incident type associated with attacks.
This should worry most organizations as we know threat actors will continuously refine their attack methods and it appears their ability to infiltrate organizations isn’t diminishing anytime soon. This is the premise for our 2017 prediction around targeted attacks where we stated: Threat actors will come up with new targeted attack tactics that circumvent current anti-evasion solutions.
An area we’ve seen actors regularly cover is evasion techniques in order to evade detection by security solutions. This year we are likely to see threat actors look for ways to improve their infiltration rates by improving their socially engineered emails and utilize more compromised, legitimate websites. Both of these methods can get an unaware employee to open an attachment or click on a link within emails or simply by browsing to a business related website used as a watering hole attack. We will also see improved means of staying hidden within a network once infiltrated. Ensuring their malware is undetectable will be high on their priority list and this will be accomplished by regularly replacing it with new malware designed to be Fully UnDetectable (FUD). This could be by coding in obfuscation technologies like anti-sandbox capabilities or by utilizing a FUD service offering within the criminal underground where testing is done against the security vendors’ products. One area we are likely to see occur in 2017 is an effort by malware developers to target the newer machine learning technologies and how to defeat them. As for exfiltration, we will likely see more use of legitimate applications within an organization used to steal the data. Examples would be cloud sharing services, email, and other applications that are used by employees on a regular basis.
This is why Trend Micro has constantly had to innovate our technologies over the past 28 years to address these changes in the threat landscape. Our cross-generational security, part of the Trend Micro™ Smart Protection Network™, doesn’t replace older technologies, instead we add newer ones that address the latest tactics by threat actors. This ensures if someone decides to utilize an older threat, we still can detect.
With newer ways to infiltrate, remain within, and exfiltrate data during an attack, organizations need to constantly evaluate their ability to identify an intruder sooner. This requires the ability to have visibility across all components of an attack as well as across their network. Attacks today are not monolithic, they will encompass email, web, files as well as users and systems within an organizations network. This is a great opportunity to look into a connected threat defense model which includes improved web and messaging security, adds newer breach detection systems, and has central management for visibility and control of security events occurring across the organization. Now is the time to reassess your businesses ability to defend itself against determined attackers who regularly modify their tools, tactics, and procedures (TTPs) to ensure they are successful.
For our other predictions we made for 2017 including ransomware, business email compromise, and the new more insidious business process compromise read our full report here or watch my monthly threat webinar series January edition where I discuss all of our predictions.