Kaspersky Labs offers 2016 security predictions

Read time 3min 00sec
Comments (0)
iOS users are likely to become more vulnerable to cyber attacks in 2016, says Kaspersky Labs' Dirk Kolberg.
iOS users are likely to become more vulnerable to cyber attacks in 2016, says Kaspersky Labs' Dirk Kolberg.

Next year will herald "the end of the world for APTs as we know them", Kaspersky Labs predicts.

Advanced persistent threats (APTs) - multi-phase cyber-attacks in which criminals stealthily penetrate a network, avoiding detection to obtain data over an extended period of time - will dramatically change in structure and operation in 2016, said Dirk Kolberg, senior security researcher at Kaspersky Labs, at a presentation of the security firm's 2016 predictions in Johannesburg on Thursday.

The APTs of the near future will focus less on persistence, and rely more on "fileless" or memory-resident malware to reduce traces left on IT systems to avoid detection, Kolberg explained.

In addition, the ubiquity of APTs will continue to grow, as more parties recognise their value, and can now buy digital access to high-profile victims - "access as a service" - through organised cyber-mercenaries, warned Kolberg.

In South Africa, this increase in threats will be multiplied by ever-cheapening mobile data plans and Internet from ISPs, Kaspersky predicts.

Mobile mayhem

In addition, 2016 will see an increase in ransomware and other attacks carried out on mobile and wireless devices, such as smartphones and Internet of things appliances, said Kolberg.

Currently, 98% of mobile-based cyber-attacks happen to Android devices, said Kolberg. This is largely because Android users can easily download illegitimate apps from sources outside Google's Play Store - such as uncertified free versions of certified paid apps - which often turn out to be malware, he explained. iOS users, on the other hand, can only purchase apps through Apple's App Store, which serves as a sturdy verification layer, he continued.

However, it is only a matter of time before cyber-criminals develop ways to target and extort ransoms from iOS users too, and it is likely that when they do they will charge them "Apple prices", Kolberg speculated. The higher price of Apple devices means their users are often assumed to have more money at their disposal, he explained.

Cyber-criminals' constant search for new avenues will make new payment systems, such as Apple Pay and Android Pay, vulnerable as well, Kolberg added.

Judge, jury and executioner

The trends in personal judgement-based attacks observed in 2015 will continue into the next year, added Kolberg.

Acts of cyber-sabotage and public shaming at the hands of hacktivism and nation state-motivated cyber-criminals, most often involving the publication of private pictures, information and communications, will be similarly rife in 2016, he said.

Avoidance tactics

"Cyber-security training for all staff is essential" to avoiding cyber-attacks, said Kolberg, after explaining how criminals can penetrate even the most sophisticated IT systems with access to a gullible or irresponsible employee.

Similarly, companies should be very wary of BYOD practices, as these make corporate IT systems all too easily brought down by individual employees' bad personal security habits, he added.

Companies should employ mature, multi-layered endpoint protection and embrace encryption solutions for company data and communication channels, he suggested.

Furthermore, creating a dedicated security operations centre is becoming an increasingly good idea, he advised.

Login with
6 hours ago
Be the first to comment
See also