- Apr 5, 2014
- 6,001
SECURING data would be a more challenging job in 2017 as Indicators of Compromise (IoCs) had become nearly useless in detection of infection, Kaspersky Lab disclosed in a statement on November 29.
The IoCs used to effectively facilitate information security practitioners in unmasking infections, the cybersecurity firm explained. The discovery of Project Sauron by Global Research and Analysis Team’s (GReAT) in 2016, however, put the IoCs almost meaningless. “Analysis of the group revealed a bespoke malware platform, where every feature was altered for each victim, rendering IoCs unreliable for detecting any other victim, unless accompanied by another measure, such as strong YARA rules,” Kaspersky Lab said.
This advanced persistent threat is capable of creating new tools for every target, effectively eliminating IoCs, the firm noted.
Kaspersky Lab also is anticipating the emergence of “memory-resident malware” in 2007. This malware has “no interest in surviving beyond the first reboot that will wipe the infection from the machine memory.”
“Such malware, intended for general reconnaissance and the collection of credentials, is likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery,” Kaspersky Lab said.
Juan Andres Guerrero-Saade, Kaspersky Lab GReAT senior security expert, saw these as “dramatic developments”, but also saw defenders would not be left helpless if YARA rules would be adopted.
“These will allow researchers to scan far-and-wide across an enterprise, inspect and identify traits in binaries at rest, and scan memory for fragments of known attacks,” Guerrero-Saade said. “Ephemeral infections highlight the need for proactive and sophisticated heuristics in advanced antimalware solutions.” YARA is a tool used in detecting malicious files or suspicious systems and networks activities.
“YARA rules—basically search strings—help analysts to find, group and categorize related malware samples and draw connections between them in order to build malware families and uncover groups of attack that might otherwise go unnoticed.” The year 2017, Kaspersky Lab sensed, would see attribution would flounder among false flags, rise of information warfare, escalation in vigilante hackers, mobile-device espionage, compromise of payment systems, commoditization of financial attacks, rise in malware threats and criminal digital advertising.
“Over the next year, we will see the kind of tracking and targeting tools increasingly used in advertising being used to monitor alleged activists and dissidents,” the firm said. “Similarly, ad networks—which provide excellent target profiling through a combination of IPs, browser fingerprinting, browsing interests and login selectivity—will be used by advanced cyber-espionage actors keen to precisely hit targets while protecting their latest toolkits.”
The IoCs used to effectively facilitate information security practitioners in unmasking infections, the cybersecurity firm explained. The discovery of Project Sauron by Global Research and Analysis Team’s (GReAT) in 2016, however, put the IoCs almost meaningless. “Analysis of the group revealed a bespoke malware platform, where every feature was altered for each victim, rendering IoCs unreliable for detecting any other victim, unless accompanied by another measure, such as strong YARA rules,” Kaspersky Lab said.
This advanced persistent threat is capable of creating new tools for every target, effectively eliminating IoCs, the firm noted.
Kaspersky Lab also is anticipating the emergence of “memory-resident malware” in 2007. This malware has “no interest in surviving beyond the first reboot that will wipe the infection from the machine memory.”
“Such malware, intended for general reconnaissance and the collection of credentials, is likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery,” Kaspersky Lab said.
Juan Andres Guerrero-Saade, Kaspersky Lab GReAT senior security expert, saw these as “dramatic developments”, but also saw defenders would not be left helpless if YARA rules would be adopted.
“These will allow researchers to scan far-and-wide across an enterprise, inspect and identify traits in binaries at rest, and scan memory for fragments of known attacks,” Guerrero-Saade said. “Ephemeral infections highlight the need for proactive and sophisticated heuristics in advanced antimalware solutions.” YARA is a tool used in detecting malicious files or suspicious systems and networks activities.
“YARA rules—basically search strings—help analysts to find, group and categorize related malware samples and draw connections between them in order to build malware families and uncover groups of attack that might otherwise go unnoticed.” The year 2017, Kaspersky Lab sensed, would see attribution would flounder among false flags, rise of information warfare, escalation in vigilante hackers, mobile-device espionage, compromise of payment systems, commoditization of financial attacks, rise in malware threats and criminal digital advertising.
“Over the next year, we will see the kind of tracking and targeting tools increasingly used in advertising being used to monitor alleged activists and dissidents,” the firm said. “Similarly, ad networks—which provide excellent target profiling through a combination of IPs, browser fingerprinting, browsing interests and login selectivity—will be used by advanced cyber-espionage actors keen to precisely hit targets while protecting their latest toolkits.”
