Virtualization Technology News and Information
Article
RSS
Bitdefender 2018 Predictions: Large IoT Botnets, Fileless Attacks, GPU-based Ransomware and More

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Bogdan Botezatu, senior e-threat analyst at Bitdefender

Large IoT Botnets, Fileless Attacks, GPU-based Ransomware and more

For many people, the Christmas holiday is a time of retrospection. However, it is around this time of the year that security experts take a moment to look ahead to determine the big threats that will likely affect organizations in the year to come. While we still can't predict the lucky numbers to this year's Powerball Jackpot, we have compiled a short list of the most plausible developments in the threat landscape for 2018.

After years of indiscriminate targeting, malware authors will increasingly focus on enterprises and networks of computers. Lateral movement will become standard in most malware, particularly in ransomware. These features will bundle both wormable exploits (particularly those leaked by intelligence agencies) and credential-harvesting utilities such as Mimikatz.

Malware written in scripting languages will increase dramatically. Attachments bundled with spam messages will likely diversify to include malware written in Perl or Python, along with the already traditional downloaders written in JavaScript.

Fileless attacks and malicious manipulation of Windows configuration management tools such as Powershell will also play an important role in 2018. As more users embrace Windows 10 as the only Microsoft-based operating system with long-term prospects, hackers will focus on exploiting the Windows Subsystem for Linux to compromise computers.

Ransomware will remain public enemy number one. The threat landscape will remain faithful to the malware that monetizes best: ransomware, banker Trojans and digital currency miners, but these threats will undergo major changes in the way they perform. We expect to see ransomware that leverages GPU power for encryption purposes to move faster and attempt to circumvent antimalware products by using less documented, GPU-specific APIs that are less likely to raise red flags.

Large IoT botnets will become the new normal in 2018. The source code leaked by the Mirai team is already extensively used as building blocks for more sophisticated bots. This code will see new improvements in 2018 to allow lateral movement inside the compromised network for ransomware or spam-sending purposes.

Last, but not least, Bitdefender experts also expect major changes in the PaaS (polymorphism as a service) market, a vertical that will consolidate throughout 2018. Cybercriminals already use advanced polymorphic engines running in the cloud to flood the market with unique variants of known malware, and the advantages they offer cybercriminals are extraordinary. Licensing access to these custom engines will likely generate good business for these actors and will put even more strain on security companies all over the world.

Even if the security landscape looks grim, there are plenty of things you can do to safeguard your organization. Security solutions with advanced behavioral protection can and will intercept unknown malware so your employees can stay focused on the job. And, while technology can help, most of the increasingly complex attacks leverage the human factor. Companies also need to consider significant investment in training staff, including the higher ranks, on the best security practices for the workplace.

##

About the Author

Bogdan Botezatu 

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that anti-malware research is like working as a secret agent: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Published Tuesday, December 19, 2017 8:11 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2017>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456