February is an exciting time of year for the security industry. With RSA just around the corner, the buzz about cybersecurity news has already started – and if you’re familiar, you know how fast news develops in a sphere that exists in the digital plane. Whether or not you’ve attended RSA before, it’s always important to catch up on the latest industry developments so you’ll be ready for conversations on the conference floor, as well as references made in panels and programming. Luckily, we’ve done the research and have you covered. Here are three trends you’ll want to know about before heading off to San Francisco:
#1. Polymorphic malware and malware mutation
Like the name suggests, polymorphic malware has the capacity to change form – which can be disastrous for a system that isn’t expecting it. This type of malware can disguise itself using different naming conventions, hashes, or encryption signatures to hide its code, which makes search-and-destroy tactics difficult even for advanced security professionals. By using constantly changing and obfuscated code, polymorphic strains of malware can slip past traditional security systems trained to detect more recognizable threats.
Polymorphic malware isn’t a thing of the past – in fact, many threats impacting digital infrastructure today have switched to this form to avoid detection and cause more damage. Although some of the more famous attacks such as Operation Troy (2013) or the Beebone Botnet (April 2015) have come and gone, it is now more important than ever to prepare for such an attack and defend your systems accordingly.
More reading, published since last year’s RSA:
- Detecting obfuscated malware using reduced opcode set and optimised runtime trace, by Philip O’Kane, Sakir Sezer, and Kieran McLaughlin.
- On-Demand Polymorphic Code in Ransomware, by Fortinet.
Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware.
- Next-Generation Threats Exposed, by Webroot.
The Webroot 2016 Threat Brief shares a glimpse into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks seen by our users over the past year.
#2. IoT and Exploitation
The Mirai botnet attack last October generated a lot of buzz on social media – and not necessarily the good kind. Wired described Mirai as a type of malware that “automatically finds Internet of Things devices to infect and conscripts them into a botnet” (2016), which can have significant security impacts on digital systems IoT devices assist – including the Internet itself. Many headlines condemned IoT as a straw man for the Mirai botnet after digital infrastructure was put at risk, but this level of panic was relatively understandable. After all, a bunch of simple IP cameras were able to overwhelm Dyn, a very large DNS provider, and bring down a significant portion of the Internet’s backbone.
We expect there to be more than a few conversations about the implications of Mirai and future botnet attacks at RSA this year. As IoT becomes more integrated into daily life, with innovations such as smart thermostats, vehicles, and even cities, security to prevent the abuse and remote control of these devices will be imperative moving forward.
More reading, to catch you up on the spindly legs of the Mirai botnet attack:
- The Botnet that broke the Internet isn’t going away, by Wired.
What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it.
- Mirai Botnet DNS attack highlights the need for Cognitive Cybersecurity, by SparkCognition.
New Cyberattacks use open source code and combined computing power to outsmart and overwhelm support services running the most popular sites on the internet. With computer chips becoming more powerful, more available, and processing more data, Cybersecurity innovation is moving to the next frontier, AI.
#3. Ransom worms
Worms are the bane of the security professional’s existence, and a prime subject for perhaps the scariest sci-fi horror crossover this year has ever seen. In essence, a cryptoworm is similar to its real-world counterpart: ransomware attaches itself to a network worm, and proceeds to crawl through a system, tirelessly copying itself to every computer it can reach on a local network. According to ComputerWorld, even if only one-fourth of the daily 100,000 victims paid the ransom demanded by the Locky worm in 2016 (amounting to about .5 bitcoins, which is about $213), the worm would pull in over $5 million in profit per day. Scared yet?
Last year, Microsoft identified a worm called ZCryptor designed to infect removable devices, and the incoming year will no doubt carry more sinister surprises. Many security professionals – and even the FBI – warn of the dangers brought forth by cryptoworms. Staying protected is now more important than ever, especially in the face of a constantly and exponentially evolving threat base like one worm (or one hundred, or one thousand).
More reading, to meet the cryptoworm more personally (if you dare):
- Ransomware: Past, Present and Future, by Cisco Talos.
Ransomware is a change to this paradigm from subversion of systems to outright extortion; actors are now denying access to data, and demanding money to restore access to that data. This paper will discuss the latest ransomware trends as well as how to defend your enterprise against this threat.
- Ransomworm: the next level of cybersecurity nastiness, by CSO Online.
As if holding your data hostage and seeking cash payment weren’t harsh enough, security experts foresee the next stage of ransomware to be even worse.
- ZCryptor, the conqueror worm, by Kaspersky Lab.
Analysts and researchers agree that 2016 is the year when ransomware went really big. Cybercrooks didn’t need much time to see the potential value of cryptolockers, and they readily added ransomware to their arsenals.
With this, you have the scoop you need for RSA. Get ready to hear and talk about these three topics all weekend – and don’t forget to visit SparkCognition at booth #4535!
To learn more about cognitive security and artificial intelligence, check out this webinar!