McAfee Labs has identified cyber espionage as one of the top threats in 2015, predicting small nation states and terror groups will use cyber warfare.
“We are seeing a general trend of less sophisticated state- and non-state actors increasingly using cyber warfare and cyber espionage tactics traditionally exclusive to sophisticated state actors,” Ryan Sherstobitoff, principal security researcher for Intel’s McAfee Labs told Advisen.
“These tactics could include sandbox detection-evasion, network monitoring and data exfiltration, and master boot record- and hard drive-wiping capabilities,” he continued.
Sony Pictures Entertainment was recently allegedly attacked by “wiper” malware used to erase hard drives. Hackers also reportedly stole started to release many many gigabytes of data including emails, compensation information and Social Security numbers.
North Korea has widely been named as a leading suspect in the attack, due in large part to reported evidence that leaders of the country were angered by Sony’s backing of the movie, “The Interview”—a comedy starring Seth Rogen and James Franco about a CIA plot to assassinate North Korean leader Kim Jong Un.
If true, does this type of attack quality as cyber espionage? While it is difficult to say for sure what has happened at Sony, McAfee said:
“You could call it ‘sore loser espionage,’” said Sherstobitoff. “The emphasis is on spying on your political adversaries or business competitors, avoiding detection to sustain long-term espionage campaigns, identifying and stealing relevant information, and trying to wipe out entire systems if these campaigns are detected.”
Alex Heid, chief risk officer of Security Scorecard, said the firm is “ripping part” the wiper malware and going through the data.
“It is a very advance strain–fully undetectable,” Heid told Advisen. “It’s kind of impressive.
“Like other companies, we have an interest in understanding the full picture to gather intelligence for our clients,” he added.
Heid would not offer an opinion of the malware’s source. North Korea was been named the primary suspect. Heid acknowledged that the malware’s code is written in Korean but “that doesn’t mean it’s coming form there. It could be a diversionary tactic.”
Additional reporting by Chad Hemenway
***
“The year 2014 will be remembered as ‘the Year of Shaken Trust,’” said Vincent Weafer, senior vice president of McAfee Labs, part of Intel Security, in a November threats report. “Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data.”
Other than cyber espionage, the cyber trends expected by McAfee Labs in 2015:
2. Internet of Things attacks to escalate. Unless security controls are built-in to their architectures from the beginning, the rush to deploy IoT devices at scale will outpace the priorities of security and privacy. This rush and the increasing value of data gathered, processed and shared by these devices will draw the first notable IoT paradigm attacks in 2015.
o The increasing proliferation of IoT devices in environments such as health care could provide malicious parties access to personal data. Cybercriminals value stolen health credentials at around $10 each, which is about 10 to 20 times the value of a stolen US credit card number, according to McAfee.
3. Privacy debates to intensify. Governments and businesses will continue to grapple with what is fair and authorized access to inconsistently defined “personal information.”
o Data privacy rules and regulations will evolve in scope and content; there may even be laws to regulate the use of previously anonymous data sets.
o The European Union, countries in Latin America, as well as Australia, Japan, South Korea, Canada and others may enact more stringent data privacy laws and regulations.
4. Ransomware to evolve into the cloud. Ransomware will evolve its methods of propagation, encryption and the targets it seeks. More mobile devices are likely to suffer attacks.
o Ransomware variants that manage to evade security software installed on a system are likely to specifically target endpoints that subscribe to cloud-based storage solutions.
o Once the endpoint has been infected, the ransomware will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data.
o The technique of ransomware targeting cloud-backed up data is likely to be repeated in the mobile space, with use of virtual currency as the payment method.
5. Mobile attack surfaces and capabilities to proliferate. Mobile attacks will continue to grow rapidly as new mobile technologies expand.
o The growing availability of malware-generation kits and malware source code for mobile devices will lower the barrier to entry for cybercriminals targeting these devices.
o Untrusted app stores will continue to be a major source of mobile malware. Traffic to these stores will be driven by “malvertising,” which has grown quickly on mobile platforms.
6. POS attacks to increase and evolve with digital payments. Point of sale attacks will remain lucrative, and a significant upturn in consumer adoption of digital payment systems on mobile devices will provide new attack surfaces that cybercriminals will exploit.
o Despite current efforts by retailers to deploy more chip-and-pin cards and card readers, growth in POS system breaches will continue in 2015 because of the sheer numbers of POS devices that will need to be upgraded in North America.
o Near field communications (NFC) digital payment technology will become a new attack surface to exploit, unless education can successfully guide users in taking control of NFC features on their mobile devices.
7. Shellshock to spark Unix, Linux attacks. Non-Windows malware attacks will increase as a result of the Shellshock vulnerability.
o McAfee Labs predicts that the aftershocks of Shellshock will be felt for many years given the number of potentially vulnerable Unix or Linux devices, from routers to TVs, industrial controllers, flight systems and critical infrastructure.
o In 2015, this will drive a significant increase in non-Windows malware as attackers look to exploit the vulnerability.
8. Exploitation of software flaws to grow. The exploitation of vulnerabilities is likely to increase as new flaws are discovered in popular software products.
o Exploitation techniques such as stack pivoting, return and jump-oriented programming, and a deeper understanding of 64-bit software will continue to drive the growth in the number of newly discovered vulnerabilities, as will the volume of malware that exploits them.
9. Evasion tactics for sandboxing to develop. Escaping the sandbox—or technology to confine malicious behaviors–will become a significant IT security battlefield.
o Beyond application sandboxing, McAfee Labs predicts that 2015 will bring malware that can successfully break out of some security vendors’ standalone sandbox systems.
