Mobile malware, adware and Linux ransomware are on the rise, according to Bitdefender. To help businesses and consumers combat the threat, Catalin Cosoi, Chief Security Strategist at Bitdefender, identifies his top five security predictions for the technology industry in 2016:
1. Looser boundaries between malware and adware: An increase in arrests and takedowns in 2015 will drive new cyber-criminals to monetisation mechanisms specific to aggressive adware, rather than to developing new strains of malware. Operational botnets will still be a significant part of the cyber-crime ecosystem, but we will witness increased sophistication of potential unwanted applications and installers pushing grayware.
2. Advanced Persistent Threats (APT) will drop the persistence factor: APTs will emphasise obfuscation and information harvesting more than persistence. Attackers will be in and out of an organisation in days, possibly even hours. The business environment will see an increase of targeted attacks and strongly obfuscated bots, with a short lifespan and frequent updates. Most of these attacks will specialise in information theft.
3. Mobile malware will increase in sophistication: Android malware is rapidly copying developments on the Windows platform. While rootkits are on a downward spiral on Windows, they will likely become standard on Android and iOS, as both platforms are becoming increasingly complex and feature a large attack surface. New mobile malware with wormable features, or a large mobile botnet, are two other possibilities next year. These attacks might be driven by social engineering or by the exploitation of major vulnerabilities (such as Stagefright) on unpatched platforms.
4. Internet of Things (IoT) grows in popularity:IoT devices will become increasingly popular in 2016, and thus more appealing to cyber-criminals. Their short development lifecycle and limits on processing or battery power leave large holes in a devices security, meaning most IoT devices will be vulnerable to compromise in 2016. The increased surveillance regulations that more countries are trying to pass to combat terrorism will unleash battles for data sovereignty and crypto control.
5. Ransomware becomes multi-platform: Linux ransomware will become more refined and may leverage known vulnerabilities in the operating system’s kernel to get deeper into the filesystem. Botnets to brute force login credentials for content management systems may also become larger in 2016. These credentials could be then used by Linux ransomware operators to automate encryption of a significant part of the Internet.
Bitdefender advises users to regularly update their AV solution in order to fend off malware, adware and other persistent threats. The speed of detection and response to this type of targeted attack is crucial for users to remain secure.