1. Source code leaks will accelerate malware release cyclesThe release of the Carberp source code in June 2013 provides cybercriminals with yet another set of building blocks to create new malware variants. We saw the same development after the release of the Zeus 220.127.116.11 source code in May 2011 leading to Ice IX and Citadel malware.
Why it’s dangerousNew malware variants contain new characteristics, signatures, evasive capabilities, and other modules never seen before. This makes it next to impossible for standard anti-virus/anti-malware platforms to identify the malware.
2. Mobile SMS-forwarding malware will becomes ubiquitousThe capability to forward mobile SMS messages will be a standard feature in virtually all major malware families, with stand-alone SMS forwarding malware readily available.
Why it’s dangerousMobile SMS verification is rendered all but useless as an out-of-band authentication method. Furthermore, enterprises must be wary of the real potential for SMS communication compromise with the increasing popularity of BYOD.
3. Old school malware techniques will make a comebackAs security products become available to detect new cybercrime techniques, malware authors revert back to more manual and time consuming approaches that can bypass many of these advanced detection and mitigation solutions.
Why it’s dangerousAnomaly detection and device ID solutions can now be easily circumvented by very basic cybercrime techniques. For example, we found several malware variants that prevent the user from interacting with the genuine site, thereby rendering some on-site fraud prevention approaches less effective.
4. Account takeover will move to the victim’s deviceInstead of the fraudster using his own machine to perpetrate account takeover attacks, he accesses the account via the victim’s machine using various remote access technologies. This approach bypasses many device-fingerprinting technologies because the fraudster uses the (genuine) victim’s device.
Why it’s dangerousDevice fingerprinting is used to ascertain whether the account access is taking place from the client’s known device or a different device. When access comes from the client’s device, it appears to device-fingerprinting solutions that the legitimate customer is accessing his account.
5. Malware researcher evasion will become more popularModern malware use a variety of techniques to avoid endpoint and network-based security software detection platforms. Now, however, we’re increasingly seeing malware that use a variety of techniques (including advanced encryption, and virtual machine and debug software evasion) to avoid analysis by malware researchers. Researcher evasion will become a standard component of most malware offerings.
Why it’s dangerousSecurity solutions are updated with counter measures based on malware research. If malware cannot be researched, counter measures cannot be developed. Taking the fight to an even earlier stage – malware authors are heavily investing in making sure researchers cannot scrutinise their software. Amit Klein, CTO at Trusteer, said: “The common thread running through the malware trends we’ve seen in recent months is the evolution, maturing and diversification of the attacks and fraud schemes they facilitate. Malware, once purpose built, is clearly becoming a flexible platform. In many respects it is now almost a commodity. Along with the more traditional pure in-browser attacks, SMS stealing attacks are becoming common, researcher evasion is emerging as a trendy feature and new approaches to account take over and remote device control are being encountered more and more. Not surprisingly, malware is still the most dangerous threat to enterprises, end users and financial institutions. Its success has spawned improved detection and prevention technologies which continue to threaten malware’s existence. This has forced cybercriminals to evolve their own technologies in order to try to stay ahead of security vendors. They have responded through diversification (inventing new fraud mechanics to evade existing security solutions) and commoditization (turning cutting edge, limited circulation techniques into mainstream capabilities). These are indicators that the cybercrime industry is prospering and able to withstand pressure from advances in security technologies. What’s needed is a disruptive approach to security – an approach that addresses the root cause of infections and cybercrime. This approach will need to respond to new cybercrime techniques in real time while also providing holistic protection.” Image Source
Share this story