It’s common knowledge that ransomware has become the most feared and destructive online threat, putting the biggest of corporations on their knees. Security researchers expect it to continue evolving, in 2016 and perhaps beyond. To understand where ransomware and generally sophisticated malware is headed, Cisco researchers have conducted a detailed analysis based on gathered data in their 2016 Midyear Cybersecurity Report. Not surprisingly, experts expect ransomware to progress in terms of destructiveness and propagation.
How Will Ransomware Evolve?
According to the report, we’ll have ransomware that’s improved and will be able to spread by itself. Entire networks and respectively companies will be held hostage:
New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.
One challenge that network administrators will continue facing is visibility across the network. The sooner a threat is detected, the less number of damages the organization will have to fix. Logically, unpatched systems will be the most vulnerable targets. What is worse, such systems create “additional opportunities for attackers to easily gain access, remain undetected, and maximize damage and profits“.
Besides Healthcare, What Other Sectors Are In Danger?
According to the report, researchers have seen an uptake in attacks on all vertical markets and global regions. In other words, various clubs and organizations, charities and non-governmental organization (NGOs), and electronics businesses have all experienced an increase in attacks in the first half of 2016. One huge problem that directly affects security involves the complexity of regulations and the often contradictory cyber security policies countries have.
The need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.
The malware scene is getting more sophisticated and innovative with time, and malware authors may have unlimited access to the same defensive technology that is employed by the networks they target. To decrease the time needed to detect a threat, organizations should leverage their human security resources.
The focus of attacks is also broadening as malware actors are moving from client-side to server-side exploits. This is how they get better at evading detection and boosting both potential damage and profits.
In a Nutshell: Sophisticated Malware Expectations 2016
- In 2016, Adobe Flash vulnerabilities continue to be favored and applied in malvertising campaigns and exploit kit attack scenarios. For example, Flash accounted for 80 percent of successful results in the now-dead Nuclear exploit kit https://sensorstechforum.com/nuclear-exploit-kit-dead/ , Flash accounted for 80 percent of successful exploit attempts.
- On the server side, mostly exploited are JBoss servers, Cisco says.10 percent of Internet-connected JBoss servers worldwide were found to be affected, which is a considerable number. Furthermore, most of those JBoss flaws have been identified at least 5 years ago, which means that patching has been neglected on a global scale.
- Over the course of the past half year, windows Binary exploits became the prevalent attack method. This attack vector allows for a successful and hardly identifiable way into network infrastructures.
- Malware actors have become better in using encryption as a mean to mask various components in their malicious campaigns. Cisco has also observed an uptake in the use of cryptocurrency, Transport Layer Security and Tor. All of those make communications anonymous across the Web.
- HTTPS-encrypted malware mostly applied in malvertising campaigns increased by 300 percent from December 2015 all the way to March 2016. This type of encrypted malware helps malware actors conceal all their activity.
What Is Cisco Doing to Countermeasure All These Malware Improvements?
“As attackers continue to monetize their strikes and create highly profitable business models, Cisco is working with our customers to help them match and exceed their attackers’ level of sophistication, visbility and control,” Says Marty Roesch, Vice President and Chief Architect, Security Business Group at Cisco.
What can you do? If you are a business owner, you should definitely consider improving your threat response plan. If you are a user, consider following these simple but effective steps to avoid malware:
- Use additional firewall protection. Downloading a second firewall is an excellent solution for any potential intrusions
- Your programs should have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.
- Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.
- Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.
- Disable File Sharing – recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
- Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
- Consider disabling or removing Adobe Flash Player (depending on the browser).
- Configure your mail server to block out and delete suspicious file attachment containing emails.
- Never miss an update for your OS and software.
- Turn off Infrared ports or Bluetooth.
- If you have a compromised computer in your network, make sure to isolate immediately it by powering it off and disconnecting it by hand from the network.
- Employ a powerful anti-malware solution to protect yourself from any future threats automatically.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter