This article was first published as a part of the cover story in the February 2018 issue of Fast Track on Digit magazine. To read Digit’s articles first, subscribe here. You could also buy Digit’s previous issues here.
While a lot of malware has been discussed elsewhere in this series, there’s still a significant need to understand it deeply and what it is capable of beyond the examples. Especially since it is very easy for Malware to reach us, such as over an app installed on our phone.
One of the latest and rising techniques in the world of malware is file-less malware. This type of malware is essentially invisible to most detection tools. Fileless malware infections use the RAM and the Kernel and do not require any file to be downloaded onto the user hard drive. The entire execution is done within another execution. Persistent threats in the BIOS or UEFI can remain on the machine without being detected by antivirus software and re-infect a system even after it has been scrubbed. One of the easiest opportunities for threat actors is to run some code through the browser window, that can compromise both desktops and smartphones at the same time.
Attackers have also realised that sensitive and lucrative targets have realised the risks and upped their security levels to unfeasible standards. Persistent attackers will be looking into the supply chain for that system and once they find a third party with vulnerabilities, they’ll be able to target it to gain access to the system itself. Malware target identification and delivery will both be automated to a large extent this year using AI and machine learning. On the other hand, it will also be available as a service more easily, thanks to the dark web. Ready to use exploit kits will also be available in greater numbers this year.
An interesting way to avoid malware infections is via ‘vaccination’. Many malware strains, like the ransomware Wannacry, left identifying markers on target machines where they’d executed once, so as not to target it again. Security researchers have recommended the identification of such markers and using them to ‘vaccinate’ your machines. However, this approach does not hold too much promise considering that even the basic patches are not applied to the machines.
There can potentially be new ways in which cybercriminals will use extortion, beyond the use of ransomware, and we could see the emergence of cybercriminals using blackmail, disinformation campaigns, or threaten to release highly sensitive, or compromising data to the public. Combined with blockchain technologies, cloud computing and artificial intelligence, cybercriminals will have an increasingly sophisticated arsenal at their disposal.