Emerging Threats in the APT World: Predictions for 2015

For several years now, Kaspersky Lab’s Global Research and Analysis Team apt logbook(GReAT) has shed light on some of the world’s biggest Advanced Persistent Threat (APT) campaigns, including RedOctober, Flame, NetTraveler, Miniduke, Epic Turla and Careto/Mask, among others.

By closely observing more than 60 threat actors responsible for cyber-attacks worldwide, the team of experts has now compiled a list of the top emerging threats in the APT world.

These include:

The fragmentation of bigger APT groups. A growing number of smaller threat actors is likely to lead to more companies being hit. And larger organizations are expected to experience a greater number of attacks from a wider range of sources.

APT-style attacks in the cybercriminal world. The days when cyber-criminal gangs focused exclusively on stealing money from end users are over. Criminals now attack the banks directly because that’s where the money is. And they use APT techniques for these complex attacks.

Targeting executives through hotel networks. Hotels are perfect for targeting high profile individuals around the world. The Darkhotel group is one of the APT actors known to have targeted specific visitors during their stay in hotels.

Enhanced evasion techniques. More APT groups will be concerned about exposure and will take more advanced measures to shield themselves from discovery.

New methods of data exfiltration. In 2015, more groups are expected to use cloud services in order to make exfiltration (the unauthorized transfer of data from a computer) stealthier and harder to detect.

The use of false flags. APT groups are expected to exploit government intention to ‘naming and shaming’ suspected attackers by carefully adjusting their operations to plant false flags (that make it appear as if the attack was carried out by another entity.)

If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,comments Costin Raiu, Director of GReAT at Kaspersky Lab.

• To read about these and more new trends in the APT world, please visit the Securelist blog.
• To watch Kaspersky Lab’s video “Game of cyber-thrones: attacks on the corporate sector and business executives in 2014”, please click here.
• To read more about key events that have defined the threat landscape in 2014, please read the full report on the Securelist website.

As an added bonus, Kaspersky Lab is today launching an interactive project, the ‘Targeted Cyberattack Logbook’. This chronicles all the complex cyber-campaigns, or APTs (advanced persistent threats) that have been investigated by the company’s world-leading Global Research and Analysis Team. To explore the logbook, please visit apt.securelist.com .