For several years now, Kaspersky Lab's Global Research and Analysis Team (GReAT) has shed light on some of the world's biggest Advanced Persistent Threat (APT) campaigns, including Red October, Flame, NetTraveler, Miniduke, Epic Turla and Careto/Mask.
By closely observing more than 60 threat actors responsible for cyber attacks worldwide, the team of experts have now compiled a list of the top emerging threats in the APT world.
These include:
The fragmentation of bigger APT groups. A growing number of smaller threat actors are likely to lead to an increase in companies being targeted. Larger organisations are expected to experience a greater number of attacks from a wider range of sources.
APTstyle attacks in the cybercriminal world. The days when cybercriminal gangs focused exclusively on stealing money from end users are over. Criminals now use APT techniques to make complex attacks on the banks directly.
Targeting executives through hotel networks. Hotels are perfect for targeting high profile individuals around the world. The Darkhotel group is one of the APT actors known to have targeted specific visitors during their stay in hotels.
Enhanced evasion techniques. More APT groups will be concerned about exposure and will take advanced measures to shield themselves from discovery.
New methods of data exfiltration. In 2015, more groups are expected to use cloud services in order to make exfiltration (the unauthorised transfer of data from a computer) stealthier and harder to detect.
The use of false flags. APT groups are expected to exploit government intention to 'naming and shaming' suspected attackers by carefully adjusting their operations to plant false flags (markers that make it appear as if the attack was carried out by another entity.)
"If we can call 2014'sophisticated', then the word for 2015 will be 'elusive'. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we've already discovered APT players using several zero-days, and we've observed new persistence and stealth techniques. We have used this to developand deploy several new defence mechanisms for our users," comments Costin Raiu, Director of GReAT at Kaspersky Lab.
