Cybercriminals to change how they operate in 2016

Cybercriminals will undergo a major shift in the way they do business next year, including by focusing more on short-duration but highly obfuscated attacks, Bitdefender is predicting.

The security software company expects advanced persistent threats (APT) emerging in 2016 to emphasise obfuscation and information harvesting over persistence, with attackers aiming to be in and out of an organisation in days if not hours, the company expects.

“The business environment will see an increase of targeted attacks and strongly obfuscated bots, with a short life span and frequent updates,” Bitdefender CTO Bogdan Dumitru said. “Most of these attacks will specialise in information theft.”

Bitdefender is also expecting a further blurring of the line between malware and adware, with cybercriminals exploring new monetisation options specific to aggressive adware.

“Currently, operational botnets are still a significant part of the cybercrime ecosystem, but we will witness an increase in the sophistication of potentially unwanted applications and installers bundling greyware,” Dumitru said.

Mobile malware is meanwhile expected to become more sophisticated, with rootkits becoming standard fare on Android and iOS.

Other possibilities predicted by Bitdefender include new breeds of mobile malware with wormable features, as well as the emergence of a massive mobile botnet. These attacks may be driven by social engineering or the exploitation of vulnerabilities such as Stagefright on unpatched platforms.

As the IoT grows popular, it will also become increasingly appealing to cybercriminals, with Bitdefender also expecting battles over data sovereignty and crypto control between users, the industry and governments.

Finally, the company expects ransomware to become multiplatform, with the attack type expanding to OS X systems. Existing ransomware tools will also become more refined and targeted.

Image courtesy of Christiaan Colen under CC