Malwareless attacks, more advanced ransomware top security issues in 2016

The new year will bring an increase in fileless malware attacks, sophisticated ransomware and threats targeting the Mac OS. Meanwhile, companies will still struggle with the perennial challenge of finding qualified security professionals and security will remain an afterthought in some of this year’s hot technology.

That’s according to Amit Serper, Cybereason lead security researcher, who offered his predictions on what 2016 holds for cyber security.

Fileless malware attacks are on the rise

In 2016, “malwareless attacks will become a real problem, so it's time to realize there's more to security than just malware detection,” he said. Adversaries will increasingly use fileless malware attacks. While a few of these attacks were discovered in 2015, the use of this vector will take off this year.

“Our customers see malwareless attacks as a concern,” Serper said, noting that Chinese hackers prefer this method.

In these types of attacks, an adversary uses an OS’ built-in tools for malicious activities. In Windows, for example, attackers are partial to using Windows Management Instrumentation (WMI) and PowerShell. Since legitimate tools carry out the actions, traditional antivirus software and other malware detection tools will not pick up these attacks.  

“Microsoft is rearchitecting Windows to make it more secure and handle these issues. But those changes will take a while to reach users, especially those who are using older versions of Windows,” Serper said.

Macs will become a greater target while ransomware evolves

The Mac OS was traditionally considered less vulnerable than other Operating Systems. However, as more employees select Macs over PCs, Apple products are no longer ignored by attackers, he said. Serper predicted that in 2016 more malware and fileless malware attacks will target Macs.

“The more pervasive a technology is, the more popular a target it becomes,” he said.

Ransomware will continue to evolve, he said, building on a trend from 2015 when the first piece of ransomware targeting Linux servers made headlines.

Developing advanced ransomware has become a service with attackers setting up factory-like operations to turn out customized programs, including one that mutated to avoid detection, Serper said. Their increased sophistication shifts ransomware from an individual threat to one that can affect any enterprise, as the new types of malware have capabilities to evade traditional sandboxes and antivirus programs.  

With the attack landscape growing more advanced in 2016, Serper called for security teams to reconsider how they approach threats. Detection needs to be included in a security strategy since hackers will always find a way around perimeter defenses, he said.

Finding security professionals remains an issue

The situation around hiring security talent will not improve this year, Serper said. If anything, finding the right employees will become even more difficult as the demand for workers continues to exceed the supply. To resolve this problem, companies will use automation technologies to spot suspicious behaviors, decrease false positives and augment an analyst's decision making.

Trendy technology offers lax security

While wired cars and wearables will be some of the hottest technology in 2016, incorporating security into these products is not a priority for manufacturers, Serper said.

“There are tons of machines that are vulnerable because people only care about taking the product to market. Only after a disaster will people start caring. Automotive may be the only industry to change since they have an incentive to care due to liability. But other IoT devices should also have a security first approach embedded in their design,” Serper said.

Follow Amit Serper on Twitter: @0xAmit

Fred O'Connor
About the Author

Fred O'Connor

Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.