With the current state of technology and the massive “boom” of the implementation of the encryption libraries, decentralized, trustless infrastructure services and the cryptocurrencies, we can expect slow movement toward more resilience in the field of malware development.
In a hyperconnected world, where the AV companies are building threat intelligence databases from millions of devices, and operating system cannot be trusted with confidential material, it makes no sense for advanced, well funded malicious actors to rely on centralized infrastructure and services. It’s always hard to predict what direction the future will takes, when people wants to make predictions on some topic.
Below are some of my predictions.
Hyphothesis
Malicious actors are profit driven organizations/individuals searching for:
- reusable implementation — leaked sources, code snippets, open source
- automated solutions & faster development — higher level languages
- cheap services — VPS, hosting
- outsourcing
- anonymity or at least plausible deniability regarding their criminal actions
- sensible operational and personal security
- fast and simple value conversion — cryptocurrencies, money/good mule networks
Modus operandi of the advanced malicious actors:
- basic OPSEC & tradecraft
- anonymous / pseudonymous virtual currency (Bitcoin, Dash, Monero, Zcash, …)
- spreading disinformation, false flag operations, counterintelligence
What we can expect
Emerging technology that will be more used in malware development:
- decentralized, resilient storage & messaging — I2P, IPFS, Bitmessage
- throwaway infrastructure — deployed instantly using automated scripts, fully rebuildable anywhere within minutes
- semiautomated extortion schemes — DAO based botnets
- machine learning
- more pre-installed Android malware from factories and resellers due to 2FA methods currently used for authenticating
- higher level languages for rapid development — Python, Go, Rust, Lua, Powershell
- novice actors adapt techniques used by the most successful and sophisticated threats
Spreading techniques and targets
- ransomware using social / psychological experiments
- discount when the victim infects more computers
- crowdfunding — private keys published after criminal obtains enough money
- “pay or dump data to the public” ransom schemes
- more extortion schemes of the public institutions & private sector (lawyers, architects)
- denial-of-access to the expensive devices — smartphones, watches, IoT devices
This year will be interesting.. Enjoy it!
This article was first published at Malgregator
