How threat actors backdoor third-party software for enterprise targeting

In the coming year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according to Kaspersky Lab’s Targeted Threat Predictions for 2018. Other hard-to-block attacks, such as those involving high-end mobile malware are also set to rise as attackers resort to new tricks to breach increasingly well-protected targets.

Top advanced targeted threat predictions for 2018

• More high-end mobile malware. Over the last couple of years, the security community has uncovered advanced mobile malware which, when combined with exploits constitute a powerful weapon against which there is little protection.
• Destructive attacks will continue to rise. The Shamoon 2.0 and StoneDrill attacks reported in early 2017 and the June ExPetr/NotPetya attack revealed a growing enthusiasm for destructive wiper attacks.

Top industry threat predictions for 2018 include

• Connected vehicles are likely to face new threats as a result of growing supply chain complexity leading to a scenario where no one player has visibility of, let alone control over, all of a vehicle’s source code. This could make it easier for attackers to break in and bypass detection.
• In healthcare, attacks breaching private networks to target medical equipment and data with the aim of extortion, malicious disruption or worse, could rise as the volume of specialist medical equipment connected to computer networks grows.
• In financial services, the increased security of online payments means that fraudsters will turn their attention to account takeover attacks. Industry estimates suggest fraud of this type will run into billions of dollars.