As we leave 2019 behind, a new year approaches. And with it comes the impending waves of new malware that businesses will have to defend themselves from.
Looking towards 2020, Myla Pilao, the director of technology marketing for cybersecurity firm Trend Micro, sees three major trends on the horizon: an increase in malware using unconventional behaviors, an emergence of Linux-based malware, and a continued increase in the volume and complexity of info-stealing malware.
When it comes to the classification of malware, Pilao says there are two major identifying factors: the method of entry and the goal (which includes the behavior it undergoes once inside the system).
And when that behaviour becomes untraditional or unconventional, malware is difficult to detect, she said.
“These are the ones that probably would stay in our network, would stay in our devices, for a long time unattended,” said Pilao in an interview with IT World Canada. “They would have a non-traditional way to evade detection. They will probably be using more blacklisting techniques. They might be doing more in the evasion techniques.”
Pilao added that much of Trend Micro’s concentration in 2020 will be on these non-traditional behaviors. Businesses should keep a keen eye out for them as they build out their cybersecurity strategies for 2020.
While Linux-based platforms and applications are much less common, Pilao says this does not preclude them from being the victim of malware attacks. If anything it may make them more vulnerable as criminals must look to less protected entry points.
“That doesn’t mean that you are not magnetizing a lot of the criminals. We are likely going to see an upsurge of Linux-based attacks because as more organizations are keeping their network extremely protected, there are some movements in Linux-based platforms and applications,” explained Pilao.
Stealing information from organizations is by no means a new method of attack. This year saw many newsworthy instances of major enterprises being held ransom to such methods.
But Pilao says she expects to see the trend rise even further in popularity in 2020. And though a rise in popularity can be dangerous in and of itself, she says she also expects an increase in complexity.
“Info-stealing will not go away. They will become more penetrating into enterprise networks,” said Pilao. “A couple of years ago info-stealing was more on the social media channels or used in some of the enterprise attacks but just as one of the many attack forms. But next year, we probably will see them more integrated into the enterprise.”
What can you do to prepare for this?
As always, when it comes to cybersecurity, one cannot look past the power of education, and Pilao reinforced this notion.
Organizations are increasingly more focussed on this but Pilao still sees one glaring error in how that education is put into practice.
“A lot of cyber education is heavy on education, but less on the power. You as an employee; you as a third party; you as a partner of my organization; you are part of my barometer and my sensor. And that requires fast response and fast reporting,” said Pilao. “However, most organizations are very process-oriented. That stops them from being fast enough to enable the people to report. It’s like sweet and sour. We enable them but the process is not supporting the goal.”
Another aspect of cybersecurity training that Pilao says she sees not being executed properly is the need to bridge the gap between generations and the level of comfort they have with technology.
“We have to recognize a lot of big organizations have cross-generational employees. There are your Gen X-ers. There are your Gen Y-ers. And then Gen Z will enter soon,” explained Pilao.
The younger generation tends to respond better to video and visuals when learning as opposed to using methods like cut and dry checklists. The older generation, she said seems to lean more towards those traditional methods.
Beyond the need to continually educate and empower your team, Pilao does point to a few other steps that businesses can take to protect themselves against the attacks of the near future.
Do you operate in an enterprise? Well, Pilao points out that the bigger the organization, the more opportunity there is for bad actors to try to infiltrate you.
“The reason that we sometimes will get surpassed with one or two forms of attack is that we have a very big blindside,” explained Pilao.
So what can you do to minimize that risk when malware attacks are likely to get more complex and operate in unpredictable ways?
Well, according to Pilao, you must fight fire with fire, in a manner of speaking.
“With all the things that I’ve mentioned, the most common denominator is that the kind of technique that they use is non-traditional. So, therefore, why do you have threat intelligence that is designed to look at the traditional? To look at what’s worked in the past?” wondered Pilao. “To minimize or at least try to close that gap, you need better threat intelligence. So a better stress intelligence that integrates the kind of potential techniques, should be incorporated right into your threat monitoring scheme.”
Needle in a haystack
Great strides have been made in gaining full visibility of one’s networks, but with that increased oversight has come the burden of receiving thousands of alerts pointing to potential threats.
Weeding through the waves of alerts is now the new challenge.
“You have to have an ability to detect but also clearly associate the highly-correlated, high-impact attacks amongst the thousands of alerts or incidents or reports that you have and this is very difficult,” explained Pilao.
There are software solutions for this, explained Pilao, but a more important aspect of this in her eyes, is the human element. And this ties right back in with what she said about cybersecurity education.
“We have to have a very robust incident response that we cascade from top to bottom,” said Pilao. “And there has to be a heightened awareness that if they see some abnormal stuff they’re not supposed to sleep on it but really take an action. So we need to change this incident response to something that is very inclusive not only to the IT group, but action-driven across the organization.”
Pilao’s final recommendation is in her words “non-negotiable”.
“Advanced threats require advanced solutions,” asserted Pilao. “You need to have a multi-layered approach to be able to, number one, harden the security solutions you have in all your network topology, but as I said, have proper monitoring. So that requires advanced security solutions.”
As for where to turn when looking for all the types of solutions that she has mentioned, Pilao says you should be able to find them pretty well right across the market.