By Ernie Smith
Security experts say that cyberattackers are more likely to get experimental when distributing malware or attacking businesses in the new year. They may even rely on social engineering rather than a technical payload.
If you’re going to fight the threats that the internet has to offer in 2020, you’re going to have to get a little more creative.
That’s because attackers are getting more clever and trying some weird tactics.
According to security experts at firms such as Trend Micro and Avast, bad actors are trying unconventional things to stay a step ahead of IT staffs.
Speaking to IT World Canada, Trend Micro’s director of technology marketing, Myla Pilao, said that attackers are increasingly targeting areas that they might have previously avoided, including malware on the Linux platform and malware that aims to steal information rather than money. She also says that attackers will become harder to detect as they use more nontraditional methods to distribute or spread malware.
“These are the ones that probably would stay in our network, would stay in our devices, for a long time unattended,” Pilao told the outlet. “They would have a nontraditional way to evade detection. They will probably be using more blacklisting techniques. They might be doing more in the evasion techniques.”
One example of this is the PureLocker ransomware attack, which gained notice in November. What was weird about it? Rather than being written in a more traditional programming language like Java, JavaScript, or C++, PureLocker was written in PureBasic, a fairly obscure programming language based on the old-school BASIC language.
Additionally, malware is increasingly moving away from trying to infiltrate the App Store and instead toward trying to game the ad systems many free apps use.
“Getting malicious apps onto the Google Play Store and the Apple App Store is not an easy task, which is why cybercriminals are shifting towards subscription scams and fake apps integrated with aggressive adware to make money,” noted Nikolaos Chrysaidos, the head of mobile threat intelligence and security at Avast, in a recent news release.
Another nontraditional method that experts expect to see, according to MediaPost, is the rise of less-technical cyberattacks that rely on social engineering and attempt to compromise vendors that organizations rely on. Agari CMO and Chief Identity Officer Armen Najarian said that the attacks will involve “low-tech and social-engineered attacks at scale,” which tend to be more effective than more automated approaches.
“We fully expect cybergangs and cybercriminal organizations will organize and attempt fewer technical cyberattacks, like malware, starting early in 2020,” Najarian told the outlet.
To put it all another way: Stay on your toes in 2020. You’re going to need it.
“This article originally appeared on AssociationsNow.com. Reprinted with permission. Copyright ASAE: The Center for Association Leadership (January 2020), Washington, DC.”