2018 will see cyber attackers turning to ‘software backdooring’

Published: Tuesday, 21 November 2017 12:32

Kaspersky Lab has published it threat predictions for 2018, stating that it expects that in the coming year the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies. Such attacks are extremely hard to spot and mitigate. Other hard-to-block attacks, such as those involving high-end mobile malware are also set to rise as attackers resort to new tricks to breach increasingly well protected targets.

The annual predictions are prepared by the company’s experts, drawing on the research and experience gained over the course of the year. For 2018, Kaspersky Lab has complemented the targeted threat predictions prepared by the Global Research and Analysis Team with a series of industry and technology threat predictions.

Top advanced targeted threat predictions for 2018

In 2017, supply chain attacks such as Shadowpad and ExPetya showed how easily third-party software could be used to gain entry into enterprises. This threat is expected to increase in 2018 as some of the world’s most dangerous threat actors start adopting the approach as an alternative to watering hole techniques or because other attempts to break in have failed.

“Supply chain attacks have proven every bit as nightmarish as we had previously theorised. As advanced threat actors continue to gain access to vulnerable development companies, backdooring of popular or regionally popular software will become an increasingly desirable attack vector. Supply chain attacks will allow attackers to successfully gain access to multiple enterprises in target sectors while flying under the radar of system administrators and security solutions alike,” said Juan Andrés Guerrero-Saade, principal security researcher, Global Research and Analysis Team.

Other targeted threat predictions for 2018 include:

Alongside these advanced threat predictions, Kaspersky Lab’s industry and technology threat predictions aim to help some of the most connected sectors understand and prepare for the security challenges they could face over the coming 12 months.

Top industry threat predictions for 2018 include