Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020

Nothing is more difficult than making predictions. Rather than trying to gaze into a crystal ball, we will be making educated guesses based on what has happened during the last 12 months, to see where we can see trends that might be exploited in the near future.


This is what we think might happen in the coming months, based on the knowledge of experts in this field and our observation of APT attacks – since APT threat actors have historically been the center of innovation.


The next level of false flag attacks


The use of false flags has become an important element in the playbook of several APT groups. In the past, this has generally involved trying to deflect attention away from those responsible for the attack – for instance, the usage of Russian words in Lazarus group malware, or Romanian words by WildNeutron. In one notable case – the Olympic Destroyer attack – the Hades APT group sought to go further than just clouding the waters of attribution by forging elements of the attack to make it seem like the work of a different threat actor. We believe that this will develop further, with threat actors seeking not only to avoid attribution but to actively lay the blame on someone else.


For instance, this could include the usage of established backdoors by other unrelated APT actors, the theft and re-use of code (the recently published case of Turla reusing code from an unknown Iranian group, outlined by the UK NCSC and NSA comes to mind) or deliberately leaking source code so that other groups adopt it and mudd ..

Support the originator by clicking the read the rest link below.