Predictions for 2018: zero-day exploits leaked from security agencies, next-level ransomware

As 2017 draws to an end, the Bitdefender threat analysis unit is already looking into the upcoming malware developments that will likely emerge in the year to come. Bitdefender experts predict an increase of zero-day exploits leaked from security agencies the world over, and massive changes to the way ransomware operates.

After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers. Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities.

The number of malicious attachments in SPAM emails will increase, particularly those written in scripting languages such as PERL or Python. Fileless attacks will also increase sharply as Windows 10 adoption becomes universal, leveraging the platform’s support for Powershell or Linux Bash.

The threat landscape will remain faithful to the malware that monetizes best: ransomware, banker Trojans and digital currency miners, but these threats will undergo major changes in the way they perform. We expect to see ransomware that leverages GPU power for encryption purposes to move faster and attempt to circumvent antimalware products.

Bitdefender experts also expect major changes in the PaaS (polymorphism as a service) market, a vertical that will consolidate throughout 2018. Advanced polymorphic engines running in the cloud are already used by cyber-criminals to flood the market with unique variants of known malware and the advantages they offer cyber-criminals are extraordinary. Licensing access to these custom engines will likely generate good business for these actors.

Such polymorphic engines will also be complemented by machine learning algorithms put to bad use. In 2018, we expect to see increased efforts on anti-machine-learning techniques that will advance in two major directions: creating and spreading samples that will make the security vendor create false positives or manipulating the payload until it becomes undetected. In 2018, threat actors will also research vulnerabilities in components that reside below the operating systems, such as fi rmware.

The WiFi and Bluetooth stacks will get increased attention as any potential vulnerabilities identifi ed here offer a stealth backdoor by design that is very diffi cult to detect and mitigate. Large IoT botnets will become the new normal in 2018. Source code for IoT bots is already available for free on the Internet, and cybercrime groups interested in compromising IoT devices already have a solid platform to customize to their own needs.

We predict this code will be improved in 2018 to allow lateral movement inside the compromised network for ransomware or spam-sending purposes. Last but not least, we expect increased activity in the OS X space. For consumers, malware will likely focus on scareware tactics to force victims into paying for useless tools. Enterprises will likely see more targeted attacks, as well as malicious payloads used in advanced persistent threats.