SentinelOne Labs Advanced Threat Intelligence Report

2015 Predictions

The past 12 months were characterized by the extension of threats that emerged in 2013: more sophisti-cated, more targeted, and more havoc creating attacks. There are five trends worth mentioning before we jump to our 2015 predictions.

POSPoint of Sale devices are essentially endpoints with virtually no embedded security. Most run Windows XP and outdated Antivirus software. They were sitting ducks for targeted malware likely developed by a consortium of hacker groups in the former Soviet Union using the same core malware family. While there isn’t an immediate silver bullet, these threats will slowly be mitigated and phased out over time.

2014 Rearview

More, Better Malware

Top 10 Attack Techniques

19%

23%

18%

14%

9%

6%2% 1% 6% DDoS

SQLi

Unknown

Defacement

Account Hijacking

Targeted Attack

DNS Hijacking

Malware

Unspecified Malware

iFrame Injection

Other

SentinelOne Labs Advanced Threat Intelligence Report: 2015 Predictions Page 2

RansomwareThese attacks are very lucrative. Since higher infection rates mean more income -- attackers invested in and bolted-on very sophisticated evasion techniques to their core payloads. The advent of bitcoin has transformed ransomware into a stealthy money making machine anyone can use. This trend is here to stay - since there are no effective security measures against it today.

Targeted, Advanced EvasionBoth Nation States and cyber criminals developed attacks that only execute on a specific machine or set up. Since they behave like a benign application on the way to the target machine these threats are able to evade layers of detection mechanisms. This trend will become more widespread and dangerous in 2015.

Windows was Still Top TargetAlthough we observed several new attacks targeting Mac OS X, Linux, iOS and Android, these were still in very low number and effect. Although some cross platform attacks emerged that were designed to infect Windows and Mac OS X based systems (i.e. WireLurker), they were relatively unsophisticated and not widespread. Windows still is the most dominant attack target, with most dangerous campaigns not focused on the mobile platform yet.

Government Code Went MainstreamOur discovery of Government grade malware developed for espionage (we named it Gyges) being bolt-ed-on to ransomware and financial Trojans was very troubling. This code, which has fallen into the hands of cybercrime groups, enables any type of malware to operate in stealth mode and be completely invisible to all security measures. We are following this development closely.

Motivation Behind Attacks

Cyber Crime

Cyber Espionage

Hacktivism

Cyber War

59%

17.2%

13.8%

9.2%

SentinelOne Labs Advanced Threat Intelligence Report: 2015 Predictions Page 3

OS X, Linux in the Cross HairsUntil now, these two platforms have been relatively “neglected” by attackers. We predict this is about to change. The massive adoption of Linux in enterprise datacenters and recent uptick in revived variants of Linux malware (i.e. “cdorked”) all indicate that this OS will be targeted in the near future. We view the “cdorked” attacks as a proof of concept designed to test the resilience of Linux and the security products used to defend it.

As for Mac OS X, it has experienced a long and slow rise in malware attacks -- if we exclude the enormous “Flashback” campaign a few years ago. However, the recent emergence of zero day vulnerabilities com-bined with the platform’s increasing enterprise market share, especially among executives, leads us to believe this will change in 2015.

The biggest cause for concern here is that because these platforms are generally considered “safe”, there are very few security products available to protect them from advanced attacks.

Enterprise Hostage-WareThe runaway success of ransomware campaigns will emboldened attackers to devise new and even more lucrative attacks. We believe ransomware will be used to coordinate a “time bomb” attack on an enter-prise. By simultaneously holding hostage multiple resources within an organization, an attacker could temporarily halt operations. The devastating effects of such an attack on a small enterprise, would force most companies to pay a high price for the release of their systems. One successful attack of this nature will produce many more copycat incidents.

2015 Predictions

What’s Next

SentinelOne Labs Advanced Threat Intelligence Report: 2015 Predictions Page 4

Critical Infrastructure Shut DownsThere have been a few “first spark” attacks on critical infrastructure this year, including some that shut down power grids for short periods of time but were not were never publicly disclosed. The dangerous combination of old, unmaintained technologies and a large attack surface make critical infrastructure es-pecially vulnerable to attacks. Nation States are building weaponized capabilities to remotely take control of an adversary’s SCADA and other critical infrastructure operational systems. We predict cyber inflicted power outages and irregularities in assembly operations at large manufacturing facilities will result from attacks on SCADA and ICS systems.

New Nation State ThreatsWe predict that Russia will continue to use cyber-attacks as a political retaliation tool, as it is believed they did last year in the Home Depot POS attack and numerous attacks on US-based financial institutions.

We expect China to continue to carry out brute force cyber-attacks and espionage campaigns, primarily against the US, Japan, other APAC countries and human rights activists. Also, even though their methods are not very stealth and often traceable, law enforcement agencies and governments will not be able to do very much to mitigate Chinese attacks. Primarily because of entangled diplomacy efforts and lack of accountability inside the Chinese regime.

We believe a relative new comer to the cyber espionage game, Pakistan, will expand its activities, mostly against India, by outsourcing malware creation and using contractors to build out attacks.

Attacks as a Service Will ProliferateWhile Malware as a Service (MaaS) has existed for several years, we predict Attacks as a Service (AaaS) will emerge in 2015. Buyers will no longer need to patch together malware and other individual cyber-crime for hire services to carry out a campaign. Instead, they will simply visit a website, select the desired malware platform and capabilities to build a Trojan, choose their target assets (online banking credentials, healthcare records, credit card numbers, etc.), request a specific number of infections, pay with an under-ground money transfer provider or Bitcoin - and be in business.

SentinelOne Labs Advanced Threat Intelligence Report: 2015 Predictions Page 5

Contact UsFor more information about SentinelOne products and services refer to the contact Sales: sales@sentinelone.comGeneral inquiries: contactus@sentinelone.com

Phone: +1.855.868.3733Web site: www.sentinelone.com

SentinelOne, USA2513 E. Charleston RdMountain View, CA 94043

This document is for informational purposes only. SENTINELONE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

About SentinelOne SentinelOne is reinventing endpoint security to protect organizations against advanced threats and nation state malware. The company uses predictive execution inspection to detect and pro-tect all devices against targeted zero day threats in real time. SentinelOne was formed by an elite team of cyber security and defense experts from Intel, McAfee, Checkpoint, IBM and the Israel Defense Forces.