fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project-
fast international shippingISO 9001/27001 Corporate certificationManufacturer certified experts for your project
In 2020, we saw a lot of change on a global scale as organisations around the world adapted to a kind of "new normal" caused by the pandemic. In the midst of this change, there were significant developments across the cyber threat landscape. In 2021, we face another significant change.
In FortiGuard Labs' Threat Predictions for 2021, Fortinet has now identified the strategies cybercriminals are likely to employ in the coming year and beyond. These include predictions about smart edge computing, 5G-enabled devices and advances in computing power, and the new wave of advanced threats that will undoubtedly result.
In recent years, this report has been dominated by predictions about the evolution of ransomware attacks, the risks posed by the growing digitisation of industry and attacks on IoT technologies - particularly smart buildings, cities and critical infrastructure. In addition, the development of morphic malware, the serious potential of swarm-based attacks and the weaponisation of artificial intelligence (AI) and machine learning (ML) were highlighted. Some of these trends have already been realised, others are well on their way.
In recent years, the traditional network edge has been augmented by multi-edge environments such as WAN, multi-cloud, data centres, remote workers, IoT and more, each with their own risks. Although all of these edges are interconnected, many organisations have sacrificed centralised visibility and unified control in favour of performance and digital transformation. As a result, cyber criminals are looking to evolve targeted attacks on these environments and, in the near future, also take advantage of the speed and scalability that 5G networks enable.
While home end-users have long been targets of cyber criminals, sophisticated attackers will use them as another springboard for other future targets. These include, in particular, attacks on corporate networks launched from an employee's home office network. Eventually, advanced malware could use new EATs (Edge Access Trojans) to automatically discover vulnerabilities in the home office and carry out invasive activities.
The compromise and use of new, 5G-enabled devices will open up whole new avenues for threats. Already, cybercriminals are making strides in developing and deploying swarm-based attacks. These attacks connect hijacked devices into an integrated system and share real-time information to refine their attack as it happens. Swarm technologies require large amounts of computing power to efficiently exchange information in a bot swarm. As a result, they are able to discover vulnerabilities more quickly, exchange and then dynamically change their attack methods
Home systems that interact with users will no longer just be targets for attack. Leveraging important contextual information about users, including daily routines, habits or financial information, could make social engineering-based attacks more successful. This could lead to much more than just disabling security systems, disabling cameras, such as stealth credential attacks.
Ransomware is constantly evolving, and as IT systems increasingly converge with operational technology (OT) systems, especially in critical infrastructure, even more data, devices and unfortunately lives will be at risk. Extortion and defamation are already tools of ransomware attacks. In the future, lives will be at risk as field devices and sensors in OT increasingly become targets for cybercriminals.
Processing power is important if cybercriminals are to scale future attacks with ML and AI capabilities. For example, massive amounts of data could be processed by compromising the processing power of edge devices. This could also enable more effective cryptomining. Infected PCs that are hijacked for their computing resources are often identified because CPU usage directly impacts the end user's work experience. Compromising secondary devices might be much less noticeable.
Connectivity from satellite systems could be an attractive target for cybercriminals. As new communications systems scale and begin to rely more on a network of satellite-based systems, cybercriminals could target this convergence. As a result, by compromising satellite base stations and then spreading malware over satellite-based networks, attackers could target millions of connected users on a large scale, or launch DDoS attacks that could disrupt vital communication channels.
The enormous computing power of quantum computers could make some asymmetric encryption algorithms solvable. As a result, organisations will need to prepare to move to quantum-resistant cryptoalgorithms by applying the principle of cryptoagility to ensure the protection of current and future information. Even if the average cybercriminal does not have access to quantum computers, some nation states will recognise possible threats.
As these forward-looking attack trends gradually become a reality, it will only be a matter of time before the resources that enable these attacks become commoditised and available as a 'darknet service' or as part of open-source toolkits. Therefore, it will take a combination of technology, personnel, training and partnerships to protect against these types of attacks in the future.
The development of AI is critical to future defence. AI will need to evolve to the next generation. This includes the use of local learning nodes operated by ML as part of an integrated system similar to the human nervous system. AI-enhanced technologies that can see, anticipate and defend against attacks must soon become a reality, as the cyberattacks of the future will occur in microseconds. The main role of humans will be to ensure that security systems are fed enough information to not only actively defend against attacks, but to actually anticipate attacks so that they can be avoided.
Organisations cannot be expected to defend themselves against cyber adversaries on their own. They need to know who to inform in the event of an attack so that 'fingerprints' are properly shared and law enforcement can do their job. Cybersecurity service providers, threat research organisations and other industry groups need to collaborate on information sharing. Since cybercriminals know no borders online, the fight against cybercrime must also transcend borders. Only by working together can we turn the tide against cybercriminals.
Threat actor tactics, techniques, procedures (TTPs) researched by threat intelligence teams can be fed into AI systems to enable the detection of attack patterns. Similarly, as organisations light up heat maps of currently active threats, intelligent systems can proactively obfuscate network targets and place attractive decoys along attack paths. This type of education gives security team members the opportunity to hone their skills while locking down the network.
Original article by FortiGuard Labs
Translated with DeepL
Corrections and abridgement Victor Rossner