Cyberattacks - Weaponizing the Intelligent Edge
Fortinet has unveiled predictions about the threat landscape for 2021 and beyond. These predictions reveal strategies the team anticipates cybercriminals will employ in the near future, along with recommendations that will help defenders prepare to protect against these oncoming attacks.
The Intelligent Edge - an Opportunity and a Target:
Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks. One of the most significant advantages to cybercriminals in all of this is that while all of these edges are interconnected many organizations have sacrificed centralized visibility and unified control in favor of performance and digital transformation. As a result, cyber adversaries are looking to evolve their attacks by targeting these environments.
Trojans Evolve to Target the Edge:
While end-users and their home resources are already targets for cybercriminals, sophisticated attackers will use these as a springboard into other things going forward. Corporate network attacks launched from a remote worker’s home network, especially when usage trends are clearly understood, can be carefully coordinated so they do not raise suspicions. Eventually, advanced malware could also discover even more valuable data and trends using new edge access trojans and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.
There is progress being made by cybercriminals toward developing and deploying swarmbased attacks. These attacks l everage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real time to refine their attack as it is happening. Swarm technologies require large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This enables them to rapidly discover, share,
Edge-enabled Swarm Attacks:
and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover.
Social Engineering Could Get Smarter:
Smart devices or other home-based systems that interact with users, will no longer simply be targets for attacks, but will also be conduits for deeper attacks. Leveraging important contextual information about users including daily routines, habits, or financial information could make social engineering-based attacks more successful. Smarter attacks could lead to much more than turning off security systems, disabling cameras, or hijacking smart appliances; it could enable the ransoming and extortion of additional data or stealth credential attacks.
Ransoming OT Edges could be a New Reality:
Ransomware continues to evolve, and as IT systems increasingly converge with operational technology (OT) systems, particularly critical infrastructure, there will be even more data, devices, and unfortunately, lives at risk. Extortion, defamation, and defacement are all tools of the ransomware trade already. Going forward, human lives will be at risk when field devices and sensors at the OT edge, which include critical infrastructures, increasingly become targets of cybercriminals in the field.
AI Will Be Critical To Defending Against Future Attacks:
As these forwardlooking attack trends gradually become reality, it will only be a matter of time before enabling resources are commoditized and available as a darknet service or as part of open-source toolkits. Therefore, it will take a careful combination of technology, people, training, and partnerships to secure against these types of attacks.
The evolution of AI is critical for future defense against evolving attacks. AI will need to evolve to the next generation. This will include leveraging local learning nodes powered by ML as part of an integrated system similar to the human nervous system. AI-enhanced technologies that can see, anticipate, and counter attacks will need to become reality in the future because cyberattacks of the future will occur in microseconds. The primary role of humans will be to ensure
AI Will Need To Evolve:
that security systems have been fed enough intelligence to not only actively counter attacks but actually anticipate attacks so that they can be avoided.
Partnerships Are Vital for the Future:
Organizations cannot be expected to defend against cyber adversaries on their own. They will need to know who to inform in the case of an attack so that the ‘fingerprints’ can be properly shared and law enforcement can do its work. Cybersecurity vendors, threat research organizations, and other industry groups need to partner with each other for information sharing, but also with law enforcement to help dismantle adversarial infrastructures to prevent future attacks. Cybercriminals face no borders online, so the fight against cybercrime needs to go beyond borders as well.
Threat actor tactics, techniques, and procedures researched by threat intelligence teams can be fed to AI systems to enable the detection of attack patterns. As organizations light up heatmaps of currently active threats, intelligent systems will be able to proactively obfuscate network targets and place attractive decoys along attack paths. Eventually, organizations could respond to any counterintelligence efforts before they happen, enabling blue teams to maintain a position of superior control.
Enabling Blue Teams: