Cybersecurity solutions company Fortinet unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyberthreat landscape for 2022 and beyond.
Cyber adversaries are evolving and expanding their attack methods to target new areas for exploit spanning the entire attack surface especially as work-from-anywhere continues. They are looking to maximise opportunity from the 5G-enabled edge, to the core network, home, and even satellite internet in space. The forward-looking trends reveal strategies FortiGuard Labs anticipates cyber adversaries will leverage going forward, along with recommendations that will help defenders prepare to protect against these oncoming attacks.
Derek Manky, Chief, Security Insights & Global Threat Alliances, said: “Cybercriminals are evolving and becoming more like traditional APT groups; zero-day equipped, destructive, and able to expand their techniques as needed to achieve their goals.
“We will see attacks spanning further outside of the extended network, even into space, as attackers take advantage of a fragmented perimeter, siloed teams and tools as well as a greatly expanded attack surface. These threats will leave overwhelmed IT teams scrambling to cover every possible avenue of attack. To combat these evolving threats, organisations need to adopt a Security Fabric platform founded on a cybersecurity mesh architecture.”
Attacks are often discussed in terms of left-hand and right-hand threats when viewed through an attack chain such as the MITRE ATT&CK framework. On the left side of the attack chain are efforts spent pre-attack, which includes planning, development, and weaponisation strategies. On the right is the more familiar execution phase of attacks. FortiGuard Labs predicts that cybercriminals will spend more time and effort on reconnaissance and discovering zero-day capabilities to exploit new technologies and ensure more successful attacks.
Ransomware will get more destructive: There will continue to be a crimeware expansion and ransomware will remain a focus going forward. Ransomware attackers already add to the noise by combining ransomware with distributed denial-of-service (DDoS), hoping to overwhelm IT teams so they cannot take last-second actions to mitigate an attack’s damage. Adding a “ticking time bomb” of wiper malware, which could not only wreck data but destroy systems and hardware, creates additional urgency for companies to pay up quickly. Wiper malware has already made a visible comeback, targeting the Olympic Games in Tokyo, for example.
Cybercriminals use AI to master deep fakes: Artificial Intelligence (AI) is already used defensively in many ways, such as detecting unusual behaviour that may indicate an attack, usually by botnets. Cybercriminals are also leveraging AI to thwart the complicated algorithms used to detect their abnormal activity. Going forward, this will evolve as deep fakes become a growing concern because they leverage AI to mimic human activities and can be used to enhance social engineering attacks. In addition, the bar to creating deep fakes will be lowered through the continued commercialisation of advanced applications. These could eventually lead to real-time impersonations over voice and video applications that could pass biometric analysis.
More attacks against lesser targeted systems in the supply chain: In many networks, Linux runs many of the back-end computing systems, and until recently, it has not been a primary target of the cybercriminal community. Recently, new malicious binaries have been detected targeting Microsoft’s WSL (Windows Subsystem for Linux), which is a compatibility layer for running Linux binary executables natively on Windows 10, Windows 11, and Windows Server 2019. In addition, botnet malware is already being written for Linux platforms. This further expands the attack surface into the core of the network.
Cybercriminals target everywhere
The challenge going forward for defenders is far more than just the rising number of attacks or evolving techniques of cyber adversaries. New areas for exploitation are being explored spanning an even broader attack surface. This will be especially difficult because at the same time, organisations around the world will continue to expand their networks with new network edges driven by work-from-anywhere (WFA), remote learning, and new cloud services.
Similarly, in the home, connected learning and gaming are commonplace activities and growing in popularity. This rise in rapid connectivity, everywhere and all of the time, presents an enormous attack opportunity for cybercriminals. Threat actors will shift significant resources to target and exploit emerging edge and “anywhere” environments.
Cybercrime targets space: FortiGuard Labs expects to see new proof-of-concept (POC) threats targeting satellite networks over the next year as satellite-based internet access continues to grow. The biggest targets will be organisations that rely on satellite-based connectivity to support low-latency activities, like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines.
Guard your digital pockets: Hijacking wire transfers has become increasingly difficult for cybercriminals as financial institutions encrypt transactions and require multi-factor authentication (MFA). Digital wallets, on the other hand, can sometimes be less secure. While individual wallets may not have as big a payoff, this could change as businesses begin to increasingly use digital wallets as currency for online transactions.
Esports is a target too: Esports are organised, multiplayer video gaming competitions. It is a booming industry that is on track to surpass $1 billion in revenue this year. It is an inviting target for cybercriminals, whether by using DDoS attacks, ransomware, financial and transactional theft, or social engineering attacks since they require constant connectivity and are often played out of inconsistently secured home networks or in situations with large amounts of open Wi-Fi access.
