FortiGuard Labs predicts weaponising of intelligent edge to alter future cyberattacks

FortiGuard Labs has highlighted growing security risks in the future

FortiGuard Labs' predictions reveal strategies the team anticipates cybercriminals will employ in the near future, along with recommendations that will help defenders prepare to protect against these oncoming attacks, according to FortiGuard Labs.

Cyber adversaries leveraging intelligent edges, 5G-enabled devices and advances in computing power will create a wave of new and advanced threats at unprecedented speed and scale. In addition, threat actors will continue to shift significant resources to target and exploit emerging edge environments such as remote workers or even new operational technology edge environments, rather than just targeting the core network.

For defenders, it is critical to plan ahead now by leveraging the power of AI and machine learning to speed threat prevention, detection, and response. Actionable and integrated threat intelligence will also be important to improve an organisation’s ability to defend in real-time as the speed of attacks continues to increase.

The intelligent edge is an opportunity and a target

Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data centre, remote worker, IoT, and more, each with its unique risks. One of the most significant advantages to cybercriminals in all of this is that while all of these edges are interconnected many organisations have sacrificed centralised visibility and unified control in favour of performance and digital transformation. As a result, cyber adversaries are looking to evolve their attacks by targeting these environments and will look to harness the speed and scale possibilities 5G will enable.

While end-users and their home resources are already targets for cybercriminals, sophisticated attackers will use these as a springboard into other things going forward. Corporate network attacks launched from a remote worker's home network, especially when usage trends are clearly understood, can be carefully coordinated so they do not raise suspicions. Eventually, advanced malware could also discover even more valuable data and trends using new EATs (Edge Access Trojans) and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.

Compromising and leveraging new 5G-enabled devices will open up opportunities for more advanced threats. There is progress being made by cybercriminals toward developing and deploying swarm-based attacks. These attacks leverage hijacked devices divided into subgroups, each with specialised skills. They target networks or devices as an integrated system and share intelligence in real-time to refine their attack as it is happening. Swarm technologies require large amounts of processing power to enable individual swarm bots and to efficiently share information in a bot swarm. This enables them to rapidly discover, share, and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover.

Innovations in computing performance will also be targeted

Other types of attacks that target developments in computing performance and innovation in connectivity specifically for cybercriminal gain are also on the horizon. These attacks will enable adversaries to cover new territory and will challenge defenders to get ahead of the cybercriminal curve.

Processing power is important if cybercriminals want to scale future attacks with machine learning and AI capabilities. Eventually, by compromising edge devices for their processing power, cybercriminals would be able to process massive amounts of data and learn more about how and when edge devices are used. It could also enable cryptomining to be more effective. Infected PCs being hijacked for their compute resources are often identified since CPU usage directly impacts the end user's workstation experience. Compromising secondary devices could be much less noticeable.

The connectivity of satellite systems and overall telecommunications could be an attractive target for cybercriminals. As new communication systems scale and begin to rely more on a network of satellite-based systems, cybercriminals could target this convergence and follow in pursuit. As a result, compromising satellite base stations and then spreading that malware through satellite-based networks could give attackers the ability to potentially target millions of connected users at scale or inflict DDoS attacks that could impede vital communications.

Derek Manky, chief, Security Insights & Global Threat Alliances, FortiGuard Labs said that, “2020 demonstrated the ability of cyber adversaries to leverage dramatic changes happening in our daily lives as new opportunities for attacks at an unprecedented scale. Going into 2021 and beyond, we face another significant shift with the rise of new intelligent edges, which is about more than just end-users and devices remotely connecting to the network.”

“Targeting these emerging edges will not only create new attack vectors but groups of compromised devices could work in concert to target victims at 5G speeds. To get out ahead of this coming reality, all edges must be part of a larger, integrated, and automated security fabric platform that operates across the core network, multi-cloud environments, branch offices, and remote workers,” Derek Manky said.