|Derek Manky, chief of security insights and global threat alliances at Fortinet
According to Fortinet, collecting and issuing predictions for cybercrime trends is essential because much of the success of the cybercriminal community has been due to their ability to successfully predict and exploit networking and technology decisions made by their targeted victims.
Cybercriminals use a multi-pronged approach for their attack strategies. The most commonly understood pattern in cybercrime is the development of increasingly sophisticated attack methodologies. For example, we have seen a rise in the use of Advanced Evasion Techniques (AETs) designed to prevent detection, disable security functions and devices, and operate under the radar.
However, two additional patterns are worth noting. First, like any enterprise, cybercriminals do not spend money when they do not have to. The latest Threat Landscape Report from Fortinet, for example, shows that cybercriminals were more likely to target vulnerabilities from 2007 than they were from 2018/2019 – and the same holds true for every year in between. There is no reason to develop a new malware tool when organisations seem all too willing to leave the front door unlocked.
The other pattern is to target as many attack vectors as possible. For example, this same report finds criminals increasingly targeting public-facing edge services, perhaps in response to organisations over-rotating on training personnel and upgrading their email security gateways to combat phishing – different attack vector, the same outcome.
Interestingly, this same strategy undergirds the power of swarm-based attacks, a developing attack strategy I have been talking about for some time. Intelligent swarms of customisable bots, grouped by specific attack function and that can share and learn from each other in real-time could potentially target a network and, by attacking it on all fronts simultaneously, simply overwhelm the network’s ability to defend itself.
Who has the upper hand?
These trends are important to understand because in the cyber arms race, the criminal community has often had a distinct advantage. Given the continued reliance on traditional point products and stovepiped security strategies used by many organisations, that looks likely to continue for some time – unless organisations make a complete paradigm shift as to how they think about and deploy security.
So far, however, some organisations continue to use the same failed strategies to secure new networked environments, such as isolating cloud instances with separate security tools – a strategy that adds additional complexity to already overburdened IT staff, while simultaneously reducing the visibility and control needed to identify and stop multi-vector attacks designed to exploit this specific vulnerability.
The adoption of 5G, however, may end up being the catalyst for a radical paradigm shift in security because it will be the perfect incubator for the development of functional swarm-based attacks. Because 5G-enabled edge networks will be able to create local, ad hoc networks on the fly that can quickly share and process information and applications, groups of compromised devices could work in concert to target victims at 5G speeds. Given the intelligence, speed, and localised nature of such an attack, few current security technologies would be able to effectively fight off such a persistent strategy.
We can turn the tables with AI
To get out ahead of this cycle, organisations need to begin to use the same sorts of technologies and strategies to defend their networks that criminals are using to compromise them. That means adopting an intelligently integrated approach that leverages the power and resources of today's enterprise.
AI represents one of our best hopes for being able to get out in front of this issue. The goal is to develop an adaptive immune system for the network, similar to the one in the human body. In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection, while sending information back to the brain for more processing – like marshalling additional resources or remembering to take an antibiotic.
As AI progresses from its current form, where it is used primarily to sift through mountains of data to solve a problem, it will be able to function more like a human immune system or neural network. AI will rely on interconnected, regionally deployed learner nodes to collect local data and then share, correlate, and analyse that intelligence in a distributed manner.
Interesting developments ahead
This blog only touches on a few of the ideas, but there are a number of interesting trends that business executives and IT teams alike should be familiar with. They include:
- Combining machine learning with statistical analysis to predict attacks by uncovering the underlying attack patterns of cybercriminals, thereby enabling an AI system to predict an attacker's next move, forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits.
- A deep look at how Deception Technologies can be used to create a virtually insurmountable layer of defense around your network, regardless of how far it has been distributed.
- Recent developments in law enforcement that will enable them to get ahead of cybercrime.
- And the rise of new zero-day exploits that, when combined with AI-enabled systems, will enable cybercriminals to strike in ways and places that many organisations are simply unprepared to defend.
Start with an integrated strategy
These trends only underscore the need to take a new approach to security, designed around the principles of integrated solutions, advanced AI and machine learning, and related techniques. Interconnectivity between machine learning systems will be especially critical so that localised machine learning nodes can adapt to a local environment's unique configuration.
By shifting responsibilities to autonomous self-learning processes that function similarly to the human autoimmune system – such as hunting for, detecting, and responding to security events – valuable cybersecurity professionals will have the time and resources to adopt advanced security-driven network strategies designed for today's continually evolving networks.