New year means more new cyberthreats
By Derek Manky
The new year will bring along escalating severity and frequency of ransomware and cyberattacks, according to FortiGuard Labs, the global threat intelligence and research team of Fortinet. These latest prognostications come as cybercriminals continue to evolve their tactics and techniques, becoming more like traditional advanced persistent threat (APT) groups.
The targets and severity of cyberattacks will continue to evolve in 2022, with supply chain networks and critical infrastructure making compelling and high-impact targets. According to the report, CISOs can expect the following trends to manifest in 2022:
More of the same – but much, much more
COVID-19 resulted in an increasingly fragmented perimeter. As a result, frequency of attacks rose and will continue to do so in 2022. We will see more zero-day attacks as cyber adversaries seek new areas to exploit. The report predicts additional attacks as work-from-anywhere continues, expanding the attack surface and the crime-as-a-service market grows, moving beyond ransomware- and other malware to include new offerings such as phishing- and botnets-as-a-service.
Organizations must also prepare for cybercriminals to target new attack vectors, including previously ignored platforms. Linux, which runs network back-end systems, has been relatively ignored by the hacker community but now is attracting unwanted attention. This has implications for operational technology (OT) devices and supply chains running Linux platforms.
The threats could even move to space, as researchers anticipate satellite networks will become an attractive target for new exploits. FortiGuard Labs anticipates new proof-of-concept (POC) threats targeting satellite networks will emerge. Organizations that rely on satellite-based connectivity for low-latency activities or for delivering services to remote locations could be targeted, as well as field offices, pipelines, or cruises and airlines. Since these are likely to connect with other networks, ransomware attacks are likely to follow.
The ransomware threat continues unabated
Ransomware increased more than ten-fold in 2021, and FortiGuard Lab researchers don’t see any sign of this trend subsiding. If anything, attacks will continue and increase in severity by combining ransomware with distributed denial-of-service attacks (DDoS) designed to overwhelm IT teams and security systems.
Another destructive addition is wiper malware, which can erase the hard drive of the device it infects and potentially destroy systems and hardware. This is an added cause for concern for emerging edge environments, critical infrastructure, and supply chains.
AI helps cybercriminals get smarter
Artificial Intelligence (AI) is already used to detect unusual behavior that may indicate an attack, usually by botnets. But now, cybercriminals are also enlisting AI to thwart security efforts and mimic human activities. Security professionals will also need to keep a lookout for deep fakes as these advanced applications continue to be commercialized. This could potentially lead to real-time impersonations over voice and video applications that could pass biometric analysis and authentication.
Preparing for 2022
The challenge for defenders will go beyond the number of attacks or new techniques. Adversaries will be exploring an even broader attack surface looking for opportunities. And opportunities will come as networks continue to expand. The new edges will be driven by work-from-anywhere (WFA), remote learning, and new cloud services.
In addition to detailing anticipated attacks, the FortiGuard Labs report also offers solutions and countermeasures for organizations to employ. Among the recommendations, defenders must avoid siloed teams and tools. A Security Fabric platform built on a cybersecurity mesh architecture is one way to limit siloes and create greater visibility across the entire distributed network.
There are other ways defenders can stay ahead of bad actors. Leveraging AI and machine learning (ML) can accelerate threat prevention, detection and response, and deploying advanced endpoint detection and response (EDR) can help identify malicious or suspicious behaviours. By implementing zero-trust network access (ZTNA), defenders can help secure application access and extend those protections to mobile uses, and by adding Secure SD-WAN they can protect the ever-evolving WAN edges. Finally, to restrict lateral movement of cybercriminals that manage to access a network, segmentation is needed to restrict an attack to only a portion of the network.
Most of the threats predicted for 2022 represent extensions of the threats we face today – just faster, harder to detect, and more aggressive. If organizations can implement security strategies today that establish a baseline of normal operations, it will become easier to detect and respond to unusual activity. Achieving this baseline state requires integrated, smart solutions that can access real-time threat intelligence, detect threat patterns and anomalies, and automatically initiate a coordinated response, all at the speed of business. Addressing tomorrow’s threats requires the implementation of an adaptive, automated, fast, and fully integrated security strategy today.
Derek Manky is Chief of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs