FortiGuard Labs: Cybersecurity Threat Predictions for 2021


Fortiguard Labs - Cyber Threats in 20212020 saw rapid changes on a global scale. Organizations across the world had to adapt to a new normal caused by the pandemic, with little prep time. Consequently, this shift brought significant developments across the cyberthreat landscape.

Going into 2021 and beyond, we face another significant shift with new intelligent edges, which is about more than just end-users and devices remotely connecting to a network.

FortiGuard Labs’ threat predictions for 2021 includes predictions and insights on intelligent edge computing, 5G-enabled devices, and advances in computing power, as well as a new wave of advanced threats that will arise as a result.

Each year at this time, we take a look at trends across the cyberthreat landscape, whether just around the corner or further afield. Predicting security threat trends may seem like more art than science, but the reality is that combining a strong understanding of how threats develop and what sorts of technologies cybercriminals gravitate toward (both to use and to exploit) with evolving business trends and strategies helps make predictions a reasonable process.

Over the past several years, this annual predictions report has touched on such issues as the evolution of ransomware, the risks of an expanding digital business footprint, and the targeting of converged technologies – especially those that are part of smart systems such as smart buildings, cities, and critical infrastructures. It has also considered the evolution of morphic malware, the grave potential of swarm-based attacks, and the weaponization of AI and Machine Learning. Some of those have already come to pass, and others are well on their way.

The Intelligent Edge is a Target

The traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks. One of the most significant advantages to cybercriminals in all of this is that while all of these edges are interconnected, many organizations have sacrificed centralized visibility and unified control in favor of performance and digital transformation.

As such, cyber adversaries are looking at evolving their attacks by targeting these environments and look to harness the speed and scale possibilities 5G will enable.

Trojans Evolve to Target the Edge

While end-users and their home resources are already targets for cybercriminals, more sophisticated attackers will use these as a springboard into other things going forward.  Attacks to corporate networks launched from a remote worker’s home network can be coordinated to avoid suspicions.

Eventually, advanced malware could also discover even more valuable data and trends using new EATs (Edge Access Trojans) and perform invasive actions such as intercepting requests off the local network to compromise additional systems or inject additional attack commands.

5G Can Enable Advanced Swarm-Attacks

Compromising and leveraging new 5G-enabled devices will show opportunities for more advanced threats. Cybercriminals are working towards developing and deploying swarm-based attacks that leverage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real-time to refine their attack as it is happening.

Swarm technologies require large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm, enabling them to rapidly discover, share, and correlate vulnerabilities and then shift their attack methods to exploit what they discover.

Advancements in Social Engineering Attacks

Smart devices or other home-based systems that interact with users will be used as conduits for deeper attacks. Leveraging important contextual information about users including daily routines, habits, or financial information could make social engineering-based attacks more successful.

Smarter attacks could enable the ransoming and extortion of additional data or even stealth credential attacks.

New Ways to Leverage Ransomware in Critical Infrastructures

Ransomware continues to evolve, and as IT systems increasingly converge with operational technology (OT) systems, in particular, critical infrastructure, there will be even more data, devices, and unfortunately, lives at risk. Extortion, defamation, and defacement are already tools of the ransomware trade and moving forward, human lives will be at risk when field devices and sensors at the OT edge, which include critical infrastructures, increasingly become targets of cybercriminals in the field.

Innovations in Computing Performance Will Also Be Targeted

Other types of attacks that target developments in computing performance and innovation in connectivity, specifically for cybercriminal gain are also on the horizon. These attacks will enable adversaries to cover new territory and will challenge defenders to get ahead of the cybercriminal curve.

Advances in Cryptomining

By compromising edge devices for their processing power, cybercriminals would be able to process massive amounts of data and learn more about how and when edge devices are used. This could also enable cryptomining to be more effective. Infected PCs being hijacked for their compute resources are often identified since CPU usage directly impacts the end-user experience while compromising secondary devices could be much less noticeable.

Spreading Attacks from Space

The connectivity of satellite systems and overall telecommunications could be an attractive target for cybercriminals. As new communication systems scale and begin to rely more on a network of satellite-based systems, cybercriminals could target this convergence and follow in pursuit.

Compromising satellite base stations and spreading malware through satellite-based networks could give attackers the ability to potentially target millions of connected users at scale, or even inflict DDoS attacks that could affect vital communications.

The Quantum Computing Threat

Quantum computing could create a new risk when it eventually is capable of challenging the effectiveness of encryption in the future. The power of quantum computers could render asymmetric encryption algorithms solvable.

As such, organizations need to prepare to shift to quantum-resistant crypto algorithms by using the principle of crypto agility. While the average cybercriminal may not have access to quantum computers, some nation-states will, therefore, the eventual threat will be realized if preparations are not made now to counter it by adopting crypto agility.

AI will be the Key

As these forward-looking attack trends gradually become reality, it will only be a matter of time before enabling resources are commoditized and become available as a darknet service or as part of open-source toolkits.

Thus, it’ll take a careful combination of technology, people, training, and partnerships to secure against these types of attacks coming from cyber adversaries in the future.

AI Technology Needs to Keep Up

AI will need to evolve to the next geenration. This will include leveraging local learning nodes powered by ML as part of an integrated system similar to the human nervous system.

AI technologies that can see, anticipate, and counter attacks will need to become reality in the future, as future cyber attacks will occur in microseconds. The primary role of humans will be to ensure that security systems have been fed enough intelligence to not only anticipate and actively counter attacks.

Organizations Can’t Do It Alone

Organizations need to know who to inform in case of an attack so that “fingerprints” can be properly shared and law enforcement can do its work. Cybersecurity vendors, threat research organizations, law enforcement, and other industry groups need to team up for information sharing, to help dismantle adversarial infrastructures to prevent future attacks.

Enabling Blue Teams

Threat actor tactics, techniques, and procedures (TTPs), researched by threat intelligence teams, such as threat actor playbooks, can be fed to AI systems to enable the detection of attack patterns.

As organizations light up heatmaps of currently active threats, intelligent systems will be able to proactively obfuscate network targets and place attractive decoys along attack paths. Eventually, organizations will be able to respond to any counterintelligence efforts before they happen.

For more information, click here.

Emman has been writing technical and feature articles since 2010. Prior to this, he became one of the instructors at Asia Pacific College in 2008, and eventually landed a job as Business Analyst and Technical Writer at Integrated Open Source Solutions for almost 3 years.