1、Cyber Threat Predictions for 2021 An Annual P������erspective by FortiGuard Labs WHITE PAPER 2 Introduction Each year at this time, we take a look at trends across the technology landscape to predict emerging security issues, whether just around the corner���� or further afield. Predicting security threat tre
2、nds may seem like more art than science, ������but the reali������ty is that combining a strong understanding of how threats develop and what sorts of technologies cyber criminals gravitate toward (both to use and to exploit) with evolving business trends and strategies helps make predictions a reasonably strai
3、ghtforward process. However, this also requires having spent years identifying and assessing ������cyber-criminal activities and behaviors, working closely with law enforcement to track down and catch criminals, and building strategies desi������gned to thwart malicious activity. And the cybersecurity threat re
4、searchers at FortiGuard Labs have spent the last 20 years doing just that. While������ some of the details may change, attack patterns, criminal behaviors, and objectives are relatively constant when seen through the lens of experience. Mapping these predictable behaviors against technol�����ogy trends yields
5、critical insights into the �����sorts Threat actors are shifting significant resources to target and exploit emerging network edge environments, such as remote workers and the cloud. of thing������s organizations need to be preparing for if they want to protect their connected resources from tomorrows cyberatt
6、acks. These include the theft of data and intellectual property, evolving ransomware techniques, de������vice compromise, social engineering, and other looming digital threats. Over the past several years, this annual predictions report has touched o������n such issues as the evolution of ransomware, the risks
7、of an expanding digital business footprint, and the targeting of converged technologiesespecially those that are part of smart sys������tems such as smart buildings, cities, and critical infrastructures. It has also considered the evolution of morphic malware, the grave potential of swarm- based attacks,
8、and the weaponization of artificial intelligence (AI)������ and machine learning (ML). Some of those have already come to pass, and others are well on their way. To get out ahead of these challenges, organizations need to do two things: first, stay abreast of ongoing trends, and second, begin preparing no
9、w to defend against these emerging threats. Living on the Edge Over the past few years, networks have been radically transformed. In simplest terms, the traditiona��������l network perimeter has been replaced with multiple edge environmentslocal-area network (LAN), wide-area network (WAN), multi-cloud, data
10、 center, remote worker, Internet of Things (IoT), mobile devi�������ces, and moreeach with its unique risks and vulnerabilities. One of the most significant advantages to cyber criminals in all of this is that while all of these edges are interconnected, often due to applications and workflows ���moving acros
11、s or be���tween multiple environments, many organizations have sacrificed centralized visibility and unified controls in favor of performance and agility. Threat actors are shifting significant resources to target and exploit emerging network edge environments, such as remote workers and the cloud, rat
12、her than just targeting the core network. Secur�������ing these new environments, including new technologies and converging systems, is more challenging than it may seem. The transition to remote work, for example, is not just about more end-users and devices remotely connecting to the network. While we ha
13、ve seen an expected spike in attacks targeting novice remote workers and vulnerable devices to gain network access, we are also beginning to see new attacks targeting connected home networks. Much of that effort is focused on exploiting older, more vulnerable devices such as home rou����ters and enterta
14、inment systems. But there are also new efforts underway targeting smart systems connected to the home environment that tie multiple devices and systems together. Smart devices that interact with users, such as AI-based virtual assi������stants, collect and store volumes of information about its users. Com
15、promising such devices can yield valuable information that can make social engineering-based attacks much more successful. And as these devices begin to contro�������l more elements of our lives, successfully compromising such a system can lead to such things as turning off security systems, disabling ca�����me
16、ras, and even hijacking smart appliances and holding them for ransom. 3 WHITE PAPER | Cyber Threat Predictions for 2021 But that is just the start��������������. While end-users and their home resources can be compromised through the exploitation of detailed information, more sophisticated attackers use these as
17、a springboard into other things. Corporate network attacks launched from a remote workers home network, especially when usage trends are clearly understood, can be care�����fully coordinated so they dont raise suspicions. Intelligent malware that has access to ������stored connectivity data can much more easil
18、y hide. But thats just the start. Advanced malware can also sniff data using new Edge Access���� Trojans (EATs) to do���� things like intercept voice requests off the local network to compromise systems or inject commands. Adding cross-platform capabilities to EAT threats through the use of a programming la
19、nguage like Go will make EATs even more dangerous as these atta�������cks will be able to hop from device to device regardless of the underlying OS. Competing against the deep security resources of large organizations puts cyber criminals at a disadvantage. To succeed, cyber criminals need to leverage reso
20、urces laying around at their disposalthe low-hanging fruit. But increasingly, these edge devices will also be leveraged for ML, especially as they are increasingly p������owered by 5G and beyond. By compromising edge devices for their processing power, cyber criminals will be able to surreptitio��������usly proce
21、ss massive amounts of data and learn more about how and when edge devices are used. Compromising edge devices can enable things like cryptomining much more ef������fectively than traditional monolithic systems. Infected PC nodes being hijacked for their compute resources are often noticed quickly since CP
22、U usage is high and directly applies to the end-users workstation. Compromising secon������dary devices would be������ much less noticeable. As a result, visibility on other health metrics for these devices will become more criticalespecially as edge devices and an expanding number of edge networks begin to pla
23、y a more crucial role in corporate networks. But for many organizations, by the time they implement an edge computing strategy, the devices they will rely on will have already been compromised. Advanced malware can also sniff data using new Edge Access Trojans (EATs) t�������o do things like intercept voic
24、e requests off the local network to compromise systems or inject commands. Adding cross-platform capabilities to EAT threats through the use of a programming language like Go will make EATs even more dangerou����s as these attacks will ������be able to hop from device to device regardless of the underlying OS
25、. Compromising and leveraging 5G-enabled devices will also open up new opportunities for advanced threats. Over the last several reports, we have been documenting the progress made towa����rd developing and deploying swam-based attacks. Swam attacks leverage thousands of hijacked devices divided into su
26、bgroups with specialized skills. They target networks or devices as an integrated system and share intelligence in real time to refine an attack as it is happening. This increases the efficiency and effectiveness of their attack. Swarm �����technologies require large amounts of processing power to pow������er
27、indivi����dual swarmbots and����� efficiently share information between the different members of a swarm. This enables them to more rapidly discover vulnerabilities, share and correlate those vulnerabilities, and then shift attack methods to better exploit them. These networks will also be needed to power an
28、d enable AI-based systems so that coordinated attacks can rapidly become more efficient and effective at both compromising systems and evading detection. To make all this happen, AI will need to evolve to the next generation. This will incl�������ude leveraging local learning nodes powered by ML. Such node
29、s will also need to have analysis and action capabilities and the ability to speak with and update each other with what they see. These advances in AI are already in motion. In the meantime, we can expect to see an increasing number of open-source toolkits designed to help cyber criminal������s effectivel
30、y target and compromise edge devices. These tools will also help cyber criminals create and ma���������intain ad hoc networks of compromised devices to ensure large amounts of computing power a������re available at a moments notice. This will enable them to more effectively launch attacks, overcome security system
31、s, and avoid countermeasures. The addition of a�����dvanced AI by some well-funded cyber-criminal organizations will also������� allow them to learn how to detect and overcome defensive strategies. In addition, we can also expect a rise in compromised networks of edge devices that are sold as a service. These m
32、alicious edge networks could then be used to process information, gather intelligence about a target, or launch a coordinated attack that simultaneously targets as many attack vectors as �����possible, thereby overwhelming defenses. Last year, we predicted that the advent of 5G might be the initial ca�����tal
33、yst for developing functional swarm-based attacks. We also said that this could be enabled by creating local, ad hoc networks that can quickly share and process information and applications. Today, we seem closer t���o that prediction than ever before. In the U.S., for example, basic 5G coverage (with
34、a 600 MHz spectrum thats more effective at penetrating buildings and covering long distances) is now available in 5,000 cities and to over 200 million Americans. The much faster millimeter-wave 5G is also being rolled �����out, starting in six cities, with more on the way. New advances, such as massive 4
35、 WHITE PAPER | Cyber Threat Predictio�������ns for 2021 multiple-input multiple-output (MIMO) technology, provide uniformly good service to wireless terminals in high-mobility environments. And now, new 5G-enabled smartphones are beginning to include a 5G mmWave antenna to accelerate adoption even faster.
36、Cyber criminals have not missed the implica�������tions or the opportunity for exploitation. By weaponizing 5G and edge computing, individually exploited devices could not only become a conduit for malicious code but groups of compromised devices could work in concert to target victims at 5G speeds. Adding
37、 the intelligence provided by connected virtual assistants and similar smart devices means that the speed, intelligence, and localized nature of such an attack may overcome the ����ability of legacy security technologies to effectively fight off such a strategy. Exposure: The Rise of AI-based Playbooks
38、To Predict Attacks (or Beat Security Systems) Combining AI and Playbooks To Predict Attacks Investing in AI not only allows orga�������nizations to automate tasks but it can also enable an automated system that can look for and discover attacks aft������er the fact and before they By weaponizing 5G and edge comp
39、uting, individually exploited devices could not onl������y become a conduit for malicious code, but groups of compromised devices could work in concert to target victims at 5G speeds. occur. And one of the most exciting cybersecurity tactics to come out of this is the development and use of playbooks that
40、 document the behaviors of malicious attacks and cyber-criminal organizations in detail, an idea we discussed in last yea������rs predictions report. Today, as AI and ML systems gain a greater foothold in networks, the ability to build an��������d deploy such playbooks is much closer to reality. Basic playbooks u
41、sing various schemes to document and standardize behaviors and methodologies, such as the MITRE ��������ATT&CK framework, are already being produced by some threat research organizations, including FortiGuard Labs. These threat “fingerprints,” or tactics, techniques, and procedures (TTPs), provided by threa
�����42、t-intelligence sources, are fed to AI systems to enable them to detect attack patterns and interrupt attacks by anticipating and shutting down the next step in an attack sequence. Once this information is added to an AI learning system and augmented through trained ML systems, networks will not need
43、 to wait until they are under attack to respond effectively to a threat. Remote learnin������g nodes placed at the edges of the network, and even out beyond the network as reconn�������aissance sensors, will provide advanced and proactive protection. They will be able to detect a threat and forecast threat actor
44、 and malware movements to proactively intervene. They can also coordinate with other nodes to simultaneously detect attack profiles never available beforesuch as identifying artifacts from attack code, compiler behavior, symbols, and styles associated with advanced persistent threat����� (APT) groupsto s
45、hut down all avenues of attack. P������laybooks can reflect attack patterns and the granularity of malicious behaviorthe TTPs of cyber criminalsto enhance threat response and generate attack simulations to strengthen the skills of cybersecurity professionals. This sort of Blue Team training gives security
46、 team members the ability to improve their skills while locking down the network. Similarly, as organization���s light up heat maps of currently active threatsa graphical representation of real-time cyber riskintelligent systems can proactively obfuscate network traffic and targets and precisely place
47、attractive decoys along predicted attack path������s to attract and trigger cyber criminals. Eventually, organizations could respond to any counterintelligence efforts before they happen, �����enabling them to maintain a position of superior control. In this area of cybersecurity development, competing against
48、 the deep security resources of large organizations puts cyber criminals at a disadvantage. Threat defenders generally have the lead in this space because ������they have the budgets and dedicated resources needed to implement things at scale. Cyber criminals not only need massive data and compute resourc
49、es to get AI to work for them, which they generally dont have, but they also need to invest years in training an AI so it can produce the results they desire. This is cost-prohibitive for most criminal organizations, which is why even the most advanced cyberattacks can still only leverage the most basic kinds of ML and AI solutions, if at all. However, one class����� of cyber crim������inals already has the resources needed to leverage such playbooks for themselves, which is adversarial nation-states. In their hands, a playbook can be used to modify an attack so that it evades detection, or tip th
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产开发
传统产业
全球化
其它
扫码登录
手机快捷登录
账号登录
