New Cyber Threats: An Expert Review of Key Trends

By CISO Collective Editorial | February 15, 2022

A glimpse into the future is always helpful for busy CISOs to plan ahead. For this purpose, FortiGuard Labs published threat predictions this past November about the threat landscape coming up in 2022 and beyond. We’re barely into the year and some of the trends are starting to become reality. Derek Manky and Aamir Lakhani from the global threat research and intelligence team provide some perspective about what they are seeing to date while tracking the evolving threat landscape to help CISOs look ahead.

Key Takeaways About New Cybersecurity Threats

Our experts had a lot of fascinating takeaways regarding emerging cyber threats. Here’s a quick overview of what they identified:

If you’d like more detail on each threat – and how to best confront them – keep reading.

FortiGuard Labs published forward-looking threat landscape predictions, are you seeing them come to fruition yet?

Derek: Yes indeed. As much as I would hate to be wrong in this situation - unfortunately, I am not. In fact, we already see escalations in several of the areas we called out. For example, we are seeing a rise in threats targeting crypto wallets, with new malware designed to target stored crypto credentials and drain digital wallets. Part of the reason is that more and more of these tools are being sold as services on dark web sites. Redline—an info-stealer malware that targets crypto wallets—is being sold on cyber-crime sites for $150 a month or $800 for a lifetime subscription. BHUNT is another malware detected in the wild. But instead of being sold as a service, it is being delivered through pirated software installs. It is designed to steal the crypto wallet contents, passwords, and security phrases loaded onto their computer. And because it is delivered as digitally signed software, many security tools do not detect it as malware.

Aamir: We are also already seeing a rise in destructive ransomware. The latest version of a ransomware variant called Chaos has wiper-like abilities that target and destroy files up to 2 MB in size. It also deletes shadow copies and backups and disables windows recovery mode, making recovery impossible.

Another interesting area you identified was esports. Why do you think this is such an enticing target for cybercriminals?

Derek: Esports are organized, multiplayer video gaming competitions, often involving professional players and teams. It is a booming industry that is on track to surpass $1 billion in revenue this year. Given the number of people participating in any given event, an esports attack has the potential to be very high profile. Esports are an inviting target for cybercriminals, whether by using DDoS attacks, ransomware, financial and transactional theft, or social engineering attacks since they require constant connectivity and are often played out of inconsistently secured home networks or in situations with large amounts of open Wi-Fi access. DDoS combined with ransomware slows down a platform’s ability to stay open, and providers may only have a few minutes to pay a ransom to keep their game online. We will also likely see attacks against games. Subtly influencing the outcome of a game to exploit odds can potentially result in a significant payoff.

Do you think virtual worlds like the metaverse pose a cyber risk?

Derek: Any new digital ecosystem presents an opportunity for cyber threat risk, but there are a few reasons why users should remain careful about this new “universe.” First, it is a fresh platform, so it is likely to attract a lot of cyber criminals looking to exploit whatever security gaps it could have. And because it is a crossroads for people and technology, we are likely to see a lot of social engineering attacks looking to take advantage of novice users. It is also a highly interactive environment where individuals not only interact with each other but with objects, some of them highly complex and each with their own unique procedures and code. Complexity can lead to security risks or flaws. This naturally creates plenty of opportunities for exploitation. And in such an environment, where does the security go, and what does it look like? And how does it keep up with a highly scalable environment streaming massive amounts of data with which millions of users interact? When we combine business practices with the future of a metaverse, all sorts of current attack examples could apply. Think spear phishing attacks, hijacking of transactions with vendor interactions, identity theft, ransom, or extortion.  And adding to the problem further is that people are people, which means they tend to let their guard down when dealing with something fresh and new.

Of course, robbing individuals is far too small-time for many criminals. But these worlds also blend the business and personal so I think we are also likely to see it as a new attack vector, where cyber criminals will try to use personal information and data to gain access to corporate resources. The opportunity to leverage exploited individuals and stolen personal data as a launchpad into corporate networks will be too much for cyber-criminal organizations to resist.

Aamir: Personally, I currently see the metaverse as more hype than a full reality right now, but I do think we are not too far from seeing that change in the near future. The metaverse reminds me of immersive experiences we had around the video game Second Life years ago which I think of as the beginnings of what one day might be the metaverse. Attackers targeted game players on the Second Life platform when they found a way to exploit a QuickTime plugin to weaponize media files embedded in Second Life objects. As soon as someone visited a piece of land containing that compromised embedded object, they got ‘owned.’ The metaverse will include millions of similar objects, though far more sophisticated and complex, and they will be in a perpetual state of being developed, embedded, circulated, and updated. 

The metaverse promises us to be able to work, live, and play in a vast variety of environments and it also could mean an unlimited attack surface for malicious actors.