Helping CISOs Prepare for the 2021 Threat Landscape

By Editorial Team | November 19, 2020

In an era of constant innovation, it is important to be constantly aware of the impact that new technology has on the threat landscape. While IoT devices and multi-cloud environments have proven beneficial, especially in times of increased remote work, CISOs must also understand the risks that such solutions pose to their employees and to their organization. 

To assist in this process, the FortiGuard Labs team analyzes and tracks top technology trends. Over time, trends come to light that help cybersecurity professionals predict emerging threats to cybersecurity. Over the past 20 years, Fortinet’s team of security researchers has found that while certain aspects of cyberattacks continue to evolve, such as new malware or targeting new elements of the network, the underlying attack patterns, criminal behaviors, and end goals have typically remained the same. 

By mapping these predictable behaviors against technology trends, the FortiGuard Labs team is positioned to help organizations better prepare themselves for the cyber threats of tomorrow, including such things as device compromises, exploitation strategies, social engineering attacks, and others. 

Cyberthreat Predictions for 2021

In recent years, the team’s predictions have addressed issues such as the evolution of ransomware, attacks targeting converged technologies, and the weaponization of machine learning (ML) and artificial intelligence (AI). However, while some of these threats have already come and gone, others are only just starting to make an impact.  

Below are insights from the latest report, “Cyber Threat Predictions for 2021: An Annual Perspective by FortiGuard Labs,” along with next steps for CISOs to protect their networks and employees in the coming year. 

Cybercriminals Will Continue to Target Edge Environments

As digital innovation, the expansion of the network, evolving corporate strategies, and the growing reliance on business applications continue to accelerate, the traditional network perimeter has been replaced by multiple edge environments—each with their own unique set of risks. Cybercriminals are fully aware of these vulnerabilities, as well as the fact that for far too many organizations, a full security strategy often lags behind network expansion. They also know that organizations often sacrifice security to maximize agility and enhance performance between these interconnected edges. This lack of adequate security measures has led threat actors to allocate significant resources towards targeting and exploiting new edge environments, especially the home office branch and remote workers.

Of course, security professionals are not surprised by the impact that increased telework has had across enterprise networks. In addition to seeing spikes in attacks targeting new remote workers and vulnerable systems and devices, the FortiGuard Labs team has also begun to see attacks targeting home networks and the smart devices that collect and store information about their users. By compromising these edge devices, cybercriminals are able to access valuable information. And increasingly, these attacks are the result of successful—and increasingly sophisticated—social engineering attacks that target and exploit undertrained remote workers operating outside the traditional network boundary. 

And while cybercriminals may be at a disadvantage when competing against the deep security resources of large enterprises, they understand that by compromising edge devices—many of which are becoming powered by 5G—they can learn more about how and when these devices are used, and importantly, what they are used for. With this information, professional criminals are able to fly under the radar to launch attacks before the security team has had the time to implement an edge computing strategy. Through the weaponization of 5G and edge computing—and the subsequent deployment of swarm-based attacks—cybercriminals are able to easily target victims while fending off most of the lackluster solutions attempting to fight their attacks.

Combining AI and Playbooks to Anticipate Threats

As cyberattacks grow more advanced, CISOs should understand the role AI can play in helping their organizations stay a step ahead of their cyber adversaries. In addition to enabling an automated system that can detect threats and attacks before they occur, AI can also be used to document the behaviors of cyber-criminal activity in detail, resulting playbooks that can help identify an attack, anticipate an attacker’s next moves, and circumvent their threat before they can complete their mission or achieve their objectives. As AI and ML systems gain a greater foothold in networks, their ability to build out such playbooks is not far from reality. In fact, basic playbooks using schemes like the MITRE ATT&CK framework to standardize behaviors and methodologies are already being used by various threat research organizations, including FortiGuard Labs. 

Once information from these playbooks is added to an AI learning system and augmented through trained ML systems, networks can automatically see trends, anticipate an attack, and respond to threats even before they begin. Given the amount of time and resources it takes to implement these tactics at scale, most cybercriminals—except for nation-state actors—are at a serious disadvantage for the first time in a long time. But such an advantage is not likely to last for long. Leveraging networks of compromised devices (primarily advanced edge-based devices powered by 5G) may enable some criminals to approximate the computing power of corporate networks. These resources can be used to process massive amounts of data. And if they get their hands on an AI-based playbook, use their contents against their target. Once such networks are in place, we anticipate that they will be made available as a darknet service in an effort to catch up in the cyber arms race. Unless securing edge devices and new Smart Edge platforms and networks is made a priority, this will leave organizations struggling to stay ahead, even with playbooks on their side. 

The Increasing Sophistication of Ransomware 

One of the most likely outcomes of this will be the continued evolution of ransomware, making it one of the most dangerous and damaging threats facing organizations today. In addition to encrypting data and systems, cybercriminals are now posting data on public servers and threatening to expose organizational leaders unless a ransom is paid, moving extortion and defacement to the digital realm. And while there are now organizations appearing on the darknet with a business model of negotiating ransoms to save victims money, the benefits of this are short-term. And at the end of the day, the bad guy will almost always get a payday, which will only reinforce their criminal behavior. 

And because of all of this, the threat of ransomware is expected to escalate—with even more potentially devastating outcomes as networked systems increasingly intersect with critical infrastructure systems, thereby putting more data, devices, and even human lives at risk. To maximize the impact of ransomware attacks, cybercriminals will especially depend on their ability to leverage—and exploit—edge devices and other systems. Edge networks built using vulnerable devices will enable threat actors to deploy ML to detect vulnerabilities in complex systems, develop AI-enhanced malware to launch sophisticated attacks, and by approximating the computing power of larger networks, coordinate multiple attack elements at once, such as those needed to manage swarm-based attacks.  

The Continued Development of Swarm Intelligence

Inspired by the collective behavior of biological systems such as ants, bees, or flocks of birds, swarm intelligence is being developed by industry to tackle such tasks as efficiently exploring a new environment by collecting, aggregating, and correlating data in real time, rapidly assembling complex devices, optimizing complex problems such as vehicle routing, or tightly coordinating flight maneuvers of a squadron of military jets. 

As this technology matures, the opportunities for malicious use are endless. The notorious Ant Colony Optimization attack achieved large scale control of distributed entities (where centralized supports are scarce) using simple cooperating and coordinating entities. The biggest barrier to entry, however, once swarm algorithms are perfected, is the computational power needed for each member of the swarm to see and coordinate with other elements of the system. Clearly AI and ML will play a critical role in this process. The implications from a security defense perspective is ominous. Through the use of bot-based swarms, for example, cybercriminals should be able quickly overwhelm network defenses and extract critical data before they are even detected.

The cyber wars of the future will occur in milliseconds, meaning the primary role of humans will be to ensure that their security systems have been fed enough intelligence to not only counter attacks in real-time but also anticipate such attacks so that they do not happen in the first place. To defend their networks against these increasingly sophisticated, and eventually, AI-enabled attacks, security teams must look to adopt AI-enhanced technologies of their own designed to see, anticipate, and counter such threats. 

Satellite-Based Systems Present New Opportunities for Threat Actors

Security implemented after the fact is never as effective as if it were to be interwoven in the fabric of a new network or solution right from the start. This is especially important to remember as our reliance on data and internet links enabled through advanced satellite-based systems continues to grow. And while satellite security concerns have traditionally been nominal because they are extremely remote, this may no longer be enough as satellite-based networks proliferate. By compromising satellite base stations and spreading malware through these networks, attackers potentially gain the ability to potentially target millions of users.  

Furthermore, as computing power advances, pushing encrypted traffic across satellite networks will no longer be a strong enough defense method. As complex systems, including those connected to critical infrastructures, grow more reliant on such networks, it also opens the door for cybercriminals to expand their attack methods. Such attacks will likely start with such tactics distributed denial-of-service (DDoS) attacks, but as communication through satellite systems becomes more common, CISOs should expect more advanced attacks to follow. 

Looking Ahead to the Role of Quantum Computing 

The 2020 FortiGuard Labs Threat Predictions report highlights several important concerns, but perhaps the most forward-looking involves quantum computing. Quantum computers are specifically designed to process data at much faster speeds than today’s computers, using a different method to represent and compute information. While access to quantum computers is beyond the scope of traditional cyber criminals, one of the biggest concerns is the use of such systems by nation-states to break cryptographic keys and algorithms. Experts now expect quantum computers to break elliptical curve cryptography by 2027, and governments everywhere are developing cyber strategies to address such a threat.

With this in mind, organizations, like their government counterparts, will need to adopt quantum-resistant computing algorithms wherever cryptography is used to “sign” and protect the integrity of information as soon as they become available. And given the escalating arms race, they will need to make “security agility” part of their operational security doctrine. This will mean ensuring that security solutions can not only seamlessly transition to quantum-resistant asymmetric cryptographic algorithms and quantum key exchange systems but be able to update them without impacting underlying systems or exposing data encrypted using older, outdated systems. This begins by working now to meet new standards, such as those currently being developed by the National Institute of Standards and Technology (NIST).

What’s Next for CISOs?

The threat landscape will only grow more advanced as time goes by, meaning that it is no longer a matter of if an organization will be a target of a cyberattack, but instead a matter of when. Which is why, in addition to establishing a proactive and forward-looking defense strategy, CISOs also need to solidify their plans for effective incident response and business continuity. The use of an integrated AI system will enable a security team to defend their networks and respond to attacks before they can leave a mark. 

But even with the right technology in place, organizations cannot be expected to fend off the full range of modern attacks on their own. To effectively protect their networks, they will also need to:

  • Subscribe to threat intelligence feeds
  • Join relevant consortiums
  • Proactively share data and strategies with others in their region or industry

In addition, organizations must also work with vendors who have established partnerships with public sector institutions, including education and law enforcement. Such public-private sector alliances help raise the bar for the detection, response, and prosecution of criminal behavior. And organizations must also play an active role in educating their employees and others to not only engage in safe cyber behaviors, but possibly even consider a career in cybersecurity, helping to close the skills gap while protecting others along the way.

Because cybercriminals do not respect political borders, law enforcement organizations have built global command centers closely tied to the public sector, helping them see and respond to cybercrime in real-time. By weaving similar threat intelligence into their security resources and enabling team members to stay abreast of the latest updates, CISOs can build and deploy more effective playbooks that will not only help their own organizations, but by being a good neighbor, also help protect others that could be affected by certain threats.

Final Thoughts on Cyberthreat Predictions for 2021

What this latest round of predictions highlights is the fact that cybercriminals will only grow more advanced in their attack methods. During such a time of rapid evolution, it is up to CISOs to stay up to date on the latest threat intelligence as well as understand how the new technologies and network operations their organizations adopt to improve efficiency could have a lasting impact on cybersecurity. By monitoring the threat landscape, partnering with the right vendors, and establishing valuable alliances, these security leaders can better protect their employees while also helping the industry as a whole stay ahead of modern threats.