Industry Trends

Securing Your Environments on the Edge

By Derek Manky | December 29, 2020

As centralized visibility is sacrificed for performance and agility, threats like swarm-based attacks and Edge Access Trojans loom ever larger.

Over the past few years, the traditional network perimeter has been being replaced with multiple edge environments—WAN, multi-cloud, data center, remote worker, IoT, mobile devices, and more—each with their unique risks and vulnerabilities. One of the most significant advantages of this for cybercriminals is that while all of these edges are being interconnected through applications and workflows, there is not always consistent security in place to provide centralized visibility. Centralized visibility and unified controls are sometimes being sacrificed in favor of performance and agility.

As a result, threat actors are shifting significant resources to strategically target and exploit emerging network edge environments. Especially in response to the transition to remote work and education, FortiGuard Labs continues to see attacks targeting home and school networks. And as smart devices begin to control more elements of our lives in the future, successfully compromising these systems could lead to such things as turning off security systems, disabling cameras, and even hijacking smart appliances and holding them for ransom.

But that is just the start. More sophisticated attackers can use compromised home systems as a springboard to other things. Corporate network attacks launched from a remote worker's home network, especially when usage trends are clearly understood, can be carefully coordinated so they don't raise suspicions. Intelligent malware that has access to stored connectivity data can hide much more easily. Advanced malware can also sniff data using new EATs (or Edge Access Trojans) to do things like intercept voice requests off the local network to compromise systems or inject commands. Adding cross-platform capabilities to EAT threats will make EATs even more dangerous as these attacks will be able to hop from device to device.

At the same time, compromised edge devices can be leveraged as machine learning bots, especially those powered by 5G. By leveraging their processing power, cybercriminals can surreptitiously collect and process massive amounts of data to learn more about how and when edge devices are used so they can be more effectively compromised.

Compromising and leveraging 5G-enabled devices will also open up opportunities for emerging advanced threats. Over the last several years, I have been predicting the development and deployment of attacks based on swarm intelligence. Swarm-based attacks will leverage hundreds of thousands of hijacked devices, each divided into subgroups with specialized skills.

These swarms can then target networks or devices as an integrated system, sharing intelligence in real time to refine an attack as it is happening. This will increase the efficiency and effectiveness of their attack.

However, maintaining such swarms will require large amounts of processing power. They will also need to leverage AI-based systems so coordinated attacks can become more efficient and effective at compromising systems and evading detection. For this to happen, AI will need to evolve so it can leverage distributed learning nodes powered by ML. These nodes will need to have local analysis and action capabilities as well as the ability to speak with and update each other. Such advances in AI are already in motion.

In the future, expect to see an increasing number of open-source toolkits designed to help cybercriminals effectively target and compromise edge devices. Creating and maintaining ad-hoc networks of compromised devices by cybercriminals will ensure adequate computing power is available to effectively launch attacks, share intelligence, overcome security systems, and with the addition of AI, avoid countermeasures and detect and overcome defensive strategies.

By weaponizing 5G and edge computing, individually exploited devices could not only become a conduit for malicious code, but groups of compromised devices could work in concert to target victims at 5G speeds. Adding the intelligence provided by connected virtual assistants and similar smart devices means that the speed, intelligence, and localized nature of such an attack may overcome the ability of legacy, disparate security technologies to effectively fight off such a strategy. 

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.