FortiGuard Labs predicts the convergence of advanced persistent threat methods with cybercrime
"All of this means cyber risk continues to escalate, and that CISOs need to be just as nimble and methodical as the adversary. Organizations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioral-based detection and response capabilities," Derek Manky added.
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, recently unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyberthreat landscape for the next 12 months and beyond. From quickly evolving Cybercrime-as-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyberthreats will keep security teams on high alert in 2023 and beyond. Highlights of the predictions can be found below, but for a more detailed view of the predictions and key takeaways for CISOs, read our blog.
1) Success of RaaS is a preview of what is to come with CaaS
Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of Cybercrime-as-a-Service. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge. CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources up front to craft their own unique attack plan. And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. In addition, threat actors will also begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings and related algorithms more broadly for purchase.
One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organizations offer basic security training programs for employees, organizations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.
2) Reconnaissance-as-a-service models could make attacks more effective
Another aspect of how the organized nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire "detectives" on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization's security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack. Attacks fueled by CaaS models means stopping adversaries earlier during reconnaissance will be important.
Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organizations know the enemy and gain advantage.
3) Money laundering gets a boost from automation to create LaaS
To grow cybercriminal organizations, leaders and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organizations and subsequent job listings to make their businesses seem legitimate. Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organizations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.
Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and to help gain contextual insights on current and imminent threats before an attack takes place.
4) Virtual cities and online worlds are new attack surfaces to fuel cybercrime
The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet driven by augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds. While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory. For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact offer threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the AR and VR-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes. In addition, the applications, protocols, and transactions within these environments are all also possible targets for adversaries.
Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation.
5) Commoditization of wiper malware will enable more destructive attacks
Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming because this could be just the start of something more destructive. Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today. This makes time to detection and the speed at which security teams can remediate paramount.
Using AI-powered inline sandboxing is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.
What these attack trends mean for cybersecurity professionals
The world of cybercrime and the attack methods of cyber adversaries in general continue to scale at great speed. The good news is that many of the tactics they are using to execute these attacks are familiar, which better positions security teams to protect against them. Security solutions should be enhanced with machine learning (ML) and artificial intelligence (AI) so they can detect attack patterns and stop threats in real time. However, a collection of point security solutions is not effective in today’s landscape. A broad, integrated, and automated cybersecurity mesh platform is essential for reducing complexity and increasing security resiliency. It can enable tighter integration, improved visibility, and more rapid, coordinated, and effective response to threats across the network.
See also
Vietnamese firms attend IT, industrial expo in Germany
14:58 | 18/04/2023 Information technology
Import tax exemption to benefit domestic ICT industry
10:34 | 12/04/2023 Information technology
Vietnam, the Netherlands promote exports through digital environment
15:19 | 06/04/2023 Information technology
Ransomware top menace for enterprises in SEA
15:00 | 14/03/2023 Information technology
PM urges basic, comprehensive reform in digital transformation
06:00 | 06/03/2023 Digitalization
Vietnam’s AI leadership status improving
06:00 | 04/03/2023 Information technology
See more news
Managed security provides IT talent gap solution for businesses in SEA
16:34 | 30/01/2023 Information technology
Top 10 ICT developments in 2022
06:00 | 11/01/2023 Information technology
Cybersecurity resilience emerges as top priority for Vietnamese organizations
15:39 | 05/01/2023 Information technology
ETH Vietnam: The first hub for blockchain community to build and learn together
16:23 | 17/11/2022 Information technology
Wolfoo product sets certificated as standard content
16:15 | 01/11/2022 Make in Vietnam
Base.vn received the International Award ASOCIO 2022
18:05 | 31/10/2022 Make in Vietnam
Bkav, Excelpoint provide AIoT platform built on Qualcomm ecosystem
10:01 | 21/10/2022 Make in Vietnam
C.P. Vietnam’s HR digital transformation with SAP® SuccessFactors® Solution
21:18 | 13/05/2022 Digitalization
A “Make in Vietnam” communications programming platform
13:00 | 26/12/2021 Information technology
Vietnamese patents make imprints on international maps
06:00 | 22/05/2021 Digitalization
“Xen Dong” ceremony of Thai ethnic people recognised as national intangible cultural heritage
16:24 | 24/12/2024 Culture
Metro Line 1 serves 150,000 passengers on opening day
15:35 | 24/12/2024 Society
PV GAS reviews maintenance and repair of gas facilities in 2024
15:27 | 24/12/2024 Vietnamese Brands
Removing Vietnam’s logistics bottlenecks
15:13 | 24/12/2024 Economy
Top 10 science and technology highlights in Vietnam in 2024 announced
15:10 | 24/12/2024 Science - Technology
Multimedia
Glorious tradition of the Vietnam People's Army
08:30 | 22/12/2024 Infographic
Total FDI registered in Vietnam hits 31.4 billion USD in January-November
09:02 | 17/12/2024 Infographic
First 11 months of 2024: Import-export turnover increases 15.4%
10:55 | 16/12/2024 Infographic
11-month agro-forestry-fishery exports exceed yearly target
19:55 | 15/12/2024 Infographic
Hanoi achieves or exceeds 23/24 socio-economic targets for 2024
08:57 | 13/12/2024 Infographic
Amended Electricity Law proves MoIT’s institutional improvement success
17:06 | 23/12/2024 Policy
Ministry proposes extending agricultural land tax exemption through 2030
15:06 | 23/12/2024 Policy
Gov't targets to gradually make English second language at schools by 2030
15:45 | 21/12/2024 Policy
Nine newly-adopted laws made public
16:42 | 20/12/2024 Policy
Industry sector asked to urgently restart Ninh Thuan nuclear power project
14:35 | 24/12/2024 Energy
Success story behind 500kV Circuit-3 transmission line project
16:43 | 23/12/2024 Energy
Ministry proposes incentives for renewable energy projects
16:17 | 20/12/2024 Energy
The Era of Advancement for Vietnam Industrial Park
17:15 | 19/12/2024 Industry
Vietnam increasingly attractive to foreign investors
14:17 | 24/12/2024 Investment
Nghe An Southeast Economic Zone aims to attract 1 billion USD in FDI in 2025
12:33 | 21/12/2024 Investment
Boeing aims to expand investment and cooperation in Vietnam’s defense sector
17:00 | 19/12/2024 Investment
Can Tho attracts non-state investment
10:21 | 17/12/2024 Investment
Cashless payment requires biometric data updating from January 1, 2025
10:30 | 24/12/2024 Finance-Banking
Banking sector: Capital flows with no congestion
17:13 | 23/12/2024 Finance-Banking
Year-end surge in property bond issuance amid financial challenges
09:39 | 20/12/2024 Finance-Banking
Vietcombank named most valuable brand in Vietnam
16:43 | 18/12/2024 Finance-Banking
Sowing millions of seeds to green Vietnam’s shared home
15:08 | 24/12/2024 Environment
Dong Thap revives red-crowned crane population
14:29 | 24/12/2024 Environment
Vietnam likely to face continued turbulent weather systems in 2025
14:26 | 19/12/2024 Environment
Nature-based projects help Mekong Delta fight climate change
16:31 | 18/12/2024 Environment
Top 10 science and technology highlights in Vietnam in 2024 announced
15:10 | 24/12/2024 Science - Technology
Contracts worth 286.3 million USD inked at Vietnam Int’l Defence Expo 2024
17:02 | 22/12/2024 Science - Technology
Vietnam can partner with UK in developing nuclear power: Expert
12:43 | 21/12/2024 Science - Technology
Vinaphone launches fastest 5G service in Vietnam
12:38 | 21/12/2024 Science - Technology
Metro Line 1 serves 150,000 passengers on opening day
15:35 | 24/12/2024 Society
Speeding up stopover projects on the eastern North-South Expressway
14:34 | 24/12/2024 Society
30-day free rides on 17 bus routes connected to Metro Line 1
16:14 | 23/12/2024 Society
Bac Ninh: 28 additional 4-star-rated OCOP products
23:24 | 22/12/2024 Society
PV GAS reviews maintenance and repair of gas facilities in 2024
15:27 | 24/12/2024 Vietnamese Brands
Vietnamese products make waves at Malaysia’s halal festival
15:06 | 24/12/2024 Vietnamese Brands
PV GAS, exemplary unit in implementing Petrovietnam’s management plan
14:23 | 24/12/2024 Vietnamese Brands
BCC eyes leader in applying biotechnology in comprehensive healthcare
10:22 | 24/12/2024 Vietnamese Brands
“Xen Dong” ceremony of Thai ethnic people recognised as national intangible cultural heritage
16:24 | 24/12/2024 Culture
Fireworks to light up sky over Hanoi on New Year celebration
15:13 | 23/12/2024 Culture
Vietnam’s high-end fashion targets Chinese market
10:04 | 22/12/2024 Culture
Enduring tradition of Ha Nhi ethnic minority group's costumes
13:14 | 21/12/2024 Culture
Vietnam aims to welcome 22-23 million international visitors in 2025
14:56 | 24/12/2024 Tourism
Vietnam a green, attractive destination
16:30 | 23/12/2024 Tourism
Mekong Delta tourism continues to surge
15:21 | 23/12/2024 Tourism
Ben Thanh-Suoi Tien metro line - catalyst for HCM City's tourism development
15:17 | 23/12/2024 Tourism