Cybercriminals are spreading their wings to explore new opportunities, from new kinds of ransomware to artificial intelligence (AI)-based deep fakes and more. They’re also finding new opportunities in established systems like Linux and operational technology (OT). In the spirit of proactive strategy, let’s look at the eight predictions that are likely to have the biggest impact on networks in the coming year and why they are so important to prepare for.
1: Cybercriminals using deep fakes
Deep fakes have become a concern because they use AI to mimic human activities and can be used to enhance social engineering attacks. The continued commercialization of advanced applications lowers the bar for creating deep fakes. These could eventually lead to real-time impersonations over voice and video applications that cybercriminals could use to pass biometric analysis. That will be a significant challenge for secure forms of authentication like voiceprints or facial recognition.
2: Attacks on enterprise digital wallets
Digital wallets tend to be less secure than wire transfers, so bad actors are increasingly turning their sights on them. Though individual wallets may not equate to a big payoff, the use of these wallets by businesses as currency for online transactions very well could. Consequently, more malware is likely to be designed specifically to target stored credentials and to empty digital wallets.
3: Ransomware becomes more destructive
Because it’s still so lucrative, ransomware will persist. Attackers sometimes combine ransomware with distributed denial-of-service (DDoS) with the intention of overwhelming IT security teams. If they add Wiper malware, it creates added urgency for companies to quickly cave to ransom demands. This type of malware is particularly insidious because it could not only wreck data but destroy systems and hardware — as criminals tried to do at the Olympic Games in Tokyo. It’s only a matter of time until destructive capabilities like Wiper malware are added to ransomware toolkits.
4: Threats from space
As satellite-based internet access continues to grow in the coming year, FortiGuard Labs predicts new proof-of-concept (POC) threats targeting satellite networks. Enterprises that rely on satellite-based connectivity to support low-latency activities — like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines — will be the primary targets. Further attack surface expansion is likely as organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks. Attack types such as ransomware are likely to follow in the wake of this new activity.
5: It’s game on for esports
Esports is a thriving sector that’s likely to surpass $1 billion in revenue this year. This term refers to organized, multiplayer video gaming competitions, often involving professional players and teams. Unfortunately, they’re becoming a more enticing target for malicious actors for two primary reasons. First, esports requires constant connectivity. Second, players are interacting from inconsistently secured home networks or in situations with large amounts of open Wi-Fi access. Because gaming is so interactive in nature, it is also a target for social engineering lures and attacks. Its rate of growth makes online gaming a likely and significant attack target next year.
6: Living on the edge (but not like Aerosmith)
A new kind of threat is arising at the edge. Living-off-the-land attacks effectively use legitimate tools to execute criminal activities. If attackers combine these attacks with Edge-Access Trojans (EATs), they could design new attacks to live off the edge, not just the land, as edge devices become more powerful — which becomes particularly dangerous as these devices offer more native capabilities and more privilege. Edge malware could be designed to monitor edge activities and data and then steal, hijack or even ransom critical systems, applications and information while escaping detection.
7: Critical infrastructure attacks made scalable
Attackers not only create malware for themselves but are now reselling it online as a service. They are expanding their offerings with OT-based attacks, especially as IT and OT continue to converge at the edge. The lucrative practice of holding such systems and critical infrastructure for ransom could result in endangering individuals’ lives — think of a medical center with an ER trying to function with locked computer systems. Attacks on OT systems have historically belonged to more specialized threat actors, but these capabilities are increasingly being included in attack kits available on the dark web. This makes them scalable; they’re available to a much broader set of bad actors.
8: A new target in Linux
Linux runs many back-end computing systems and has not been a primary target for cybercrime — until recently. But new malicious binaries have been detected that target Microsoft’s WSL (Windows Subsystem for Linux). Additionally, botnet malware is being written for Linux platforms. This takes attacks into the core of the network and increases the threats that organizations need to defend against in general. This has implications for OT devices and supply chains in general that run on Linux platforms.
For those with a criminal mindset, opportunities abound. Security professionals can defeat their plans by designing a holistic strategy that abandons technology siloes for an integrated system of defenses. Vital to fighting current and upcoming attacks are tools that can baseline normal operations, spot anomalies and intervene as needed. To withstand what’s ahead in 2022, finding and implementing a fast, automated and adaptive security strategy is the only way forward.