Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet, talks to us about the company’s predictions for technology in 2023 and how businesses can stop cyberattacks before they even start.
As we review our threat predictions for 2023 and beyond, a theme emerges more destructive attacks at scale, meaning the risk is increasing. As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponise new technologies at scale to cause greater disruption and destruction. At the same time, they’re spending more time on reconnaissance as they attempt to evade detection, intelligence and controls.
Cyber-risk continues to escalate – and more complex, sophisticated threats increasingly become ubiquitous – which means CISOs must be just as nimble and methodical as the adversaries. Below is a snapshot of the threats we anticipate seeing in the year ahead, what these specific risks mean for CISOs and how to best protect an organisation against emerging threats. Our Threat Landscape Predictions for 2023 report covers all this and more.
Prepare for more advanced persistent cybercrime
Last year, our FortiGuard Labs team predicted a rise in new vulnerabilities and more ‘left hand’ activity, or pre-attack reconnaissance and weaponisation, among attackers that would pave the way to further escalate the growth of Crime-as-a-Service (CaaS).
Our prediction came true. We saw a rise in targeted attacks enabled by the RaaS model and more affiliates launching these calculated attacks. In just the first half of 2022, the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period, with our FortiGuard Labs team documenting 10,666 new ransomware variants in 1H 2022 compared to just 5,400 in 2H 2021. We largely attribute this uptick in new variants to the growth of Ransomware-as-a-Service (RaaS).
CaaS offerings will go mainstream
We anticipate that cybercriminals are just getting started with their pre-attack planning efforts. Given cybercriminals’ success with RaaS, we predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service (MaaS) offerings, we’ll also start to see new criminal solutions – like video and audio deepfakes – and an increase in the sale of access to pre-compromised targets.
For seasoned cybercriminals, creating and selling ‘As-a-Service’ attack portfolios offer a quick, repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. This emerging model would allow cybercriminals of all skill levels to deploy more sophisticated attacks without investing the time and resources to craft their unique plan.
Wipers are already running rampant
We’ve already witnessed the alarming growth in the prevalence of wiper malware this year. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. We have also seen targeted attacks with wipers spill over into the private sector. We anticipate that cybercriminals will increasingly combine wiper technology with various threats to maximise the level of ongoing destruction they can cause.
But it is the commodification of wiperware that is the future concern making it more widely available to the cybercriminal community via CaaS. For example, using wipers in combination with other attack vectors is one of the biggest emerging threats we’re collectively facing as a security community. Wipers can potentially take cyberspace by storm, impacting IT networks across public and private sectors worldwide. And because of the commodification of wipers, these have the potential to impact networks exponentially.
New technologies will open the door to more attacker activity
New technologies undoubtedly offer cybercriminals new opportunities for compromise. And as more Deep Web technologies start to go mainstream, we predict that 2023 will be a significant year for new risks to emerging associated with digital destinations like virtual cities, Web 3.0, Quantum Computing and more.
For example, immersive experiences like virtual cities potentially give rise to stolen digital goods and assets and hacked crypto wallets and biometrics. Web 3.0 – a new, blockchain-based iteration of the Internet that aims to decentralise ownership of the digital economy –is built on the idea that users should control their data. Yet users are often the weakest link regarding security. And while Quantum Computing is promising for public and private sector organisations looking to solve complex problems, these elevated processing capabilities are also attractive to cybercriminals. One possibility is that bad actors may use Quantum Computing to weaponise Artificial Intelligence (AI) in the quest for new zero-day vulnerabilities.
Protect your organisation from emerging threats
While a new list of potential threats to watch for may seem daunting, the good news is that many of the threats we’re observing and predicting are simply an evolution of the techniques we’ve seen threat actors rely on for years. Because most of the tactics, therefore, bad actors use to execute these attacks are familiar, security teams are already in a solid position to protect against these emerging threats.
Luring cybercriminals with deception technology is a helpful way to counter RaaS and CaaS during the reconnaissance phase. Cybersecurity deception coupled with digital risk protection (DRP) services can help you better identify your organisation’s adversaries and stay one step ahead of them.
Looking outside your enterprise for clues about future attack methods will also be more important than ever. DRP services are critical for external threat surface assessments. They can help you find and remediate security issues and gain contextual insights on current and imminent threats before an attack occurs.
Regardless of work-from-anywhere, learning-from-anywhere or immersive experiences-from-anywhere, real-time visibility, protection and mitigation is essential and should be combined with advanced endpoint detection and response (EDR) to enable real-time analysis, protection and remediation.
Whenever possible, enhance security solutions with Machine Learning (ML) and AI so they can detect attack patterns and stop threats in real-time. Using AI-powered inline sandboxing is a great starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.
Organisations will be better positioned to protect against these emerging risks with a cybersecurity platform that’s integrated across networks, endpoints and clouds to enable automated and actionable threat intelligence coupled with advanced behavioural-based detection and response capabilities.