Cybersecurity solutions provider Fortinet, through its Fortiguard Labs global research team, predicts the emergence of very destructive and self-learning “Swarm” cyber attacks in 2018, as cybercriminals adopt the latest advances in Artificial Intelligence (AI), Machine Learning and Internet of Things (IoT) to create more effective attacks.
The growth in the production and use of online devices coupled with the increasing connection of everything – from IoT devices and critical infrastructure to the rise of smart cities – offered new opportunities for cybercriminals to employ new threats or attacks and exploit new vulnerabilities.
Nap Castillo, regional pre-sales consultant at Fortinet, said hackers will leverage self-learning on latest technologies including Artificial Intelligence, Internet of Things and even Internet of Everything to support their attacks and even come up with more destructive cyberattacks.
Castillo said one of the predictions is that botnets with intelligent clusters of vulnerable devices or hivenets will create more effective attack vectors. Hivenets will leverage self-learning in targeting compromised devices at an unprecedented scale so they can talk to each other and take action based on local intelligence that is shared. As a result, hivenets will be able to grow exponentially as swarms, allowing them to widen their ability to simultaneously attack multiple victims and significantly impede mitigation and response. Adversaries will use swarms of compromised devices, or swarmbots to identify and target different attack vectors all at once enabling enormous speed and scale. FortiGuard Labs recorded 2.9-billion botnet communications attempts all in one quarter this year, adding some context to the severity of what hivenets and swarmbots could cause.
Cloud service providers and other commercial services having a goal of creating revenue streams are predicted to be likely the next big target of ramsonware. The complex, hyperconnected networks that cloud providers have developed can produce a single point of failure for hundreds of businesses, government entities, critical infrastructure, and healthcare organizations. Cybercriminals, as predicted, will begin to combine AI technologies with multi-vector attack methods to scan for, detect, and exploit weaknesses in a cloud provider’s environment. The impact of such attacks could create a massive payday for a criminal organization and disrupt service for potentially hundreds or thousands of businesses and tens of thousands or even millions of their customers.
Next-generation polymorphic malware that are created by machines based on automated vulnerability detection and complex data analysis is coming soon, if not next year. The morphic malware will take on a new face by leveraging AI to create sophisticated new code that can learn to evade detection through machine written routines. This malware is able to use learning models to evade security, and can produce more than a million virus variations in a day. The increased automation of malware will only make this situation more urgent in the coming year.
Critical infrastructure providers continue to be on the top of the list in terms of risk because they are strategic and state-sponsored, according to Castillo. They run high-value networks but are notoriously fragile as they were designed to be air-gapped and isolated. Due to these networks and the potential for devastating results should they be compromised or knocked offline, these providers are finding themselves in an arms race with cybercriminals which put them in a difficult situation.
The Dark Web is expected to evolve, offering new services as Crime-as-a-Service organizations use new automation technology for their offerings. There are advanced services being offered on Dark Web marketplaces that leverage Machine Learning. An example of these services is the FUD (Fully Undetectable) which allows criminal developers to upload attack code and malware to an analysis service for a fee. Afterwards, a report as to whether security tools from different vendors are able to detect it will be received.
As cybercriminals are taking advantage of latest technologies to create effective attacks, Fortinet is addressing this issue by integrating its security technologies to boost security across networks and into the cloud. This effort is called Fortinet Security Fabric which integrates network and security technologies into a single architecture to provide actionable threat intelligence, security to different networks, and configurable security fabric. Fortinet’s security product portfolio includes threat protection, cloud security, app security, enterprise firewall, and secure access.