FortiGuard Labs: A look at emerging threats in 2021

2020 was a year of dramatic change; businesses around the world had to adapt to a new way of working driven by the pandemic, which also saw a slew of significant developments across the cyber threat landscape.

Going into 2021 and beyond, another significant shift is set to happen, with the rise of new intelligent edges, which goes beyond an increasing number of end-users and devices remotely connecting to the network.

FortiGuard Labs’ threat predictions for 2021 examines the strategies it anticipates cyber criminals will leverage in the coming year and beyond.

Firstly, the company says the intelligent edge is a target. Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data centre, remote worker, IOT and others, each with its own set of risks.

For cyber criminals, the advantage is that while all of these edges are interconnected, many organisations have sacrificed centralised visibility and unified control in favour of performance and digital transformation. Bad actors will look to evolve their attacks by targeting these environments and harnessing the speed and scale possibilities 5G will enable.

FortiGuard Labs also believes Trojans will evolve to target the edge. End-users are already a target for attackers, and sophisticated adversaries will use them as a foot in the door of the corporate network. Attacks launched from a remote worker's home can be carefully co-ordinated so as to not raise suspicion.

Eventually, advanced malware could also discover even more valuable data and trends using new edge access Trojans and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.

5G can enable advanced swarm attacks, the company adds. Compromising and leveraging 5G-enabled devices will open the door to more advanced threats. Threat actors are developing and deploying swarm-based attacks, which leverage hijacked devices divided into subgroups, each with specialised skills.

They target networks or devices as an integrated system and share intelligence in real-time to refine their attack as it is happening.

Fortinet says we can also expect social engineering attacks to up their game. Smart devices or other home-based systems that interact with users will not only be targets for attacks, they will be used as conduits for deeper attacks. Leveraging important contextual information about users, including daily routines, habits or financial information, could make social engineering-based attacks more successful.

“Smarter attacks could lead to much more than turning off security systems, disabling cameras or hijacking smart appliances, it could enable the ransoming and extortion of additional data or stealth credential attacks.”

Another trend we can expect next year, is that malefactors will find new ways to leverage ransomware in critical infrastructures. Ransomware is evolving, and IT systems increasingly converge with operational technology systems, particularly critical infrastructure, more data, devices, and lives will be at risk.

“Extortion, defamation and defacement are all tools of the ransomware trade already. Going forward, human lives will be at risk when field devices and sensors at the OT edge, which include critical infrastructures, increasingly become targets of cyber criminals in the field,” the company says

For attackers who want to scale future attacks with ML and AI capabilities, processing power is critical. At some point, by compromising edge devices for their processing power, attackers will have the ability to process vast amounts of data and learn more about how and when edge devices are used.

It could also render crypto-mining more effective. Infected PCs being hijacked for their compute resources are often identified, since CPU usage directly impacts the end-user’s workstation experience, and therefore compromising secondary devices could be much less conspicuous.

Fortinet also says the connectivity of satellite systems and overall telecommunications could be a compelling target for bad actors. As new communication systems scale and begin to rely more on a network of satellite-based systems, attackers could target this convergence and follow in pursuit.

“As a result, compromising satellite base stations and then spreading that malware through satellite-based networks could give attackers the ability to potentially target millions of connected users at scale or inflict DDOS attacks that could impede vital communications.”