FortiGuard predicts rise in advanced threat methods
New research from FortiGuard Labs has predicted the convergence of advanced persistent threat methods with cybercrime and how they will enable a new wave of destructive attacks at scale fuelled by Cybercrime-as-a-Service.
Derek Manky, Chief Security Strategist and VP Global Threat intelligence, FortiGuard Labs, says that those involved in perpetrating cybercrime are adapting to new trends and going beneath traditional attack surfaces. He says organisations need to be aware of the changes to get ahead.
"As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponise new technologies at scale to enable more disruption and destruction. They are not just targeting the traditional attack surface but also beneath it, meaning both outside and inside traditional network environments," he says.
"At the same time, they are spending more time on reconnaissance to attempt to evade detection, intelligence, and controls. All of this means cyber risk continues to escalate, and that CISOs need to be just as nimble and methodical as the adversary.
"Organisations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioural-based detection and response capabilities."
According to the research, evolving Cybercrime-as-a-Service (CaaS)-fuelled attacks and new exploits on non-traditional targets like edge devices or online worlds are increasing, and the volume, variety, and scale of cyber threats will keep security teams on high alert in 2023 and beyond.
The report highlights that the success of Ransomware-as-a-Service (RaaS) is a preview of what is to come with CaaS.
"Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of CaaS. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge," the report highlights.
Reconnaissance-as-a-Service models could also make attacks more effective. As attacks become more targeted, the report notes that threat actors will likely hire "detectives" on the dark web to gather intelligence on a particular target before launching an attack.
"Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organisation's security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack."
Money laundering will also get a boost from automation to create Money Laundering-as-a-Service (LaaS).
"Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organisations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds."
It is said that the metaverse will also play a role in increasing cyber risk.
The metaverse is giving rise to new, fully immersive experiences in the online world. Virtual cities are some of the first locations to delve into this new version of the internet that is driven by augmented reality technologies.
"While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory."
Commoditisation of wiper malware is also predicted to enable more destructive attacks.
Wiper malware has seen a significant comeback in 2022, with attackers introducing new variants of the decade-old attack method.
According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe.
"Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organised nature of cybercrime today."