Fortinet has unveiled predictions from the FortiGuard Labs team about the ever-changing threat landscape for 2020 and beyond.
These predictions reveal methods that Fortinet anticipates cybercriminals will employ in the near future, along with important strategies that will help organisations protect against these oncoming attacks.
Changing the trajectory of cyberattacks
Cyberattack methodologies have become more sophisticated in recent years magnifying their effectiveness and speed. This trend looks likely to continue unless more organisations make a shift as to how they think about their security strategies.
* The evolution of AI as a system – One of the objectives of developing security-focused artificial intelligence (AI) over time has been to create an adaptive immune system for the network similar to the one in the human body. The first generation of AI was designed to use machine learning models to learn, correlate and then determine a specific course of action.
* Federated machine learning – In addition to leveraging traditional forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices to local learning nodes.
* Combining AI and playbooks to predict attacks – Investing in AI not only allows organisations to automate tasks, but it can also enable an automated system that can look for and discover attacks, after the fact, and before they occur. Combining machine learning with statistical analysis will allow organisations to develop customised action planning tied to AI to enhance threat detection and response.
* The opportunity in counterintelligence and deception – One of the most critical resources in the world of espionage is counterintelligence, and the same is true when attacking or defending an environment where moves are being carefully monitored. Defenders have a distinct advantage with access to the sorts of threat intelligence that cybercriminals generally do not, which can be augmented with machine learning and AI.
* Tighter integration with law-enforcement – Cybersecurity has unique requirements related to things like privacy and access, while cybercrime has no borders. As a result, law enforcement organisations are not only establishing global command centers but have also begun connecting them to the private sector, so they are one step closer to seeing and responding to cybercriminals in real-time.
Cyber adversary sophistication is not slowing down
Changes in strategy will not go without a response from cyber adversaries. For networks and organisations using sophisticated methods to detect and respond to attacks, the response might be for criminals to attempt to reply with something even stronger.
* Advanced evasion techniques – A recent Fortinet Threat Landscape report demonstrates a rise in the use of advanced evasion techniques designed to prevent detection, disable security functions and devices, and operate under the radar using living off the land (LOTL) strategies by exploiting existing installed software and disguising malicious traffic as legitimate.
* Swarm technology – Over the past few years, the rise of swarm technology, which can leverage things like machine learning and AI to attack networks and devices has shown new potential.
* Weaponising 5G and edge computing – The advent of 5G may end up being the initial catalyst for the development of functional swarm-based attacks. This could be enabled by the ability to create local, ad hoc networks that can quickly share and process information and applications.
* A change in how cybercriminals use zero-day attacks – Traditionally, finding and developing an exploit for a zero-day vulnerability was expensive, so criminals typically hoard them until their existing portfolio of attacks is neutralised.