Fortinet Looks Ahead At The Evolving Cyber Threat In 2016; And, What The Company Did Not Address
The cyber security firm, Fortinet, has just published a White Paper on how the company sees the cyber threat evolving in 2016. They begin by nothing that some 20 billion devices are expected to be connected to the worldwide web in the next fours years alone, forcing individuals and organizations to face an exponentially expanding attack surface, bound to borderless cyberspace. The consequences of falling behind in this [digital] arms race can be catastrophic, and has elevated the discussion of cyber security and the threat to the boardroom. This is a complex scenario — and, complex is not good for security.”
Prediction Number 1) The Rise In Machine-To-Machine Attacks
With the exponential rise in the number of appliances and devices expected to be connected to The Internet of Things (IoT), cyber thieves and foreign and/or, hostile intelligence services will increasingly target these devices — as a means to secure a beachhead into the corporate infrastructure. Fortinet forecasts that:
(1) We will see a rise in the number of attacks that will exploit flaws in trusted machine-to-machine, (M2M) communications protocols:
— Exploits and malware will be developed that target trusted communication protocols and APIs; Bluetooth; RFID, NFC, WiFi;
— Land and Expand tactics will start further away from the defensive core — as lucrative corporate networks implement better cyber defense;
— Hackers will target devices further into their employees’ personal technology ecosystems to establish an initial beachhead;
— Connected medical devices and their host applications are a high-value target as the industry moves to adopt new technologies like
medicine pumps, hospital bed sensors, smart blood pressure cuffs and others;
— Exploits in connected home automation devices like smart TVs, cameras, smart locks, lights, etc., will be used as an entryway into
personal data, and used as a vector to compromise corporate-issued devices;
(2) Headless Worms Target Headless Devices:
— The Morris Worm struck at a time when there were only 60,000 devices connected to the Internet of Things (IoT) and estimates put the
number of devices infected at around 6,000 or 10 percent. This number becomes far more substantial — for popular devices like fitness
trackers that currently have tens of millions of devices sold and in use;
— Fortinet researchers have demonstrated that it is possible to infect headless devices with small amounts of code. Exploits like these could
lead to device-to-device propagation of worms, i.e., smartwatch-to-smartwatch malware, spread through trusted communication protocols;
(3) Jailbreaking The Cloud:
— Cloud and virtualization adoption rates are increasing, making the next big target for hackers looking to extract valuable corporate data and
— Fortinet expects to see malware in the wild that is designed to break out of hypervisors; and, gain access to host systems — in order to
infect wider corporate networks;
— Hackers may attempt to build malware into mobile application downloads for devices like smartphones and tablets — that are used to
remotely access virtual environments and resources;
(4) Ghostware Conceals Indicators Of Compromise:
— New variants of Blastware will persist in targeted attacks, primarily utilized in acts of hacktivism, or state-sponsored cyber crime;
— Ghostware will emerge that can exploit a system or infrastructure — to extricate valuable data — then erase itself, while leaving the host
— Ghostware attacks will enable hackers to cast a wider net for infection; while attempting to avoid identification and attribution for the
(5) Two-Faced Malware:
— New malware will be written that employs multiple code execution paths that are designed to execute a benign process — while under
inspection; and then, execute its malicious process once clear;
— Two-faced malware will be engineered to deliver counter-threat intelligence; and, exploit the ratings systems used by sandboxes and
antivirus solutions. The counter-threat intelligence can enable future variations of malware to bypass advanced security protection
— These malware types will require stronger scrubbing and verification systems — on the security vendor end. This could impact network
performance; and, decrease the rate of adoption for more advanced solutions.
WHAT FORTINET DID NOT ADDRESS
Lots to think about with these 2016 predictions in the cyber realm. Clearly, there is no such thing as a digital Maginot Line; and, even if there were — we all know how that worked out for France. Stealth malware, malware that goes dormant when under surveillance; and/or changes like a chameleon, infected clouds, deceptive clouds, combat clouds, hijack clouds — one is to some degree only limited by one’s imagination. It truly is a digital wilderness of mirrors.
Fortinet did not address encryption and the Dark Web. What nasty surprises will the Dark Web have for us in 2016? Will we be able to develop something akin to a router router that cleans out our pipes at home — in the digital world? Will we ever really know if our systems are ‘clean?’ How are stay-behinds, also know as the gifts that keep on giving — evolve? What about downloading, or stealing information in an encrypted and clandestine mode? And, one must not forget the widespread practice of denial, and deception. How will the field of digital forensic attribution evolve? Will it get ‘easier’ to pin the tail on the donkey?; or, more complicated and difficult? what about the purposeful; but, sophisticated corruption of data?
Fortinet did not address the growing threat of ransomware. Kaspersky Labs, in its 2016 forecast, “expects to see the success of Ransomweare to spread to new frontiers.” “Not only does Kaspersky lab expect Ransomware to gain ground on banking trojans; but, Kaspersky also expects it to transition to other platforms; i.e., cross the rubicon — to not only target Macs; but, also charge ‘Mac prices. Then, in the longer term, there is the likelihood of the IoT ransomware — begging the question, how much would you be willing to regain accesz to your TV programming? Your fridge? Your car?,” Kaspersky asks.
Kaspersky Labs also “expects the trend of cyber ‘guns-for-hire,’ to continue to evolve and grow.” Will we see white-hat cyber mercenaries — i.e., a different version of Anonymous — or cyber militias for hire to ‘fight’ against the bad guys?
Will we see the emergence of lethal, offensive cyber weapons — where the objective is to cause loss of of life? Or, will we see the emergence of a cyber weapon of mass disruption? A Stuxnet on steroids?
What about cyber ‘bomb damage assessment? Can we/have we achieved the ability to conduct elegant, targeted, offensive cyber weapons that do not cause excessive digital collateral damage?
Will 2016 finally see a larger-scale cyber attack here in the U.S. and abroad?
Will the cyber threat to our stand-alone systems become even more profound?
Will the cyber/digital decision tree on when to respond, how, where, why, with what, come to the fore in the strategic realm?
How will cyber tradecraft evolve and mature?
I am sure I left some things out; but, clearly — the cyber threat continues to grow, evolve, and become more threatening. Something’s go to give. V/R, RCP