Cyber security is a key area of interest in the past year with the increased frequency of high profile breaches with the onslaught of ransomware (WannaCry) and ransomworm (NotPetya) attacks against governments, corporations and consumers worldwide with attacks increasing in volume and sophistication.
This foreshadow the massive disruptions and impact possible in our near future, resulting in financial losses, disruption of commercial and public services. Cybercriminals are also adopting the latest technologies such as artificial intelligence (AI). Fortinet believes these new cyber threats will be more dangerous and pernicious – becoming more intelligent through self-learning, able to operate autonomously, and increasingly difficult to detect.
As we move into 2018, Fortinet predicts several destructive trends that will impact states, businesses and critical infrastructures:
Smarter threats will target IoT and cloud-connected devices
The proliferation of online devices accessing personal and financial information, and the growing connection and interconnection of everything – from Internet of Things (IoT) devices and critical infrastructure in homes and offices to the rise of smart cities – will create new disruptive opportunities for cybercriminals.
By 2020, over 20 billion IoT devices will go online, compared to a billion PCs. As the number of IoT devices grows, one of the weak links lies in the millions of remote devices that is being accessed via the cloud. If the cloud-based environments are not adequately secured to effectively prevent attacks, it could radically affect their migration to the cloud and unravel their plans to go digital.
Ransom of commercial services is big business
The threat magnitude of ransomware has already grown 35 times over the last year among other types of attacks. The next big target is likely to be the ransom of commercial services or attacks targeted at cloud service providers where hackers see as the next target, given their large number of end-users information that can be exploited.
A single point of failure within the service provider’s network can have a devastating impact for businesses, government entities and critical infrastructures, regardless of it being on premise or on the cloud. Cybercriminals will seize the opportunity to utilize AI technologies along with advanced cyber-attack methods to scan for, detect, and exploit weaknesses in the service provider’s environment.
Critical infrastructure to the forefront:
In the face of growing and more sophisticated cyber threats, the networks of critical infrastructure and service providers are becoming high value targets. With new technology trends and consumption habits, these providers are forced to digitally transform themselves to adapt and meet the demands of new-age consumers. This is driving the critical of an advanced security solutions to deliver the expected prevent, detection and mitigation of these advanced attacks and threats, avoiding of massive financial losses or in the worst possible case, loss of human lives.
In 2017, the entire National Health Services (NHS) in the United Kingdom, for instance, was crippled by the WannaCry ransomware that affected all their systems including telephones and forced the cancellation of all surgeries and medical appointments. Over 300,000 computers globally were impacted by the same ransomware virus, spread just by e-mail.
The cybercrime economy will use automation to offer new services
We are also witnessing the propagation of ‘crime-as-a-service’ offerings using new automation technology.
Advanced services are already being offered on Cybercriminal market place (such as The Dark Web), leveraging on machine learning (where computers learn without being programmed). For example, a service known as FUD (Fully Undetectable) allows criminal developers to upload attack code and malware to an analysis service for a fee, ensuring that it cannot be detected by certain anti-viruses when a scan is performed. We will see more machine learning used to modify code on the fly, based on how and what has been detected to quickly evolve these cybercrime tools, making it undetectable to even the most advanced of security tools.
As we move towards a digital economy in 2018, more connected devices are being woven into an increasingly complex ecosystem that businesses and individuals are becoming more dependent on. This leads to a rise in the number of attacks that are designed to target and exploit this phenomenon. We are now witnessing the new generation of these attacks; with much more sophisticated tools and automated exploits.
The digital economy is transforming how we conduct business with change moving at an unprecedented pace. Slamming the brakes during is critical transition can be devastating.
For more information, visit Fortinet's website.