In the AI-versus-AI cybersecurity landscape, threat actors are innovating fast – and so must cyber-defenders!
How will geopolitical events, generative AI and zero-day brokers be leveraged by threat actors in 2024? And how should we equip ourselves to address the ever-evolving and ever-expanding threat landscape?
CybersecAsia sought out some insights into the latest cyberthreat innovations and what we should do about them, in this Q&A with Derek Manky, VP Threat Intelligence, FortiGuard Labs:
Could you share the latest attack innovation, especially in terms of how cyber attackers are resurrecting old tactics?
Derek Manky (DM): Cyber-attackers are continually reshaping their strategies, and our 2023 threat predictions indicate a significant evolution in familiar tactics. Advanced Persistent Cybercrime (APC) is on the rise, with 30% of MITRE-tracked groups active in the first half of 2023, including prominent ones like Turla, StrongPity, Winnti, OceanLotus, and WildNeutron.
We foresee an increase in APT group activity, expanding beyond the 138 groups identified by MITRE, engaging in both cybercrime and cyber-espionage. Anticipate more stealthy techniques like HTML smuggling, with attackers diversifying targets, moving beyond manufacturing to industries like healthcare, utilities, finance, oil and gas, and transportation.
Edge attacks, predicted to go mainstream, have already manifested, with attackers exploiting Flipper Zero and similar tools for IoT device compromises. The attack chain is expanding, encompassing a wide range of targets and innovative methodologies. Cybercriminals are using modern tools to augment and enhance (resurrect) their old tactics.
How are cyber-attackers leveraging AI and crime-as-a-service to launch attacks more effectively?
DM: Cybercriminals are leveraging AI and CaaS to enhance attack efficacy. AI can be weaponized at every stage, from social engineering detection evasion to creating deepfakes. Predictions suggest new AI applications, including generative profiling (for enhanced social engineering), AI-chained attacks, and AI-powered password spraying. AI poisoning attacks, where malicious actors tamper with AI training data, are on the horizon.
The Cybercrime-as-a-Service market, featuring models like Ransomware-as-a-Service and Initial Broker Access, is flourishing on the dark web. AI’s integration into cybercrime tools enables attackers to work smarter, automate processes, and heighten the frequency of attacks, presenting a formidable challenge for security teams.
Why is it important for organizations to adopt AI-powered security defense?
DM: In the face of evolving AI-driven attacks, organizations must adopt AI-powered security defenses. Fortinet’s Security Fabric offers a unified and automated cybersecurity platform, streamlining defense against AI-driven threats.
AI enables enhanced threat detection, automates defense processes, optimizes human resource allocation, and plays a pivotal role in cybersecurity. Fortinet has a decade-long track record of utilizing ML technologies (current 6th generation) for detecting unknown malware. AI-driven cybersecurity is essential in addressing talent shortages, SOC augmentation, providing continuous risk analysis, and rationalizing spending amid the growing need for cybersecurity professionals.
Cyber-attackers are still actively evolving and searching for both unpatched places and fresh vulnerabilities that will enable them to spread. What are some best practices for organizations to stay vigilant?
DM: As cybercriminals exploit software vulnerabilities, organizations must adopt proactive measures. The rise of zero days and N-days necessitates advanced strategies, including next-generation firewalls, vulnerability scanning, and smart patch management. Organizations can combat zero-day vulnerabilities by implementing a software development life-cycle (SDL) process.
Collaboration, threat intelligence sharing, standardized incident reporting, creating a culture of cyber resilience, and addressing the cybersecurity skills gap are essential steps. Vigilance is crucial, considering the continuous emergence of vulnerabilities and the potential rise of zero-day brokers in the Cybercrime-as-a-Service community.
What can we expect in 2024?
DM: Looking ahead to 2024, we anticipate several emerging threat trends. Ransomware attacks will adopt a “go big or go home” approach, targeting critical industries for more significant societal impact. Zero-day attacks will persist, with the emergence of zero-day brokers selling vulnerabilities on the dark web.
Cybercriminals will increasingly recruit from within target organizations, necessitating a shift in defense strategies. Geopolitical events, aided by generative AI, will become focal points for attacks and disruption. Defenders can gain an advantage by focusing on disrupting the tactics, techniques, and procedures (TTPs) regularly employed by attackers.
Additionally, the expanding 5G landscape presents new opportunities for cybercriminals to compromise critical industries, emphasizing the need for robust cybersecurity measures.
