More and more attacks on the Internet of Things and new, hard-to-detect types of cyber threats
Experts on. Network security experts from FORTINET’s FortiGuard Labs have made predictions for 2022 on the development of IT threats. The analysis shows that as the number of devices connected to the network increases, cybercriminals will increasingly launch attacks against the Internet of Things and use advanced techniques to evade detection.
At the same time, they will continue to exploit vulnerabilities in server security for monetary gain. Not only the strategic data of companies and government institutions are at risk, but also the personal data of individual users.
What cybercriminals can surprise us with in 2022? Here are the biggest threats:
1. The use of self-destructive hacking tools (ang. blastware)
Next to fake antivirus software (ang. scareware) and ransomware-oriented apps (ang. (ransomware) has emerged as a new type of malware that can infiltrate systems, collect data and then permanently delete stolen information from hard drives and obliterate traces of its activities. In 2022, researchers at FortiGuard Labs found the first software of its kind, Dorkbot/NGRbot. Crackers have stocked their tools with procedures that, in the event of code modification caused the intruder to self-destruct and simultaneously erase all data from the hard drive of a. This is clearly a direct response to the growing popularity of security breach response services. FORTINET predicts that authors of APT-type attacks will develop self-destruct mechanisms that operate on a search-and-destroy basis, making law enforcement’s job seriously more difficult.
Cybercriminals can also use this tactic to extort ransomware, for example, threatening that if a certain amount is not transferred to a given account, the company will lose all its data.
2. Directing suspicion at bystanders
Increased activity by cybercriminals means that law enforcement agencies are increasingly catching the bad guys and bringing them to justice. To avoid arrest, crackers must therefore proceed more cautiously and better prepare their attacks. New advanced detection avoidance techniques will emerge in 2022, allowing attackers to cover their tracks.
So far, avoiding detection has focused on neutralizing antivirus software and systems that prevent intrusions and combat botnets. FORTINET, however, predicts that activities in this field Will focus on avoiding segregated application runtime environments (ang. sandboxes). Attackers will also Direct suspicion at innocent people, supplementing their techniques to evade detection by leaving false traces with the intent of impeding investigations and deliberately casting suspicion on people unrelated to the attack.
3. Transforming the Internet of Things into an “Internet of Threats”
In 2022, we witnessed a focus by criminals on exploiting vulnerabilities in server security – these are Heartbleed and Shellshock vulnerabilities. In 2022, FortiGuard Labs experts expect to further attacks of this type, focused on devices belonging to the Internet of Things. Crackers will continue to move along the line of least resistance, taking advantage of the fact that more and more devices are connecting to the global network. Home automation and private home security systems will be targeted by cybercriminals (alarms, monitoring), as well as webcams. Some of these activities can already be seen now.
From the point of view of Enterprises will invariably be vulnerable to attacks on routers and network storage systems (NAS drives). In addition, sensitive infrastructure components will be at risk, such as human-machine interfaces (HMI, the. Human Machine Interface) or industrial systems (SCADA).
The most commonly distributed and sold malware will be equipped with data acquisition and surveillance features, such as the OPC procedure of the Havex program, which tagged devices used in industrial networks to pass the collected information to cybercriminals.
4. Denial of Revenue attacks and data theft increasingly common
Some are calling 2022 “the year of data theft”. This should come as no surprise to anyone – just think of the high-profile hacks of Target, Michaels, P.F. Chang’s or Home Depot.
FortiGuard Labs specialists predict that this trend will continue in 2022, and crackers will use more advanced techniques and find new vulnerabilities in the systems of stores and financial institutions. In the coming year, malicious activities that use DoS (human-to-machine. Denial of Service) will also include Shutting down production lines, entire factories, ERP/SAP systems, systems used in healthcare facilities and building management systems.
This will add to the problems for businesses and institutions around the world in terms of theft of sensitive consumer data, lost revenue and reputational damage.
5. Testing the undetectability of malicious code by advanced security systems
Criminal sites are already offering malware quality control services. FORTINET predicts that in 2022 their range will be expanded to include Avoiding detection by advanced security systems and eluding detection by IoC indicators (ang. Indicator of Compromise). As research capabilities and services offered by criminal sites expand crackers will use the same type of process to determine the best ways to bypass security features. For example, illegal sites are now able to scan malware for detection by systems from different vendors and report back to criminals on the effectiveness of their tools.
As security vendors move away from simply detecting malware and toward correlating threat information, criminals will be looking for ways to counter new techniques using the same approach – will be analyzing their botnet infrastructures for detectability by solutions from different vendors and were looking for ways to obfuscate the traces of their activities.
How security vendors can respond?
1. Analyzing threats to obtain useful information
Manufacturers of network security solutions are dealing with a flood of information about new threats. Their solutions must be equipped with features that make decisions automatically based on the information gained, and waiting for an administrator’s decision must become a thing of the past. In 2022, security vendors will aim to to maximize the utility of acquired threat information and offer proactive services. They will filter data to select the most relevant ones and notify customers of potential security vulnerabilities and actionable countermeasures even before an attack occurs.
The key to success will be Ability to guarantee operational compliance of various security products and network devices, computers, storage systems and terminal devices. This will create a “self-healing” network similar to software-driven networks (SDN).
2. Proactively responding to detected security breaches
So far, response to detected IT security breaches has been rather reactive. In the future, it will be necessary to Moving towards a proactive response in order to drastically reduce the extent of damage to various businesses and institutions. Choosing independent vendors to provide safer software development by providing response teams for detected product security breaches, as well as conducting extensive threat analysis, will reduce possible intrusion scenarios even before hackers strike.
In 2022 strong two-factor authentication will gain in popularity as a simple and cost-effective proactive method of securing networks and systems, while security breach response services offered by vendors will help their customers survive a possible attack.
FortiGuard Labs has been monitoring and detecting cyber threats for more than a decade. In this way, we guarantee that FORTINET’s customers are properly protected and the IT industry is more aware of the most important threats. Our specialists get under the skin of cybercriminals every day and try to think like them in order to better secure the world against this dangerous enemy. In 2022, we saw a focus on exploiting vulnerabilities in server security – namely Heartbleed and Shellshock vulnerabilities.
In 2022, we expect this trend to continue in an alarming dimension – well, cybercriminals will hit the Internet of Things. As crackers attack new software products and solutions, businesses and institutions are at increased risk. That’s why it’s so important for them to choose not so much a security solution, but a proactive and intelligent one, protecting them from elaborate, advanced attacks that firewalls alone can’t stop – Guillaume Lovet, an analyst for IMPACT, said.
Cybersecurity, head of FORTINET’s European division FortiGuard Labs.