South African CISOs are making cyber resilience a top priority again this year, and with good reason: 2022 looks set to be a feeding frenzy for cybercriminals. All indications are that this year could set new records in terms of the volume and ferocity of cyberattacks.
FortiGuard Labs’ predictions for 2022 indicate that cyber attackers will be aggressively targeting fresh victims and attack avenues, with organisations scrambling to defend themselves from attacks on every front. Attacks will be launched on everything from crypto wallets to satellite services, from the core to the edge.
Research by FortiGuard Labs last year showed an almost 11x increase in the number of ransomware attacks between 2020 and 2021, with continued growth expected this year.
But the volume of attacks is not the only thing to be concerned about. Until fairly recently, most cyberattacks have targeted known vulnerabilities, but there are now indications that cybercriminals are redoubling their efforts to find and exploit new vulnerabilities.
As the potential attack surface continues to expand, cybercriminals will be looking to target every possible attack vector, such as new hybrid networks and work environments, remote workers and evolving connectivity options, and new business-critical applications being deployed in the cloud.
Fortiguard Labs predicts new exploits targeting satellite networks over the next year and has begun to see new threats targeting satellite-based networks, such as ICARUS, which is a proof-of-concept DDoS attack that leverages direct global accessibility to satellites to launch attacks from numerous locations.
FortiGuard Labs also sees new edge-based challenges emerging. As edge devices become more powerful, with more native capabilities and more privileges, Fortinet experts expect to see new attacks designed to “live off the edge.” Malware living in these edge environments will use local resources to monitor edge activities and data and then steal, hijack, or even ransom critical systems, applications, and information while avoiding detection.
Given the recent attacks on critical infrastructure, FortiGuard Labs also expects to see more cybercriminals targeting Operational Technology (OT) systems, with the emergence of highly specialised tools that are now being packaged as attack kits on the dark web for this purpose.
FortiGuard Labs also expects to see a spike in new attacks including Linux platforms, expanding the attack surface further, out to the network edge.
Since cybercrime is proving wildly lucrative, with the US Treasury’s Financial Crimes Enforcement Network (FinCEN) reporting nearly $600 million in ransomware payouts in the first half of 2021 alone. The challenge will be compounded by the expanding Crime-as-a-Service market, with new criminal solutions likely to emerge, including phishing and botnets-as-a-service and an increase in the sale of access to pre-compromised targets.
Protecting Your Network
If your network and security tools are not ready to work as an integrated, proactive cybersecurity mesh architecture to protect your organisation from the next generation of threats now, tomorrow may be too late to make the critical changes you need.
A cybersecurity mesh architecture integrates security controls into, and across, widely distributed networks and assets. Together with a Security Fabric approach, organizations can benefit from an integrated security platform that secures all assets on-premises, in the data centre, and in the cloud or at the edge. Defenders will need to plan ahead now by leveraging the power of AI and machine learning (ML) to speed threat prevention, detection, and response. Advanced endpoint technologies like endpoint detection and response (EDR) can help to identify malicious threats based on behaviour. Also, zero-trust network access (ZTNA) will be critical for secure application access to extend protections to mobile workers and learners, while Secure SD-WAN is important to protect evolving WAN edges.
Organisations are also strongly urged to harden their Linux systems and OT environments, including adding tools designed to protect, detect, and respond to threats in real-time. They also need to take a security-first approach when adopting new technologies, whether upgrading Windows systems or adding satellite-based connectivity, to ensure protections are in place before adding them to the network.
In addition, segmentation will remain a foundational strategy to restrict lateral movement of cybercriminals inside a network and to keep breaches restricted to a smaller portion of the network. Actionable and integrated threat intelligence can improve an organization’s ability to defend in real-time as the speed of attacks continues to increase.
Meanwhile, across all sectors and types of organizations, shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts. Aligning forces through collaboration should remain prioritized to disrupt cybercriminal supply chain efforts before they attempt to do the same.