FortiGuard Labs predicts the latest cybercrime trends for 2023.
Cyber criminals have a whole new bag of tricks leading into 2023, says Glenn Maiden of Fortinet.
He says, every year, FortiGuard Labs looks at emerging trends and works out where threats will evolve.
“Sometimes it’s something quite tactical and short-term; other times it’s more speculative,” says Maiden, the director of FortiGuard Labs, a threat intelligence and research organisation.
FortiGuard Labs provides Fortinet customers with the industry’s leading threat intelligence, designed to protect firms against malicious activity and sophisticated cyberattacks.
It’s composed of some of the industry’s most knowledgeable threat hunters, researchers, analysts, engineers and data scientists, working in dedicated threat research labs worldwide.
The FortiGuard Labs team predicts these attack trends will emerge in 2023.
Ransomware with wiper malware
Two threats turn into one with this new trend.
FortiGuard Labs expects a big increase in wiper malware that’s combined with ransomware attacks. This is a vicious new combination of attacks where criminals are looking to extort payments from their victims.
Wiper malware lets cyber criminals delete data and cripple critical systems, such as operational technology (OT) or manufacturing equipment and servers, unless their ransom demand is met.
Cyber criminals will increasingly combine threats to maximise the level of ongoing destruction they can cause,” says Maiden.
For example, combining a computer ‘worm’ with wiper malware makes it easier for the malware to replicate quickly and spread more widely.
Maiden says: “Ransomware capabilities evolving into a wiper type of destructive malware could be deployed by a hostile nation state or even by a terrorist.
“There are already instances where wiper malware has been used extensively against critical infrastructure.
“It’s difficult to combat ransomware, because there’s no way to reverse the damage and, even if presented with a ransom demand, there’s no way to decrypt or recover data.
“Given the right vulnerability, this could cause massive destruction very quickly so the speed at which security teams can remediate, is paramount.
“It’s almost certain this type of attack will spread to other countries and other purposes by other threat actors. It’s now critical that organisations shorten the time needed to detect and respond to any unauthorised activity.”
‘Cybercrime-as-a-Service’
As well as the sale of ransomware and other Malware-as-a-Service (MaaS) offerings, new criminal solutions will start to emerge, predicts FortiGuard Labs.
A growing number of attack vectors will be made available ‘as-a-Service’, and we’ll see an increase in the selling of data access to pre-compromised targets through the dark web.
This emerging model would let cyber criminals of any skill levels deploy more sophisticated attacks without needing to invest time or resources upfront into craft their own attack plan.
Glenn Maiden says, “The cybercrime ecosystem has evolved and matured for more than a decade, and malicious capabilities and services have been categorised, specialised and industrialised for maximum output and effectiveness.
“Services like Initial Access Brokers have emerged, which let ransomware campaigns affect the target without directly penetrating the victims’ systems.
“Some of the recent high-profile breaches in New Zealand and Australia were enabled by the purchase of system credentials from one of the victims’ IT administrators.
“For seasoned cyber criminals, creating and selling as-a-Service attack portfolios offers a simple, quick and repeatable pay day.”
Deepfakes and impersonation
Cyber criminals will also start using emerging attack vectors, such as deepfakes, to target high-profile celebrities, officials and influencers with a strong digital presence, says FortiGuard Labs.
Cyber criminals will be offered videos, audio recordings and related algorithms more broadly for purchase, letting them impersonate others and lure unsuspecting fans into taking an action, such as ‘buying products that don’t actually exist.
In addition to deepfakes, Reconnaissance-as-a-Service is likely to increase in popularity, enabling cyber criminals to hire ‘detectives’ on the dark web to gather intelligence on a particular target before launching the attack.
Glenn Maiden says, “These services would help develop attack blueprints to include perimeter and vulnerability information, such as an organisation’s security schema, key security personnel, the number of servers they have, known external vulnerabilities and even compromised credentials for sale.
“It could also include other sensitive information such as staff members and their possible interests and avenues for social engineering, key areas of company strength that could be targeted for theft of intellectual property or critical systems for a targeted ransomware operation.”
Despite the growing and evolving threat landscape, there are proven ways to protect against cyber criminal, says Maiden. There has been a spate of recent high-profile cyberattacks, so 2023 is the year to focus on cyber safety.
How to protect yourself
There are several best practices organisations should use to reduce the impact of wiper malware:
- Have backups available and use inline ‘sandboxing’ to protect against ransomware and wiper malware, so only benign files will be delivered to a business’ endpoints.
- Malware often actively searches for backups, such as Windows Shadow Copy, to destroy on a machine or the network. To survive sophisticated attacks, businesses should think about storing backups offsite and offline.
- Proper network segmentation is also helpful – if an attack occurs, segmentation can help contain an incident to just one part of the network.
- Businesses should have disaster recovery and incident response plans in place, because this often means the difference between successfully averting data loss and complete data destruction.
- As always, system patches must be kept up to date. Most successful attacks target vulnerabilities for which a patch is readily available, so firms should use good cyber hygiene practices.
Protect against deepfakes
Web filtering, antivirus software and endpoint detection and response (EDR) technology all have a role to play in protecting an organisation against the weaponisation of artificial intelligence (AI).
However, one of the most effective defence methods for preventing AI-related attacks is education in cybersecurity awareness.
Many organisations offer basic security training programs for employees, but enterprises should consider adding new modules to provide education on spotting AI-focused threats.
For example, a session on deepfakes might offer tips for identifying deepfake videos, such as unnatural eye movement, a lack of blinking, inconsistent facial positions and more.
Glenn Maiden said, “The team has experimented with and been amazed by the capabilities of the ChatGPT AI-based tool.
“Attackers will likely leverage AI-enabled services to significantly improve phishing lures, from mimicking quality writing to deepfake assets designed to be basically impossible to distinguish from reality.
“Organisations must be proactive and invest in training to help further fortify their defences.”
He said Fortinet provides the world’s largest enterprises, service providers and government organisations with a comprehensive portfolio of interconnected solutions to solve their cybersecurity challenges: the Fortinet Security Fabric.
“Fortinet helps organisations create a cyber-aware workforce with the Fortinet Security Awareness and Training service.”
Keep up to date with the FortiGuard Labs Outbreak Alerts and Threat Intelligence Information here.