Advanced persistent threat methods to enable a new wave of destruction attacks

Getting your Trinity Audio player ready...

• Advanced persistent cybercrime enables a new wave of destructive attacks at scale fuelled by Cybercrime-as-a-Service.
• Wiper malware to cause more harm in 2023.

As cybercrime and advanced persistent threat approaches combine, cybercriminals are discovering ways to weaponize new technologies to cause more disruption and destruction. Both outside and inside traditional network environments, they are not just focusing on the traditional attack surface but also beneath it.

They also devote more time to reconnaissance to avoid detection, intelligence, and controls. This indicates that cyber risk is increasing and that CISOs must be as agile and systematic as their adversaries.

“That’s why we firmly believe that cybercrime will continue to happen. Cybersecurity is a continuous process. Because the attackers always strive to be one step ahead of the curve, it makes things extremely tough for those on the defensive side. Therefore, we must keep up our defensive stance,” said Fortinet Security Strategist Jonas Walker.

At a recent Fortinet Malaysia 2023 Threat Predictions Media Briefing, the company revealed predictions from the FortiGuard Labs global threat intelligence and research team on the cyberthreat landscape for the upcoming year and beyond. 

Security teams will need to be on high alert in 2023 and beyond due to the number, variety, and size of cyber threats, which range from rapidly growing Cybercrime-as-a-Service (CaaS)-fuelled attacks to new exploits on non-traditional targets like edge devices or virtual environments. 

RaaS’s success serves as a preview of what CaaS will entail

Given the popularity of ransomware-as-a-service (RaaS) among cybercriminals, a growing number of additional attack vectors will be made available as a service through the dark web to support a considerable expansion of cybercrime-as-a-service. New a la carte services will appear in addition to selling ransomware and other Malware-as-a-Service products.

For threat actors, CaaS offers an alluring commercial model. With varied skill levels, they can readily benefit from turnkey solutions without spending time and money creating their attack strategy.

Reconnaissance-as-a-Service could make attacks more effective

Future developments in reconnaissance are another way that the organized nature of cybercrime will make it possible for attack techniques to be more successful. Threat actors will probably hire “detectives” on the dark web to acquire information on a specific target before launching an attack as attacks grow more targeted.

Reconnaissance-as-a-Service offerings may provide attack blueprints to include an organization’s security structure, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, among other information, to help a cybercriminal carry out a highly targeted and effective attack. These offerings are similar to the insights one might obtain from hiring a private investigator.

Automating money laundering to create Laundering-as-a-Service

Leaders and affiliate cybercrime programs employ money mules, who are used, knowingly or not, to help with money laundering. Setting up money mule recruitment campaigns has traditionally been time-consuming since cybercriminal leaders go to great lengths to create websites for fictitious organizations and subsequent job listings to make their businesses appear legitimate.

Cybercriminals will soon begin using machine learning (ML) for recruitment targeting, improving how they recognize potential mule recruits and shortening their time to find them. Automated services will take the place of manual money-moving mule campaigns, speeding up and making the process more challenging to track.

The metaverse exposes a whole new attack surface

Virtual cities are some of the first to enter this new augmented reality-powered version of the internet that the metaverse is bringing to the online world.

Walker claims that security is one of the main concerns when discussing the metaverse. The metaverse will only feature more connected devices, which is why this is the case. Thanks to innovations like digital wallets and avatars, even more individuals will be residing in a digital world, which will further expand this metaverse cybersecurity space.

For instance, a person’s avatar essentially serves as a portal to personally identifiable information (PII), making them attractive targets for attackers. Digital wallets, cryptocurrency exchanges, NFTs, and other currencies used for transactions give threat actors a new attack surface because people can buy products and services in virtual cities. Due to the AR and VR-driven elements of virtual cities, biometric hacking may also become a real possibility, making it simpler for cybercriminals to obtain fingerprint mapping, face recognition data, or retina scans and exploit them for malicious reasons.

Wiper malware to cause more harm

Attackers have resurrected the Wiper malware in 2022 by releasing new iterations of this ten-year-old attack method. Its increasing incidence is concerning since it can be the beginning of something more harmful. The danger moving forward is the commoditization of wiper malware for cybercriminals. This goes beyond the reality of threat actors combining a computer worm with wiper malware and even ransomware for maximum impact.

“We saw over seven different wiper malware spreading in 24 nations this year alone in 2022,” added Walker. “Cybercriminals start using these types of wiper technologies and combining them with ransomware because it will put a lot more pressure on people on the defensive side because instead of having a timer that threatens you with having to pay more money, it will start erasing all your data when that timer reaches zero. And that is something that will greatly give them much power.”

When trying to defend against sophisticated ransomware and wiper malware threats, a good start is using AI-powered inline sandboxing. It can guarantee that only safe files will be transmitted to endpoints if integrated with a cybersecurity platform, enabling real-time protection against evolving attacks.

---

---

---

---