Advanced AI, counter-threat intelligence shifting cybercriminals’ traditional advantages

• Fortinet says organisations need to adopt security strategies that maximise integration, advanced AI, and actionable threat intelligence to proactively protect against modern attacks

Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, today unveiled predictions from the FortiGuard Labs team about the threat landscape for 2020 and beyond. 

Fortinet India SAARC Director System-Engineering Michael Joseph

These predictions reveal methods that Fortinet anticipates cybercriminals will employ in the near future, along with important strategies that will help organisations protect against these oncoming attacks. 

Changing the trajectory of cyberattacks

Cyberattack methodologies have become more sophisticated in recent years magnifying their effectiveness and speed. This trend looks likely to continue unless more organisations make a shift as to how they think about their security strategies. 

With the volume, velocity, and sophistication of today’s global threat landscape, organisations must be able to respond in real time at machine speed to effectively counter aggressive attacks. Advances in artificial intelligence and threat intelligence will be vital in this fight.

The evolution of AI as a system

One of the objectives of developing security-focused artificial intelligence (AI) over time has been to create an adaptive immune system for the network similar to the one in the human body. The first generation of AI was designed to use machine learning models to learn, correlate and then determine a specific course of action. 

The second generation of AI leverages its increasingly sophisticated ability to detect patterns to significantly enhance things like access control by distributing learning nodes across an environment. The third generation of AI is where rather than relying on a central, monolithic processing centre, AI will interconnect its regional learner nodes so that locally collected data can be shared, correlated, and analysed in a more distributed manner. 

Federated machine learning 

In addition to leveraging traditional forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices to local learning nodes. 

By tracking and correlating this real-time information, an AI system will not only be able to generate a more complete view of the threat landscape, but also refine how local systems can respond to local events. 

AI systems will be able to see, correlate, track, and prepare for threats by sharing information across the network. Eventually, a federated learning system will allow data sets to be interconnected so that learning models can adapt to changing environments and event trends and so that an event at one point improves the intelligence of the entire system. 

Cyber adversary sophistication is  not slowing down

Changes in strategy will not go without a response from cyber adversaries. For networks and organisations using sophisticated methods to detect and respond to attacks, the response might be for criminals to attempt to reply with something even stronger. Combined with more sophisticated attack methods, the expanding potential attack surface, and more intelligent, AI-enabled systems, cybercriminal sophistication is not decreasing. 

Swarm technology

Over the past few years, the rise of swarm technology, which can leverage things like machine learning and AI to attack networks and devices has shown new potential. Advances in swarm technology, have powerful implications in the fields of medicine, transportation, engineering, and automated problem solving. However, if used maliciously, it may also be a game changer for adversaries if organisations do not update their security strategies. 

When used by cybercriminals, bot swarms could be used to infiltrate a network, overwhelm internal defences, and efficiently find and extract data. Eventually, specialised bots, armed with specific functions, will be able to share and correlate intelligence gathered in real-time to accelerate a swarm’s ability to select and modify attacks to compromise a target, or even multiple targets simultaneously.

Weaponising 5G and Edge Computing

The advent of 5G may end up being the initial catalyst for the development of functional swarm-based attacks. This could be enabled by the ability to create local, ad hoc networks that can quickly share and process information and applications. 

By weaponising 5G and edge computing, individually exploited devices could become a conduit for malicious code, and groups of compromised devices could work in concert to target victims at 5G speeds. Given the speed, intelligence, and localised nature of such an attack, legacy security technologies could be challenged to effectively fight off such a persistent strategy. 

A change in how cybercriminals use zero-day attacks

Traditionally, finding and developing an exploit for a zero-day vulnerability was expensive, so criminals typically hoard them until their existing portfolio of attacks is neutralised. With the expanding attack surface, an increase in the ease of discovery, and as a result, in the volume of potentially exploitable zero-day vulnerabilities is on the horizon. 

Artificial Intelligence fuzzing and zero-day mining have the ability to exponentially increase the volume of zero-day attacks as well. Security measures will need to be in place to counter this trend.

Commenting on this 2020 predictions, Fortinet India and SAARC Director System Engineering Michael Joseph said: “Much of the success of cyber adversaries has been due to the ability to take advantage of the expanding attack surface and the resulting security gaps due to digital transformation. Most recently, their attack methodologies have become more sophisticated by integrating the precursors of AI and swarm technology. 

“Luckily, this trajectory is about to shift, if more organisations use the same sorts of strategies to defend their networks that criminals are using to target them. This requires a unified approach that is broad, integrated, and automated to enable protection and visibility across network segments as well as various edges, from IoT to dynamic-clouds.”