Fortinet warns of increased attacks on IoT systems
December 3, 2015
Malicious tactics and strategies will create unique challenges for IoT and cloud vendors and organisations alike next year, according to predictions from FortiGuard Labs, the threat research division of California-based cybersecurity company Fortinet.
FortiGuard also predicts the emergence of increasingly sophisticated evasion techniques that will push the boundaries of detection and forensic investigation as hackers face increasing pressure from law enforcement.
“FortiGuard Labs was formed over a decade ago to monitor and detect the latest threats, zero days, and emerging malware to provide the best possible protection for our customers,” said Derek Manky, global security strategist for Fortinet. “We leverage our incredible visibility into the global threat landscape to develop actionable threat intelligence, allowing us to respond quickly to new threats.”
Several troublesome proofs of concept made headlines in 2015 demonstrating the vulnerability of IoT devices. In 2016, though, the company expects to see further development of exploits and malware that target trusted communications protocols between these devices. Researchers anticipate that the IoT will become central to land-and-expand attacks in which hackers will take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect.
While worms and viruses have been costly and damaging in the past, the potential for harm when they can propagate among millions or billions of devices from wearables to medical hardware is orders of magnitude greater. The researchers and others have already demonstrated that it is possible to infect headless devices with small amounts of code that can propagate and persist. Worms and viruses that can propagate from device to device are definitely on the radar.
The Venom vulnerability that surfaced this year gave a hint about the potential for malware to escape from a hypervisor and access the host operating system in a virtualised environment. Growing reliance on virtualisation and both private and hybrid clouds will make these kinds of attacks even more fruitful for cybercriminals. At the same time, because so many apps access cloud-based systems, mobile devices running compromised apps can potentially provide a vector for remotely attacking public and private clouds and corporate networks to which they are connected.
Rombertik garnered significant attention in 2015 as one of the first major pieces of blastware in the wild. But while blastware is designed to destroy or disable a system when it is detected (and FortiGuard predicts the continued use of this type of malware), ghostware is designed to erase the indicators of compromise that many security systems are designed to detect. Thus, it can be very difficult for organisations to track the extent of data loss associated with an attack.
Many organisations have turned to sandboxing to detect hidden or unknown malware by observing the behaviour of suspicious files at runtime. Two-faced malware, though, behaves normally while under inspection and then delivers a malicious payload once it has been passed by the sandbox. This can prove quite challenging to detect but can also interfere with threat intelligence mechanisms that rely on sandbox rating systems.
Each of these trends represents a significant and novel challenge for both organisations deploying security systems and for vendors developing them.
Ken Xie, Fortinet founder and CEO, added: “As we look ahead at the threats associated with our increasing connectedness and the proliferation of new devices, Fortinet is committed to delivering uncompromising security and further enhancing our solutions to meet both the current and future needs of our customers.”