InfoSec Insider

Defending the Intelligent Edge from Evolving Attacks

Fortinet’s Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs).

Cybercriminals keep their fingers on the pulse of potential new attack vectors at all times, looking for their next opportunity. They are currently moving significant resources to target and exploit emerging network-edge environments, such as the cloud and remote workers, rather than just targeting the core network. Safeguarding these new environments, including new technologies and converging systems, is more challenging than it may seem.

The transition to remote work, for example, isn’t just about more end-users and devices remotely connecting to the network. While we have seen an expected spike in attacks targeting novice remote workers and vulnerable devices to gain network access, we are also beginning to see new attacks targeting connected home networks.

By some accounts, home-office networks are now 3.5 times more likely than corporate networks to be infected by malware. Many of the attacks against home networks focused on exploiting older, more vulnerable devices such as home routers and entertainment systems. But there are also new efforts underway targeting smart systems connected to the home environment that tie multiple devices and systems together.

Why Target the Intelligent Edge?

In the last several years, the traditional network perimeter has been replaced with multiple edge environments – data center, WAN, multi-cloud, IoT, remote workers and more – each with its unique risks. Bad actors have the advantage here in that while all of these edges are interconnected, many organizations have prioritized performance and digital transformation over centralized visibility and unified control.

Cybercriminals can use home networks as a way into corporate networks. Attackers can compromise end users and their home resources through the exploitation of the detailed information that connected devices gather and store. More sophisticated attackers use these devices and that information as a launch pad to other attack types. Corporate network attacks launched from a remote worker’s home network, especially when usage trends are clearly understood, can be carefully coordinated so they don’t sound an alarm. Intelligent malware that has access to stored connectivity data can much more easily hide.

The Rise of EATs and Advanced Attacks

That is just the beginning of what’s now possible. Advanced malware can sniff data using new edge access trojans (EATs) to perform tasks such as intercepting voice requests off the local network to compromise systems or inject commands. Adding cross-platform capabilities to EAT threats through the use of a programming language like Go will make EATs even more dangerous, as these attacks will be able to hop from device to device regardless of the underlying OS.

How to Combat these Threats

Organizations can fight back by enabling blue teams. IT security teams can feed cybercriminal tactics, techniques and procedures (TTPs) – such as threat actor playbooks – researched by threat intelligence teams, to AI systems to enable the detection of attack patterns. Likewise, as organizations light up heatmaps of currently active threats, intelligent systems will be able to proactively obscure network targets and place attractive decoys along attack paths.

Organizations can’t fight against all these threats alone, however. When an attack occurs, they need to know who to inform so that the “fingerprints” can be properly shared and law enforcement can do its work. Threat research organizations, cybersecurity vendors and other industry groups need to partner to share information, but they also need to partner with law enforcement to help dismantle adversarial infrastructures to stop future attacks. Cybercriminals have no borders online, so the fight against cybercrime must go beyond borders, too. Only by working together will these partnerships turn the tide against cybercriminals.

Eventually, organizations could respond to any counterintelligence efforts before they happen, enabling blue teams to maintain a position of superior control. This kind of training gives security team members the ability to improve their skills while locking down the network.

Not to sound like a broken record, but the importance of cyber hygiene cannot be overstated. When organizations focus on training and awareness, employees are equipped to perform basic security tasks such as identifying suspicious behaviors, updating devices and practicing good cyber hygiene across teams. After that, it is crucial that organizations invest in the right systems and solutions – from VPNs to anti-malware software and encryption technologies – that enable clear visibility and granular control across the entire threat landscape. As the saying goes, complexity is the enemy of security. The best response to an increasingly complicated and highly dynamic digital world, then, is to go back to the basics. And that starts with cyber hygiene.

Dynamic Change is Needed

Cybercriminal focus has shifted from the core network to its furthest reaches – mainly, to the home networks of remote workers. Advanced malware like EATs makes detection and mitigation very difficult. Fortunately, organizations have many resources and tactics available to them to defeat these new attacks. Use the best practices listed above to enhance your cybersecurity strategy and protect your intelligent edge.

Aamir Lakhani is a cybersecurity researcher and practitioner for Fortinet’s FortiGuard Labs.

Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting past contributions.

Suggested articles

Cyberattackers Put the Pedal to the Medal: Podcast

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.