The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network.
This possibility, or set of possibilities, has arisen due to dramatic advances in swarm-based intelligence and technologies. For example, a new methodology was announced by scientists in Hong Kong that uses natural swarm behaviors to control clusters of nano-robots. These micro-swarms can be directed to perform precise structural changes with a high degree of reconfigurability, such as extending, shrinking, splitting and merging.
A potential upshot of these capabilities is the creation of large swarms of intelligent bots—swarmbots—that can operate collaboratively and autonomously. They are composed of clusters of compromised devices with specialized skillsets that can work collectively to solve problems, the commoditization of fuzzing—a process for discovering zero-day vulnerabilities in hardware and software interfaces and applications—and machine learning poisoning: training automated security devices to intentionally overlook certain threats.
Currently, hackers-for-hire build custom exploits for a fee, and even new advances such as ransomware-as-a-service requires black hat engineers to stand up different resources, such as building and testing exploits and managing back-end C2 servers. But when it becomes possible to deliver autonomous, self-learning swarms-as-a-service, the amount of direct interaction between a hacker-customer and a black hat entrepreneur drops dramatically.
Exploits a la Carte
Swarm technology expands attack possibilities in alarming ways. Resources in a swarm network could be allocated or reallocated to address specific challenges encountered in an attack chain. Criminal consumers could preselect different types of swarms to use in a custom attack, such as:
- Pre-programmed swarms that use machine learning to break into a device or network
- That perform AI fuzzing to detect Zero-Day exploit points
- Designed to move laterally across a network to expand the attack surface
- That can evade detection and/or collect and exfiltrate specific data targets
- Designed to cross the cyber/physical device divide to take control of a target’s physical as well as networked resources
This type of advanced technology brings us closer to a world in which swarmbots can overwhelm existing defenses. These swarm networks will raise the bar in terms of the technologies needed to defend organizations.
The digital economy necessitates the interplay of data, applications and workflows within every transaction, device and bit of data – across every aspect of business, government or personal environments. As a result, cybersecurity can no longer be treated as an overlay, after-market IT project.
Instead, security needs to be woven into workflows and network and application development strategies tied to specific business outcomes from the outset. In today’s digital marketplace, ensuring a proactively secured business or service is the linchpin to establishing digital trust and creating value.
To make this a reality, three things need to happen:
- Broad deployment: Security must be deployed broadly and consistently across all ecosystems—which also includes the ability to dynamically adapt as network environments expand or change—to establish a single point of visibility and control.
- Deep integration: Security must be deeply integrated into the extended technology landscape to ensure complete visibility and control—even across multiple networked ecosystems that are constantly in flux—to better correlate data and to detect and even anticipate both known and unknown threats.
- Automation: Security must be automated and integrated across devices and applications so it can respond to threats effectively and in a coordinated fashion at machine speeds.
Swarm technology may be a game changer if organizations don’t change their tactics. The world is in the midst of the most disruptive period of innovation in history—with no sign of slowing down. Organizations need to act now to both stay ahead of bad actors and capture the business advantage that comes to those who don’t wait for someone else to innovate.
(Derek Manky is Chief of Security Insights and Global Threat Alliances at Fortinet. He has more than 15 years of cyber security experience to his work helping customers formulate security strategy.)