Confronting the threat of edge-enabled swarm attacks

The growth of edge threats

The network perimeter has been replaced with multiple edge environments, including LAN, WAN and multi-cloud, each with its own unique risks and vulnerabilities. While all of these edge environments are interconnected, many organizations have sacrificed centralized visibility and unified controls in favor of performance and agility. Consequently, malicious actors are shifting significant resources to target and exploit these edge environments.

Cybercriminals are at a disadvantage when they come up against the deep security resources of large organizations. To succeed, they need to make use of resources lying within easy reach. In this case, that means edge devices.

These edge devices could also be used for machine learning (ML), especially as they are powered by 5G. Cybercriminals will be able to clandestinely process massive amounts of data by compromising edge devices for their processing power. They’ll also gain insights into how and when edge devices are used.

How 5G is giving rise to edge-enabled swarm attacks

In 2019, Fortinet forecasted that the coming of 5G might be the impetus for developing functional swarm-based attacks and these attacks could be enabled by creating local, ad hoc networks that share and process information and applications.

Today, that prediction seems closer to reality than ever. For example, basic 5G coverage — with a 600 MHz spectrum that’s more effective at penetrating buildings and covering long distances — is now available to more than 200 million people in 5,000 cities in the U.S. The much faster millimeter-wave 5G is also being rolled out.

New advances, such as massive multiple-input, multiple-output technology, provide uniformly good service for wireless terminals in high-mobility environments. What’s more, new 5G-enabled smartphones are including a 5G millimeter wave antenna to accelerate adoption.

Cybercriminals haven’t missed the implications or the opportunity for exploitation. Breaching and exploiting 5G-enabled devices will create new opportunities for advanced threats, including the deployment of swarm-based attacks.

Swarms on the horizon

Cybercriminals can use thousands of hijacked devices to create swarm attacks. These attacks target networks or devices as an integrated system, and share intelligence in real time to refine an attack as it takes place. This makes the attack more efficient and effective.

Swarm technologies require processing power to enable individual swarmbots and efficiently share information in a bot swarm. This enables them to rapidly discover, share and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover. Cybercriminals are attempting to pinpoint vulnerabilities or holes that they can actually go and launch a successful attack. Other ways swarm technologies could affect the evolution of cyberattacks includeL

• Pre-programmed swarms that use ML to break into a device or network.
• Perform AI fuzzing to detect Zero-Day exploit points.
• Designed to move laterally across a network to expand the attack surface.
• Ability to evade detection or collect and exfiltrate specific data targets.
• Designed to cross the cyber and physical-device divide to take control of a target’s physical and network resources.
• Enable the launch of more harmful distributed denial-of-service attacks

If cybercriminals weaponize 5G and edge computing, exploited devices could become conduits for malicious code, and groups of compromised devices could work as one to target victims at 5G speeds. Adding the intelligence of connected virtual assistants and similar smart devices means that the speed, intelligence and localized nature of such an attack may overtake the ability of legacy security technologies to fight off such an attack.

Effective countermeasures

To counter the swarmbot threat, organizations need to focus their resources not only on proactive defense, but also on effective incident response. Breaches are inevitable, and protecting the network depends on knowing what to do next to stop an attack in its tracks.

An effective and integrated next-generation AI system offers the best chance to defend networks and respond to attacks quickly. It needs to function similar to the adaptive immune system that protects our bodies from disease, fights off infections that do take hold and makes modifications to fight off those same viruses in the future.

Organizations can’t be expected to do all of this alone. Effective use of threat intelligence is a must. They need to join relevant consortiums and proactively share data and strategies with others in their region or industry. It’s also a good idea to work with vendors who have established close partnerships with public sector institutions, such as law enforcement and education.

AI-driven DevSecOps, including SOAR, will also help organizations effectively battle swarmbots with their limited staff. These elements are part of a comprehensive security framework that acts similar to a beneficial swarmbot with a security-focused hive mind. Swarmbots are a significant threat, but they are not insurmountable if the above recommendations are put in place.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.