Highly destructive, self-learning 'swarmbots' driven by hivenets will be the threat trend for next year. At least according to Fortinet global security strategist, Derek Manky, speaking at the vendors International Media Conference in Nice this week.
SC Media UK heard Manky predict that botnets will be replaced by these hivenets, intelligent clusters of compromised devices, by the end of 2018. The reasoning is simply that they will be able to create more effective attack vectors, while at the same time reducing both the financial and man hour resource required by threat actors.
"Hivenets will leverage self-learning to target vulnerable systems at an unprecedented scale" Manky warned, explaining that code which is already starting to take on a life of its own in the world of malware will become "more nimble, agile and quick." Manky adds that means it will be able to "exfiltrate data on its own, without the human operator instructing it to do so. What happens then is we get into this true swarm intelligence network."
Take the botnet herder out of the equation, so zombie devices can act without waiting for those commands to be sent, means hivenets have the capability to grow exponentially as swarms. Fortinet predicts that this means the resulting attacks will hit multiple targets simultaneously as well as 'significantly impede' mitigation and response to them.
Javvad Malik, security advocate at AlienVault, told SC Media that while botnets have been around for many years "we've seen capabilities increase" such as with the IoT-powered Mirai for example. "It is likely that as more devices, with greater computing power are connected online" Malik says "the capabilities of these botnets will increase further." That said, he doesn't see them being a 'wholesale change' from botnets as we know them now, but admits it's likely some attacks will evolve in both methodology and complexity.
Ian Trump, chief technology officer at Octopi Research Lab, certainly doesn't consider the Fortinet predictions as being in the realm of fantasy either. "It's not outrageous to assume cyber-criminals will leverage Artificial Intelligence/Machine Learning to build a better botnet" he said, speaking to SC Media UK. That said he does temper the argument by adding "the capacity and capability for AI/ML on compromised IoT devices is very limited."
As far as the enterprise is concerned then, Trump argues that "when the bots are conducting DDOS, Spam or click-fraud it matters not if it's a botnet or a hivenet behind it." Cyber-attacks, no matter how they are created or organised, are still cyber-attacks Trump points out, concluding "getting excited or hysterical about hive mind botnets conjures tremendous marketing and graphics design opportunities for white papers, but it remains to be seen if these hivenets ML will actually be any more effective than simply picking up the phone and asking the payroll department to send the tax forms to an account called [email protected].
Unsurprisingly, Fortinet's consulting system engineer, Simon Bryden, disagrees. "For the enterprise, the mitigation is more difficult than for a traditional attack, because the attack can evolve in real time, detecting protection measures, and communicating , before finding weak spots and vulnerabilities and exploiting them" Bryden says. What's more, Bryden concludes "it will be some time before both the attack and the defence is at the level of sophistication described here, but in order to be ready when the time comes, vendors need to be developing solutions now. The cyber-criminals will waste no time, and neither must we."
