The threat landscape just continues to expand. The challenge going forward for defenders extends far beyond just the rising number of attacks with evolving techniques. We’re also seeing new areas for exploitation – and thus, an even broader attack surface. As we move into 2022, one place we expect to see interest for bad actors is the final frontier: space.
Alien attacks? Not quite. We’re talking about how bad actors will prey on organizations that rely on satellite-based connectivity.
Satellites gaining traction
The satellite internet industry has taken off in the past few years. SpaceX and Amazon are just two of the companies working to build satellite-based networks that consist of thousands of small, individual satellites. In November, SpaceX launched another 53 Starlink high-speed internet satellites into space, marking the company’s 25th launch this year. And it plans to launch a total of 12,000.
Amazon leaders have said the company will invest more than $10 billion to build a network of 3,236 low earth-orbit satellites. Boeing plans another 147 broadband satellites. As these companies increase coverage, they will deliver high-speed broadband communications to consumers wherever they’re located.
Bad actors take notice
Unfortunately, these developments won’t go ignored by cybercriminals. Over the next year, as satellite-based internet access continues to grow, our researchers expect to see new proof-of-concept threats targeting satellite networks. They will target organizations that rely on satellite-based connectivity to support low-latency activities, such as delivering critical services to remote locations or online gaming, as well as cruises and airlines, pipelines and remote field offices.
As organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks, the potential attack surface will further expand.
Potential impact of attacks on satellite connectivity
If attackers could compromise satellite base stations and then spread that malware through satellite-based network, they could acquire the capability to potentially target millions of connected users at scale or inflict DDoS attacks that could hamper vital communications.
There’s the possibility that bad actors will find vulnerabilities in the satellites themselves, but that’s less likely. We expect to see attacks on the low-hanging fruit, which in this case are the connections between Point A and Point B – the base stations. These stations are fixed transceivers that act as the main communication point, sending and receiving wireless signals. Traffic flows to and through them. They are essentially operational technology (OT) environments in super-remote locations, and they will become bigger targets.
We’ve already seen that OT has become a huge vector for bad actors. A cyber disruption on an OT network can impact lives in a way that an IT attack never could. Several of the primary targets for ransomware attackers – automotive, manufacturing, energy and transportation – are OT environments. Threat actors are also increasingly identifying OT vulnerabilities and building them into exploit tools that they sell on the dark web. This makes it much easier for bad actors to find and exploit exposed OT devices.
Time to stay vigilant
As cybercriminals expand their potential methods of attack, we must all remain vigilant. Stay proactive by using detection and automated response solutions and real-time endpoint protection to secure environments. Enterprises also need to adopt network segmentation, encryption, and a zero-trust access approach.
In addition, automated threat detection and AI remain essential to enable organizations to address attacks in real-time and to mitigate attacks at speed and scale across all edges. As these network edges proliferate, organizations will need consistent security and connectivity through SD-WAN to protect the expanding attack surface.
Cybersecurity user awareness training has also become as important as ever. Everyone needs regular instruction on best practices and policies to help keep individual employees and the organization secure. Social engineering attacks, for instance, remain popular because they work; attackers know how to manipulate human psychology. Employees need to stay aware of all current attack types so they can form a strong, consistent front line of defense.
As satellite-based internet access continues to grow, so will attacks against the infrastructure that makes it possible. Organizations that rely on satellite-based connectivity will need to re-assess their security strategy to ensure safeguards are in place to defend against attacks, paying special attention to their OT devices and systems. Continue checking for vulnerabilities and close any security gaps to stay protected against these new threats.
Derek Manky, chief of security insights and global threat alliances, FortiGuard Labs