sb-eu logo
Story image

Fortinet cyber threat report paints bleak picture

27 Feb 2020

Fortinet has today announced the findings of its latest Global Threat Landscape Report, which has highlighted the fact that attacks are becoming more nuanced and subtle by the day, as IT infrastructures struggle to keep up.

The report reveals cybercriminals are maximising global economic and political realities to further enable their goal, and detection of threats may differ by geography, but the sophistication of attacks remains consistent throughout the world.

Highlights of the report:

A not so Charming Kitten

An advanced persistent threat (APT) linked with Iran called Charming Kitten has been making waves in Q4, the study finds.

Active since around 2014, the threat actor has been associated with numerous cyberespionage campaigns. 

The threat actor has been linked to attacks on several email accounts associated with a presidential election campaign, indicating a foray into an arena that has become more relevant and recognisable in recent years: election disruption.

Security risks for IoT devices magnify

IoT devices continue to be challenged with exploitable software, according to the study.

This situation is magnified when components and software are embedded into different devices sold under a variety of brand names, sometimes by different vendors. 

Many of these components and software are often programmed using pre-written code.

The combination of common components and pre-written code can mean devices become vulnerable to exploit.

The scale of the issue combined with the inability to easily patch these devices is a growing challenge, and underscores the difficulties of supply chain security. 

Senior threats help junior threats

As new technology breeds new threats and organisations grapple to deal with them, some can be prone to forget that older attack styles can be as destructive as newer ones.

Research shows that if attacks have worked in the past, and continue to work, they will not be retired, and most likely do not have an expiration date.

Trends demonstrate a new perspective on global spam trade

Spam continues to be one of the top issues for organisations and individuals to deal with. 

This quarter’s report combines the volume of spam flow between nations with data showing the ratios of spam sent versus spam received, visually revealing a new perspective on an old problem. 

In addition, in terms of exported spam volumes from geographic regions, Eastern Europe is the largest net producer of spam in the world. 

Tracking the footprints of cybercriminals to see what is next

Looking at IPS triggers detected in a region can indicate what cybercriminals might focus on in the future, the report finds.
Security teams can foresee future moves if enough attacks of the same type in a region were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions. 

Assuming that companies patch their software at about the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC. 

However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find. 

When looking at malware detections, the majority of threats targeting organisations are Visual Basic for Applications (VBA) macros. 

The need for broad, integrated, and automated security

As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected. 

Organisations are also facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning. 

To effectively secure their distributed networks, organisations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications. 

Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire attack surface can secure today’s rapidly evolving networks driven by digital innovation.

Story image
HackerOne launches penetration testing to empower digital transformation
“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster."More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Attivo Networks raises the stakes against 'Ransomware 2.0'
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data."More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Milestone adds XProtect to AWS marketplace
The XProtect product is a video management platform designed for surveillance and security.More
Story image
ExtraHop listed as Representative Vendor in Gartner guide
Gartner’s Market Guide for Network Detection and Response (NDR) has named ExtraHop as a Representative Vendor this year.More