sb-eu logo
Story image

Here’s what the threat landscape currently looks like, according to Fortinet

Cybersecurity software provider Fortinet has published new research that suggest cybercriminals are evolving their attack methods to increase their success rates and to accelerate infections.

The findings come from the vendor’s Global Threat Landscape Report, which draws conclusions based on the collective intelligence of FortiGuard Labs (with data sourced from the company’s global array of sensors) during Q1 2018.

According to Fortinet, while ransomware continues to impact organisations in destructive ways, there are indications that some cybercriminals now prefer hijacking systems and using them for cryptomining rather than holding them for ransom.

Fortinet regional director for A/ NZ Jon McGettigan says, “We face a troubling convergence of trends across the cybersecurity landscape.

“Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximising the accessibility of malware for bad intent.

“In addition, IT and OT teams often don’t have the resources necessary to keep systems appropriately hardened or protected. However, implementing a security fabric which prioritises speed, integration, advanced analytics, and risk-based decision making can enable comprehensive protection at machine speed and scale, McGettigan says.”

Looking specifically towards the A/NZ region, Fortinet A/NZ network and security strategist Jack Chan says trends from previous quarters show no sign of slowing.

“Earlier this year we saw cryptojacking on the rise, and have found another 30% jump in this report,” Chan says.

“We also continue to see certain organisations more susceptible to attack, such as healthcare, education and local government, with specific ransomware, SamSam, targeted towards them. With threats continuing to rise, following best practice and tracking, monitoring, automating patching and applying the necessary security controls is essential for local enterprises.”

Cybercriminals looking to achieve success at speed and scale

Fortinet’s global data indicates that cybercriminals are getting better and more sophisticated in their use of malware and leveraging newly announced zero-day vulnerabilities to attack at speed and scale.

While the number of exploit detections per firm dropped by 13% in Q1 of 2018, the number of unique exploit detections grew by over 11%, and 73% of companies experienced a severe exploit.

Spike in cryptojacking

Fortinet says Malware is evolving and becoming more difficult to prevent and detect.

The prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13% to 28%.

Cryptomining malware is also showing incredible diversity for such a relatively new threat as it continues to grow in the A/NZ region.

Cybercriminals are creating stealthier file-less malware to inject infected code into browsers with less detection.

As well as this, miners are also targeting multiple operating systems as well as different cryptocurrencies, including Bitcoin, Dash, and Monero, despite the drop in cryptocurrency popularity in recent months.

Fortinet says they are also fine-tuning and adopting delivery and propagation techniques from other threats based on what was successful or unsuccessful to improve future success rates.

Targeted attacks

The impact of destructive malware remains high, particularly as criminals combine it with designer attacks on high-profile events, such as the Olympics or Commonwealth Games.

For these types of more targeted attacks, criminals conduct significant reconnaissance on an organisation before launching an attack, which helps them to increase success rates.

Afterwards, once they penetrate the network, attackers spread laterally across the network before triggering the most destructive part of their planned attack.

The Olympic Destroyer malware and the more recent SamSam ransomware are examples of where cybercriminals combined a designer attack with a destructive payload for maximum impact.

Ransomware continues to disrupt

The growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organisations.

Ransomware continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems.

GandCrab is one type of damaging ransomware that emerged in January, with the distinction of being the first ransomware to require Dash cryptocurrency as a payment.

Multiple attack vectors

Although the side channel attacks dubbed Meltdown and Spectre dominated the news headlines during the quarter, Fortinet says some of the top attacks targeted mobile devices or known exploits on router, web or Internet technologies.

21% of organisations reported mobile malware (an increase of 7%)  demonstrating that IoT devices continue to be targeted.

Cybercriminals also continue to recognise the value of exploiting known vulnerabilities that haven’t been patched along with recently discovered zero-days for increased opportunity.

Microsoft continued to be the number one target for exploits, and routers took the number two spot in total attack volume.

Cyber hygiene - more than just patching

Fortinet says when looking at measurements that detail how long botnet infections persist (based on the number of consecutive days in which continued communications are detected) it’s clear that hygiene involves more than just patching.

It is also about cleanup. Data showed that 58.5% of botnet infections are detected and cleaned up the same day, while 17.6% of botnets persist for two days in a row and 7.3% last three days and about 5% persist for more than a week.

As an example, the Andromeda botnet was taken down in Q4 2017 but data from Q1 found it continued to show up prominently in both volume and prevalence.

Attacks against Operational Technology (OT)

While OT attacks are a smaller percentage of the overall attack landscape, Fortinet still says the trends are concerning.

This sector is increasingly becoming connected to the Internet, with serious potential ramifications for security.

Currently, the vast majority of exploit activity is directed against the two most common industrial communication protocols, primarily because they are so widely deployed.

Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More