Cyber criminals using a growing number of Olympics lures to trap victims

· The report cites increased threat activity in Brazil and explains why it deserves special attention ahead of the Rio Olympics.

· Identifies the top phishing countries, as well as top malware, botnets, and exploit kits found around the globe.

· Illustrates the trending of a sophisticated method to help attackers persist inside systems they have breached called “behaviour blending.” 

Fortinet, the global player in high-performance cyber security solutions, has identified the top phishing countries, as well as top malware, botnets, and exploit kits found around the globe in its FortiGuard Labs cyber threat landscape global report. The risk and threat implications contained in the report are illustrated using FortiGuard’s threat data*, research and analysis. FortiGuard Labs uses data collected from more than two million sensors around the globe to protect more than 280,000 customers every day.

Findings include:

· The volume of malicious and phishing artifacts (domain names and URLs) in Brazil is on the rise. In June, Brazil’s percentage increase was higher in three of four categories in Fortinet’s report when compared with the global percentage increase. The highest percentage growth was in the malicious URL category at 83% compared to 16% for the rest of the world.

· As the 2016 Rio Olympics approaches, the history of these increased attacks will undoubtedly continue and FortiGuard Labs is already seeing indicators of repeat techniques such as domain lookalikes for payment fraud and malicious websites or URLs targeting event and government officials.

· Cyberattacks during the Olympic games are not new. Fortinet FortiGuard Labs research has found a spike of attacks focused on the Olympics beginning as far back as the 2004 Summer Olympics in Greece.

Classics repackaged
Fortinet FortiGuard Labs research is also seeing a return of old threats and attack vectors, and the continued persistence of classic attacks, such as Conficker and ransomware, but through updated variants. Fortinet’s telemetry data and research indicate that the two most common delivery methods are phishing emails and malicious websites.

Behaviour blending
A new advanced threat technique called behaviour blending is trending. Over the past three months Fortinet has noticed a sophisticated method in use to help attackers persist inside systems they have breached. The technique allows criminals to blend in on a compromised network. For example, on a corporate network, the attacker may take on the behaviour of an employee to avoid detection. Given this evasion technique has a lot of potential for thwarting detection, Fortinet expects to see more of it as it is refined and new tools are developed to better mimic the behaviour of a credentialed target.

Phishing
The volume of global phishing activity remains high with a 76% increase from April to June based on FortiGuard Labs’ phishing domains and URL threat data. This grew 11% from May to June. Additional email phishing takeaways include increased activity from Tokelau in the Pacific with the top four country code domains in Q216 being Brazil, Columbia, Russia and India.

Additionally, domain lookalikes - which capture visits through typos - are still very active (e.g. nefflix vs netflix). Lastly, FortiGuard also observed a number of large financial institutions’ names included as part of the phish­ing domains and URLs.

Exploit kits
There has been an uptick in the use of JavaScript-based Exploit Kits with malicious URLs to deliver ransomware mostly as first-stage downloader payloads. A shift is in play currently from Angler to Fiesta and Neutrino which both show up consistently in FortiGuard’s top 10 exploit kits globally.

Malware
The JS/Nemucod family has been the dominant malware family globally in the last three months. This family is currently the most active ransomware downloader, with overall ransomware attacks significantly on the rise.

Data exfiltration - Botnet indicators
FortiGuard’s threat telemetry shows botnet activity and chatter on the rise, with ransomware botnet activity from Locky and Cryptowall as the notable names in the top 10.

Said Ladi Adefala, Senior Security Strategist, Fortinet: “The expanding attack surface enabled by technology innovation, new IoT devices, regulatory pressures, and a global shortage of cybersecurity talent continue to drive cyber threats. All of these elements combined with global political events add more complexity to the situation and complexity is the enemy of security. Simply deploying security point solutions end-to-end is not enough. Organisations need to adopt a security fabric that will enable direct communication between solutions for a unified and rapid response to advanced threats.”

Interested?

Read more about the report or download it (PDF)

*The threat data used in the analysis is based on a subset of telemetry data for the months of April, May and June 2016.