APAC leads the world in malware and botnet attacks received

Fortinet’s FortiGuard Labs threat research team has released its global threat landscape report covering Q216. "In the period from April 1 to June 30, 2016, participants in the Fortinet Cyber Threat Assessment Program (CTAP) recorded over 185 million threat events and incidents. Many of these security events succeeded in getting past traditional perimeter security defenses and onto the internal network where Fortinet assessment devices were located," noted the authors of the report.

"During the last quarter, we saw major attacks from threat actors using complicated zero-day attacks including Rowhammer that may fundamentally change the way we approach public cloud, and the continuous rise of ransomware."

Key findings include:

1.       Asia Pacific leads all the other regions in the world in the number of malware/botnets detected. APAC is also the region with the highest number of malicious websites visited per day, and the two findings are likely correlated, researchers said.

"APAC generally also has the lowest HTTPS/HTTP ratio, which means that their applications are comparatively less encrypted when moving over the wire. These businesses also utilised the largest amount of bandwidth per day (16.1 GB) and averaged the highest number of social media applications of any region (18)," the report added. 

Source: Fortinet Global Threat Landscape report. Fortinet's Q216 statistics for the security landscape in the Asia Pacific region. In North America, only 026 malicious websites are visited in a day, with the number almost doubling to 0.46 in South America and 0.44 in EMEA.

2.       The data for the Europe, Middle East, and Africa (EMEA) shows that the region did not stand out in any application category with the exception of software-as-a-service (SaaS) applications used. Researchers commented that this may be because EMEA organisations "generally standardise on corporate applications and infrastructure". 

In EMEA, the predominant malware threats by volume were the Conficker botnet (22.36%) followed by the Andromeda botnet (20.03%). The Malware_Generic.P0 virus was the leading malware threat by spread, coming in at 16.36% of all cases recorded.

3.    Email with infected attachments or links leading to malicious content continue to be the primary delivery method of targeting organisations with malware, but attacks are coming in faster. "We have seen an  increase in the volume and velocity of attempted attacks delivered via email," notes the report.

The next most common attack vector was malicious websites containing infected online content accessed via normal Web browsing activities.

Trying to penetrate open source systems appears to be a priority for cybercrimals. "Attacks were not limited to targeting the GNU Bourne Shell. FortiGuard Labs also recorded a large number of attacks against OpenBSD operating systems, as well as attacks against a number of commonly used open source applications and services, such as DNS," stated the report. The Fortinet report authors also shared that organisations have an "extremely difficult time" patching systems that contain vulnerabilities in libraries or auxiliary software, against patching the primary application.

4.       Drilling down to verticals, open source vulnerabilities and Web-based application attacks dominate in the education sector; Remote exploitation and ransomware are the primary modes of attack for financial services firms; attacks around technology OEMs such as Microsoft and Adobe are becoming common in the technology sector; and denial-of-service (DOS) attacks appear often in healthcare providers.

 
Interested?

Download the report (registration required)