· More than two-thirds of firms experienced high or critical exploits in Q217. Ninety percent of organisations recorded exploits for vulnerabilities that were three or more years old.
· Organisations allowing a large amount of peer-to-peer (P2P) applications report seven times as many botnets and malware as those that do not allow P2P applications.
· Nearly 44% of all exploit attempts occurred on either Saturday or Sunday.
· While good for Internet privacy and security, encrypted Web traffic also presents a challenge to many defensive tools as they then have poor visibility into encrypted communications.
Fortinet, the global player in high-performance cybersecurity solutions, today announced the findings of its latest Global Threat Landscape Report. The research reveals that globally, as well as in Asia Pacific, poor cybersecurity hygiene and risky application usage enables destructive worm-like attacks to take advantage of hot exploits at record speed. Adversaries are spending less time developing ways to break in, and instead are focusing on leveraging automated and intent-based tools to infiltrate with more impact to business continuity.
Phil Quade, Chief Information Security Officer, Fortinet said, “The technology innovation that powers our digital economy creates opportunity for good and bad in cybersecurity. Yet, something we don’t talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene.
"Cybercriminals aren’t breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities. This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal’.”
Research highlights include:
Effective cyber hygiene is critical
Effective cyber hygiene is critical
Crime-as-a-service infrastructure and autonomous attack tools enable adversaries to easily operate on a global scale. Threats like WannaCry were remarkable for how fast they spread and for their ability to target a wide range of industries. Yet, they could have been largely prevented if more organisations practiced consistent cyber hygiene. Unfortunately, adversaries are still seeing a lot of success in using hot exploits for their attacks that have not been patched or updated. To complicate matters more, once a particular threat is automated, attackers are no longer limited to targeting specific industries, therefore, their impact and leverage only increases over time.
Ransomworms on the rise
Both WannaCry and NotPetya targeted a vulnerability that only had a patch available for a couple of months. Organisations who were spared from these attacks tended to have one of two things in common. They had either deployed security tools that had been updated to detect attacks targeting this vulnerability, and/or they applied the patch when it became available. Prior to WannaCry and NotPetya, network worms had taken a hiatus over the last decade.
Critical-severity attacks
Critical-severity attacks
More than two-thirds of firms experienced high or critical exploits in Q217. Ninety percent of organisations recorded exploits for vulnerabilities that were three or more years old. Even 10 or more years after a flaw’s release, 60% of firms still experienced related attacks. Q2 data overall quantified 184 billion total exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts.
Active during downtime
Active during downtime
Automated threats do not take weekends or nights off. Nearly 44% of all exploit attempts occurred on either Saturday or Sunday. The average daily volume on weekends was twice that of weekdays.
Fortinet identifies business-questionable software usage and the vulnerable IoT devices of hyperconnected networks as a potential risk because they are not being consistently managed, updated, or replaced. In addition, while good for Internet privacy and security, the company says that encrypted Web traffic presents a challenge to many defensive tools as they would have poor visibility into encrypted communications.
Application usage: Risky applications create risk vectors, which open the door for threats. Organisations allowing a large number of peer-to-peer (P2P) applications report seven times as many botnets and malware as those that don’t allow P2P applications. Similarly, organisations allowing a lot of proxy applications report almost nine times as many botnets and malware as those that do not allow proxy applications. Surprisingly, there was no evidence that higher usage of cloud-based or social media applications leads to increased numbers of malware and botnet infections.
Sector analysis: The education sector led in nearly every measure of infrastructure and application usage when grouped by element type and industry. The energy sector exhibited the most conservative approach with all others falling in between.
IoT devices: Almost one in five organisations reported malware targeting mobile devices. IoT devices continue to present a challenge because they do not have the level of control, visibility, and protection that traditional systems receive.
Encrypted web traffic: Data shows the second straight record high this quarter for encrypted communications on the web. The percentage of HTTPS traffic increased over HTTP to 57%. This continues to be an important trend because threats are known to use encrypted communications for cover.
Fortinet identifies business-questionable software usage and the vulnerable IoT devices of hyperconnected networks as a potential risk because they are not being consistently managed, updated, or replaced. In addition, while good for Internet privacy and security, the company says that encrypted Web traffic presents a challenge to many defensive tools as they would have poor visibility into encrypted communications.
Application usage: Risky applications create risk vectors, which open the door for threats. Organisations allowing a large number of peer-to-peer (P2P) applications report seven times as many botnets and malware as those that don’t allow P2P applications. Similarly, organisations allowing a lot of proxy applications report almost nine times as many botnets and malware as those that do not allow proxy applications. Surprisingly, there was no evidence that higher usage of cloud-based or social media applications leads to increased numbers of malware and botnet infections.
Sector analysis: The education sector led in nearly every measure of infrastructure and application usage when grouped by element type and industry. The energy sector exhibited the most conservative approach with all others falling in between.
IoT devices: Almost one in five organisations reported malware targeting mobile devices. IoT devices continue to present a challenge because they do not have the level of control, visibility, and protection that traditional systems receive.
Encrypted web traffic: Data shows the second straight record high this quarter for encrypted communications on the web. The percentage of HTTPS traffic increased over HTTP to 57%. This continues to be an important trend because threats are known to use encrypted communications for cover.
 |
| Source: Fortinet infographic. Risky apps lead to infections. As the education sector uses more apps in general its attack surface is larger, leading to more risky apps being found. |
Interested?
Read the blog post for more in depth information about the research
*The Fortinet Global Threat Landscape report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s network devices and sensors within production environments during Q217. Research data covers global, regional, industry sector, and organisational perspectives. It also focuses on three central and complementary aspects of the threat landscape: application exploits, malicious software, and botnets. In addition, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to that week’s most valuable Fortinet research.
No comments:
Post a Comment