- Fortinet's latest Global Threat Landscape Report* for Q218 reveals that IoT devices in the home are the latest targets for crypotojacking.
- Globally, 96% of firms experienced at least one severe exploit.
- In Asia Pacific, the top exploits follow a similar trend:
Fortinet, a global provider of broad, integrated, and automated cybersecurity solutions, has shared findings from its latest Global Threat Landscape Report. The research reveals cybercriminals are becoming smarter and faster in leveraging exploits to their advantage. They are also maximising their efforts by targeting an expanding attack surface and by using iterative approaches to software development to facilitate better attacks.
The Q218 Threat Landscape Report highlights that of the 103,786 vulnerabilities published on the CVE List (common vulnerabilities and exposures) since it began, 5,898 (5.7%) were exploited in the wild. In the last 30 days across the Asia Pacific (APAC) region, attacks targeting known vulnerabilities in enterprise web systems running Apache Struts (CVE-2017-5638), PHP CGI applications, Oracle WebLogic Server (CVE-2017-10271, CVE-2017-3506) and older IIS 6.0 web servers (CVE-2017-7269) were prevalent in Q218.
This was followed by exploits targeting known vulnerabilities in IoT devices such as D-Link and Zyxel home routers, AVTech IP cameras and MVPower DVRs. Microsoft Office Visual Basic for Applications (VBA) macros in Microsoft Excel documents, malware leveraging on Microsoft Office exploit CVE 2017-11882, Windows-based malware executables and cryptojacking malware continue to be prevalent in the APAC region.
In terms of botnets, the Gh0st.RAT botnet takes the top prevalent spot in Asia Pacific, and Fortinet has seen activity picking up again for this botnet though it has been around for many years. A RAT is a remote administration tool. The Andromeda botnet continues to be prevalent but in a distant second place, even though its infrastructure was already taken down in Q417. Threat actors are constantly looking for easy targets with known vulnerabilities; the mistake of not addressing these vulnerabilities in a timely manner increases the risk of organisations getting compromised.
Highlights of the report include:
No firm is immune
Analysis of critical and high-severity detections demonstrates that 96% of firms experience at least one severe exploit. In addition, nearly a quarter of companies saw cryptojacking malware, and only six malware variants spread to over 10% of all organisations.
FortiGuard Labs also found 30 new zero-day vulnerabilities during the quarter.
Cryptojacking moves to home IoT devices
Mining for cryptocurrency continues, but now on IoT devices, including media devices in the home. The home devices are targeted they are a rich source of computational horsepower which can easily be taken over for malicious purposes.
Attackers are taking advantage of such devices by loading malware that is continually mining because these devices are always on and connected. In addition, the interfaces for these devices are being exploited as modified web browsers, which expands the number of vulnerabilities and exploit vectors cybercriminals can draw on. Segmentation will be increasingly important for devices connected to enterprise networks as this trend continues.
Creative botnet trends
WICKED, a new Mirai botnet variant, added at least three exploits to its arsenal to target unpatched IoT devices. VPNFilter, the advanced nation-state-sponsored attack that targets supervisory control and data acquisition/industrial control systems (SCADA/ICS) environments by monitoring Modbus SCADA protocols, emerged as a significant threat. It is particularly dangerous because it not only performs data exfiltration, but can also render devices completely inoperable, either individually or as a group.
The Anubis variant from the Bankbot family has introduced several innovations. It is capable of performing ransomware, keylogger, RAT functions, SMS text message interception, lock screen, and call forwarding. Keeping tabs of morphing attacks with actionable threat intelligence is thus vital, Fortinet said.
Agile development for malware
Malware authors have long relied on polymorphism - making variations of the same malware that are different enough from each other that none if them will fit the same list of identification criteria - to evade detection.
Recent attack trends show they are turning to agile development practices to make their malware even more difficult to detect and to counter the latest tactics of anti-malware products, Fortinet said.
GandCrab had many new releases this year, and its developers continue to update this malware at a rapid pace. While automation of malware attacks presents new challenges, so does agile development because of the skills and processes to roll out new evading releases of attack methods.
To keep pace with the agile development techniques that cybercriminals are employing, organisations need advanced threat protection and detection capabilities that help them pinpoint these recycled vulnerabilities, Fortinet suggests.
Targeting of vulnerabilities
When exploits were examined in terms of prevalence and volume of related exploit detections, 5.7% of known vulnerabilities were exploited in the wild. If the vast majority of vulnerabilities will not be exploited, organisations should consider taking a more proactive and strategic approach to vulnerability remediation.
Education and government
When comparing application count usage across industries, government use of software-as-a-service (SaaS) applications is 108% higher than the mean and is second to education in the total number of applications used daily - 22.5% and 69% higher than the mean, respectively. The likely cause for the higher usage in these two industry segments is a greater need for a wider diversity of applications. These organisations will require a security approach that breaks down silos between each of these applications, including their multicloud environments, for transparent visibility and security controls, Fortinet said.
The threat data in this quarter’s report once again reinforces many of the prediction trends unveiled by the FortiGuard Labs global research team for 2018. The company says a security fabric that is integrated across the attack surface and between each security element is vital. This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides automated remediation.
Phil Quade, Chief Information Security Officer, Fortinet said, “Cyber adversaries are relentless. Increasingly, they are automating their toolsets and creating variations of known exploits. Of late, they are also more precise in their targeting, relying less on blanket attempts to find exploitable victims.
"Urgently, organisations must pivot their security strategy to address these tactics. Organisations should leverage automated and integrated defenses to address the problems of speed and scale, utilise high-performance behaviour-based detection, and rely on AI-informed threat intelligence insights to focus their efforts on patching vulnerabilities that matter.”
Explore:
Read the Fortinet blog for more information about the research or to access the full threat report.
View the infographic
Sign up for the weekly FortiGuard Threat Intelligence Briefs or the FortiGuard Threat Intelligence service.
*The Fortinet Global Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during Q218. Research data covers global, regional, industry sector, and organisational perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyber attacks affecting organisations over time.
To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to valuable FortiGuard Labs threat research.
- Globally, 96% of firms experienced at least one severe exploit.
- In Asia Pacific, the top exploits follow a similar trend:
- Exploits on known vulnerabilities in enterprise web systems
- Exploits on known vulnerabilities in home Internet of Things (IoT) devices such as Internet routers, IP cameras and digital video recorders
- Exploits on Microsoft Office, Windows-based executables and cryptojacking malware
- In terms of botnets, the Gh0st.RAT botnet takes the top prevalent spot in Asia Pacific, and the Andromeda botnet in second place, even though its infrastructure was already taken down in Q417.
Fortinet, a global provider of broad, integrated, and automated cybersecurity solutions, has shared findings from its latest Global Threat Landscape Report. The research reveals cybercriminals are becoming smarter and faster in leveraging exploits to their advantage. They are also maximising their efforts by targeting an expanding attack surface and by using iterative approaches to software development to facilitate better attacks.
The Q218 Threat Landscape Report highlights that of the 103,786 vulnerabilities published on the CVE List (common vulnerabilities and exposures) since it began, 5,898 (5.7%) were exploited in the wild. In the last 30 days across the Asia Pacific (APAC) region, attacks targeting known vulnerabilities in enterprise web systems running Apache Struts (CVE-2017-5638), PHP CGI applications, Oracle WebLogic Server (CVE-2017-10271, CVE-2017-3506) and older IIS 6.0 web servers (CVE-2017-7269) were prevalent in Q218.
This was followed by exploits targeting known vulnerabilities in IoT devices such as D-Link and Zyxel home routers, AVTech IP cameras and MVPower DVRs. Microsoft Office Visual Basic for Applications (VBA) macros in Microsoft Excel documents, malware leveraging on Microsoft Office exploit CVE 2017-11882, Windows-based malware executables and cryptojacking malware continue to be prevalent in the APAC region.
In terms of botnets, the Gh0st.RAT botnet takes the top prevalent spot in Asia Pacific, and Fortinet has seen activity picking up again for this botnet though it has been around for many years. A RAT is a remote administration tool. The Andromeda botnet continues to be prevalent but in a distant second place, even though its infrastructure was already taken down in Q417. Threat actors are constantly looking for easy targets with known vulnerabilities; the mistake of not addressing these vulnerabilities in a timely manner increases the risk of organisations getting compromised.
Highlights of the report include:
No firm is immune
Analysis of critical and high-severity detections demonstrates that 96% of firms experience at least one severe exploit. In addition, nearly a quarter of companies saw cryptojacking malware, and only six malware variants spread to over 10% of all organisations.
FortiGuard Labs also found 30 new zero-day vulnerabilities during the quarter.
Cryptojacking moves to home IoT devices
Mining for cryptocurrency continues, but now on IoT devices, including media devices in the home. The home devices are targeted they are a rich source of computational horsepower which can easily be taken over for malicious purposes.
Attackers are taking advantage of such devices by loading malware that is continually mining because these devices are always on and connected. In addition, the interfaces for these devices are being exploited as modified web browsers, which expands the number of vulnerabilities and exploit vectors cybercriminals can draw on. Segmentation will be increasingly important for devices connected to enterprise networks as this trend continues.
Creative botnet trends
WICKED, a new Mirai botnet variant, added at least three exploits to its arsenal to target unpatched IoT devices. VPNFilter, the advanced nation-state-sponsored attack that targets supervisory control and data acquisition/industrial control systems (SCADA/ICS) environments by monitoring Modbus SCADA protocols, emerged as a significant threat. It is particularly dangerous because it not only performs data exfiltration, but can also render devices completely inoperable, either individually or as a group.
 |
| Source: Fortinet infographic. Agile development and polymorphism as deployed by cybercriminals can mean that security tools are rendered useless very quickly. |
The Anubis variant from the Bankbot family has introduced several innovations. It is capable of performing ransomware, keylogger, RAT functions, SMS text message interception, lock screen, and call forwarding. Keeping tabs of morphing attacks with actionable threat intelligence is thus vital, Fortinet said.
Agile development for malware
Malware authors have long relied on polymorphism - making variations of the same malware that are different enough from each other that none if them will fit the same list of identification criteria - to evade detection.
Recent attack trends show they are turning to agile development practices to make their malware even more difficult to detect and to counter the latest tactics of anti-malware products, Fortinet said.
GandCrab had many new releases this year, and its developers continue to update this malware at a rapid pace. While automation of malware attacks presents new challenges, so does agile development because of the skills and processes to roll out new evading releases of attack methods.
To keep pace with the agile development techniques that cybercriminals are employing, organisations need advanced threat protection and detection capabilities that help them pinpoint these recycled vulnerabilities, Fortinet suggests.
Targeting of vulnerabilities
When exploits were examined in terms of prevalence and volume of related exploit detections, 5.7% of known vulnerabilities were exploited in the wild. If the vast majority of vulnerabilities will not be exploited, organisations should consider taking a more proactive and strategic approach to vulnerability remediation.
Education and government
When comparing application count usage across industries, government use of software-as-a-service (SaaS) applications is 108% higher than the mean and is second to education in the total number of applications used daily - 22.5% and 69% higher than the mean, respectively. The likely cause for the higher usage in these two industry segments is a greater need for a wider diversity of applications. These organisations will require a security approach that breaks down silos between each of these applications, including their multicloud environments, for transparent visibility and security controls, Fortinet said.
The threat data in this quarter’s report once again reinforces many of the prediction trends unveiled by the FortiGuard Labs global research team for 2018. The company says a security fabric that is integrated across the attack surface and between each security element is vital. This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides automated remediation.
Phil Quade, Chief Information Security Officer, Fortinet said, “Cyber adversaries are relentless. Increasingly, they are automating their toolsets and creating variations of known exploits. Of late, they are also more precise in their targeting, relying less on blanket attempts to find exploitable victims.
"Urgently, organisations must pivot their security strategy to address these tactics. Organisations should leverage automated and integrated defenses to address the problems of speed and scale, utilise high-performance behaviour-based detection, and rely on AI-informed threat intelligence insights to focus their efforts on patching vulnerabilities that matter.”
Explore:
Read the Fortinet blog for more information about the research or to access the full threat report.
View the infographic
Sign up for the weekly FortiGuard Threat Intelligence Briefs or the FortiGuard Threat Intelligence service.
*The Fortinet Global Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during Q218. Research data covers global, regional, industry sector, and organisational perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyber attacks affecting organisations over time.
To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to valuable FortiGuard Labs threat research.
No comments:
Post a Comment