Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today announced key findings of its latest quarterly Global Threat Landscape Report. The research reveals that cybercriminals are constantly evolving the sophistication of their attacks—from continuing to exploit the vast insecurity of IoT devices, to morphing open source malware tools into new threats.
In Malaysia, Open Redirect vulnerability in Apache Tomcat, Remote Code Execution vulnerability in Microsoft Office Word, JavaScript-based cryptocurrency miners were the most prevalent exploits in Q4 2018. Traditional windows executables based malware, weaponized Microsoft Office files, Android malware were also prevalent to perform malicious activity while top prevalent botnet detected was the resurgent Andromeda, despite it having been taken down by the FBI and Europol’s European Cybercrime centre (EC3) back in 2017.
“The age of Cy-Phy”—the convergence of cybersecurity things and physical spaces—is here. Although the appeal of this convergence to our digital economy is almost sci-fi in terms of imagination, unfortunately the cybersecurity risks are very real. Cybercriminals are closely watching and developing exploits that target this emerging digital convergence,” said Gavin Chow, Fortinet’s Network and Security Strategist. “Fundamental elements of cybersecurity, including visibility, automation, and agile segmentation, are more critical than ever to enable us to thrive in our Cy-Phy digital future, and to protect us against the malicious activities of our cyber adversaries.”
Highlight of Fortinet Threat Landscape Report:
- Exploit Index All-time High. While cyber adversary activity overall subsided slightly, the number of exploits per firm grew 10%, while unique exploits detected increased 5%. At the same time, botnets become more complex and harder to detect. Time for infection of botnets increased by 15%, growing to an average of nearly 12 infection days per firm. As cybercriminals employ automation and machine learning to propagate attacks, security organizations need to do the same to combat these advanced methods.
- Monitor the Monitoring Devices. The convergence of physical things and cybersecurity is creating an expanded attack surface, one that cybercriminals are increasingly targeting. Half of the top 12 global exploits targeted IoT devices, and four of the top 12 were related to IP-enabled cameras. Access to these devices could enable cybercriminals to snoop on private interactions, enact malicious onsite activities, or gain an entry point into cyber systems to launch DDoS or ransomware attacks. It is important to be aware of hidden attacks even in devices we use to monitor or provide security.
- Tools Open to Anyone. Open source malware tools are very beneficial to the cybersecurity community, enabling teams to test defences, researchers to analyse exploits, and instructors to use real-life examples. Cybercriminals are evolving and weaponizing these open source malware tools that are generally available from sharing sites and available for anyone into new threats, with ransomware comprising a significant number of them. For cybercriminals innovation continues to be the land of opportunity.
- Adware Infiltration: Adware is not just a nuisance, it has become a pervasive threat. Globally, adware sits at the top of the list of malware infections for most regions—exceeding one-quarter of all infection types for North America and Oceania, and almost one-quarter for Europe. With adware now found to be in published apps and posted on authorized app stores, this attack type can pose a serious threat especially to unsuspecting mobile device users.
- Keeping an Eye on Operational Technology: With the ongoing convergence of Information Technology (IT) and Operations Technology (OT), a year in review shows the relative change in prevalence and frequency in attacks targeting industrial control systems (ICS). Unfortunately, most attacks gained ground on both scales of volume and prevalence. A cyberattack that successfully targets an OT system, could result in devastating physical consequences to such things as critical infrastructure and services, the environment, and even human life.
The Need for Integrated and Automated Security
“To stay ahead of the ongoing efforts of cybercriminals, organizations need to transform their security strategies as part of their digital transformation efforts. A security fabric is needed to span the entire networked environment from the IoT endpoint to multi-clouds, to integrate each security element to address today’s growing threat environment, and to protect the expanding attack surface,” concluded Chow. Through this approach, actionable threat intelligence can be shared at speed and scale across the entire distributed network, shrink the necessary windows of detection, and provide the automated remediation required for today’s threats.