FortiGuard Labs Reports Cyber Adversaries Are Exploiting the Global Pandemic

fortinet

Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, today announced the findings of the latest semi-annual FortiGuard Labs Global Threat Landscape Report.

FortiGuard Labs threat intelligence from the first half of 2020 demonstrates the dramatic scale at which cybercriminals and nation-state actors leveraged a global pandemic as an opportunity to implement a variety of cyberattacks around the world. The adaptability of adversaries enabled waves of attacks targeting the fear and uncertainty in current events as well as the sudden abundance of remote workers outside the corporate network, which quickly expanded the digital attack surface overnight.

Although many compelling threat trends were related to the pandemic, some threats still had their own drivers. For example, ransomware and attacks targeting Internet-of-Things (IoT) devices as well as operational technology (OT) are not diminishing but are instead evolving to become more targeted and more sophisticated.

“The first six months of 2020 witnessed an unprecedented cyber threat landscape. The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe. There has never been a clearer picture than now, of why organizations need to adjust their defense strategies going forward to fully take into account the network perimeter extending into the home,” said Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs.

Seizing the Opportunity in Global Events

From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at enormous scale. This included phishing and business email compromise schemes, nation-state-backed campaigns and ransomware attacks. These trends demonstrate how quickly attackers can move to take advantage of major developments with broad social impact at a global level.

The Perimeter Gets More Personal

The increase in remote work created a dramatic inverse of corporate networks almost overnight, which cyber adversaries immediately started to leverage as an opportunity. In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products.

Browsers Are Targets Too

For attackers, the shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year. This may demonstrate the attempt of cybercriminals to target their attacks when individuals are the most vulnerable and gullible—browsing the web at home.

Ransomware Not Running Away

Well-known threats such as ransomware have not diminished or disappeared during the last six months. Instead, COVID-19-themed messages and attachments were used as lures in several different ransomware campaigns. There was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment. Globally, no industry was spared from ransomware activity and data shows that the five most heavily targeted sectors for ransomware attacks are telco, MSSPs, education, government, and technology.

OT Threats After Stuxnet

The 10th anniversary of Stuxnet in June demonstrated that operational technology (OT) networks remain a target for cyber adversaries. The EKANS ransomware from earlier this year shows how adversaries continue to broaden the focus of ransomware attacks to include OT environments. The Ramsay espionage framework, designed for the collection and exfiltration of sensitive files within air-gapped or highly restricted networks, is an example of threat actors looking for fresh ways to infiltrate these types of networks.

Mapping Exploitation Trend

Even though 2020 looks to be on pace to break the number of published vulnerabilities in a single year, vulnerabilities from this year also have the lowest rate of exploitation ever recorded in the 20-year history of the CVE List. Meanwhile, vulnerabilities from 2018 claimed the highest exploitation prevalence at 65%.

The Urgency to Secure the Network Perimeter Extending into the Home

With the increase in connectivity, devices, and ongoing need for remote work, the digital attack surface is expanding. With the corporate network perimeter extending to the home, attackers are looking for the weakest link and fresh attack opportunities. Organizations need to prepare by taking concrete steps to protect their users, devices and information in ways similar to the corporate network.

Threat intelligence and research organizations can help by providing broad insight as the threat landscape evolves as well as in-depth analysis of attack methods, actors, and new tactics to help supplement the cyber knowledge of organizations. The need for secure teleworker solutions to enable secure access to critical resources while scaling to meet the demands of the entire workforce has never been greater. Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire digital attack surface including networks, application, multi-cloud, or mobile environments is able to secure today’s rapidly evolving networks.

Report Overview

This latest Global Threat Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2020. It covers global and regional perspectives as well as research into three central and complementary aspects of that landscape: exploits, malware, and botnets.

Leave a Reply