Fortinet, a global leader in broad, integrated and automated cyber security solutions, announced the findings of its latest Global Threat Landscape Report. The research reveals cyber criminals are evolving their attack methods to increase their success rates and to accelerate infections. While ransomware continues to impact organisations in destructive ways, there are indications that some cyber criminals now prefer hijacking systems and use them for cryptomining rather than holding them for ransom.
Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
“We face a troubling convergence of trends across the cyber security landscape. Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximizing the accessibility of malware for bad intent. In addition, IT and OT teams often don’t have the resources necessary to keep systems appropriately hardened or protected. However, implementing a security fabric which prioritises speed, integration, advanced analytics, and risk-based decision making can enable comprehensive protection at machine speed and scale.”
Cyber crime Attack Methods Evolve to Ensure Success at Speed and Scale
Data indicates that cyber criminals are getting better and more sophisticated in their use of malware and leveraging newly announced zero-day vulnerabilities to attack at speed and scale.While the number of exploit detections per firm dropped by 13% in Q1 of 2018, the number of unique exploit detections grew by over 11%, and 73% of companies experienced a severe exploit.
Spike in Cryptojacking: Malware is evolving and becoming more difficult to prevent and detect. The prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13% to 28%. Additionally, cryptojacking was quite prevalent in the Middle East, Latin America, and Africa.Cryptomining malware is also showing incredible diversity for such a relatively new threat. Cyber criminals are creating stealthier fileless malware to inject infected code into browsers with less detection. Miners are also targeting multiple operating systems as well as different cryptocurrencies including Bitcoin, Dash, and Monero. They are also fine-tuning and adopting delivery and propagation techniques from other threats based on past performances to improve future success rates.
Targeted Attacks for Maximum Impact:The impact of destructive malware remains high, particularly as criminals combine it with designer attacks. For these types of more targeted attacks, criminals conduct significant reconnaissance on an organisation before launching an attack, which helps them to increase success rates. Afterwards, once they penetrate the network, attackers spread laterally across the network before triggering the most destructive part of their planned attack. The Olympic Destroyer malware and the more recentSamSam ransomware are examples.
Ransomware Continues to Disrupt: The growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organisations. Ransomware continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems.
Multiple AttackVectors: Although the side channel attacks dubbed Meltdown and Spectre dominated the news headlines during the quarter, some of the top attacks targeted mobile devices or known exploits on router, web or Internet technologies. 21% of organizations reported mobile malware, up 7%, demonstrating that IoT devices continue to be targeted. Cyber criminals also continue to recognise the value of exploiting known vulnerabilities that haven’t been patched along with recently discovered zero-days for increased opportunity. Microsoft continued to be the number one target for exploits, and routers took the number two spot in total attack volume. Content Management Systems (CMS) and web-oriented technologies were also heavily targeted.
Cyber Hygiene - More Than Just Patching:Measuring how long botnet infections persist based on the number of consecutive days in which continued communications are detected reveals that hygiene involves more than just patching.
It is also about cleanup. Data showed that 58.5% of botnet infections are detected and cleaned up the same day. However, 17.6% of botnets persist for two days in a row and 7.3% last three days. About 5% persist for more than a week.