sb-as logo
Story image

Fortinet cyber threat report paints bleak picture

27 Feb 2020

Fortinet has today announced the findings of its latest Global Threat Landscape Report, which has highlighted the fact that attacks are becoming more nuanced and subtle by the day, as IT infrastructures struggle to keep up.

The report reveals cybercriminals are maximising global economic and political realities to further enable their goal, and detection of threats may differ by geography, but the sophistication of attacks remains consistent throughout the world.

Highlights of the report:


A not so Charming Kitten

An advanced persistent threat (APT) linked with Iran called Charming Kitten has been making waves in Q4, the study finds.

Active since around 2014, the threat actor has been associated with numerous cyberespionage campaigns. 

The threat actor has been linked to attacks on several email accounts associated with a presidential election campaign, indicating a foray into an arena that has become more relevant and recognisable in recent years: election disruption.

Security risks for IoT devices magnify

IoT devices continue to be challenged with exploitable software, according to the study.

This situation is magnified when components and software are embedded into different devices sold under a variety of brand names, sometimes by different vendors. 

Many of these components and software are often programmed using pre-written code.

The combination of common components and pre-written code can mean devices become vulnerable to exploit.

The scale of the issue combined with the inability to easily patch these devices is a growing challenge, and underscores the difficulties of supply chain security. 

Senior threats help junior threats

As new technology breeds new threats and organisations grapple to deal with them, some can be prone to forget that older attack styles can be as destructive as newer ones.

Research shows that if attacks have worked in the past, and continue to work, they will not be retired, and most likely do not have an expiration date.

Trends demonstrate a new perspective on global spam trade

Spam continues to be one of the top issues for organisations and individuals to deal with. 

This quarter’s report combines the volume of spam flow between nations with data showing the ratios of spam sent versus spam received, visually revealing a new perspective on an old problem. 

In addition, in terms of exported spam volumes from geographic regions, Eastern Europe is the largest net producer of spam in the world. 

Tracking the footprints of cybercriminals to see what is next

Looking at IPS triggers detected in a region can indicate what cybercriminals might focus on in the future, the report finds.
Security teams can foresee future moves if enough attacks of the same type in a region were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions. 

Assuming that companies patch their software at about the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC. 

However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find. 

When looking at malware detections, the majority of threats targeting organisations are Visual Basic for Applications (VBA) macros. 

The need for broad, integrated, and automated security

As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected. 

Organisations are also facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning. 

To effectively secure their distributed networks, organisations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications. 

Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire attack surface can secure today’s rapidly evolving networks driven by digital innovation.
 

Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More