Fortinet announced the findings of its latest quarterly Global Threat Landscape Report. The research reveals that cybercriminals continue to look for new attack opportunities throughout the digital attack surface. At the same time, they are shifting attack vectors such as targeting publicly available edge services to counter training and education efforts by organizations that address popular tactics such as phishing. The Threat Landscape Index remained relatively consistent during the quarter. There were fluctuations but no significant swings. Regardless, organizations should not let their guard down; instead the index demonstrates consistent and sustained cybercriminal activity.
Shifting Tactics to Catch Organizations by Surprise: The majority of malware is delivered via email; therefore many organizations have been aggressively addressing phishing attacks with end user training and advanced email security tools. As a result, cybercriminals are expanding their ability to deliver malicious malware through other means. These include targeting publicly facing edge services such as web infrastructure, network communications protocols, as well as bypassing ad blocker tools to open attack vectors that don’t rely on traditional phishing tactics.
Maximizing Earning Potential: Following in the footsteps of the lucrative GandCrab ransomware, which was made available on the dark web as a Ransomware-as-a-Service (RaaS) solution, cybercriminal organizations are launching new services to expand their earning potential. FortiGuard Labs observed at least two significant ransomware families—Sodinokibi and Nemty—being deployed as RaaS solutions. These are potentially just the beginning of what could be a flood of similar services in the future.
Refining Malware for Success: Expanding on these approaches, cybercriminals are also refining malware to evade detection and deliver increasingly sophisticated and malicious attacks, such as the evolution of the Emotet malware. This is a troubling development for organizations as cybercriminals increasingly use malware to drop other payloads on infected systems to maximize their opportunities for financial gain.
Maximizing Opportunity with Older Vulnerabilities and Botnets: Targeting older, vulnerable systems that have not been properly secured is still an effective attack strategy. FortiGuard Labs discovered that cybercriminals target vulnerabilities twelve or more years old more often than they target new attacks. And in fact, they target vulnerabilities from every subsequent year since then at the same rate as they do current vulnerabilities.
Protecting for the unexpected: Broad, Integrated, and Automated Security. The expanding attack surface and shifting attack strategies of cybercriminals means organizations cannot afford to over-focus on a narrow set of threat trends. It is essential that organizations adopt a holistic approach to securing their distributed and networked environments. This requires the deployment of a security fabric that is broad, integrated, and automated.
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q3 of 2019. Research covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape, which are exploits, malware, and botnets, broken down by prevalence and volume in a given quarter.
