Fortinet announced the findings of its latest Global Threat Landscape Report. The research reveals cybercriminals are evolving their attack methods to increase their success rates and to accelerate infections. While ransomware continues to impact organizations in destructive ways, there are indications that some cybercriminals now prefer hijacking systems and using them for cryptomining rather than holding them for ransom. For a detailed view of the findings and some important takeaways for CISOs read the blog. Highlights of the report follow:
Data indicates that cybercriminals are getting better and more sophisticated in their use of malware and leveraging newly announced zero-day vulnerabilities to attack at speed and scale. While the number of exploit detections per firm dropped by 13% in Q1 of 2018, the number of unique exploit detections grew by over 11%, and73% of companies experienced a severe exploit.
Malware is evolving and becoming more difficult to prevent and detect. The prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13% to 28%. Additionally, cryptojacking was quite prevalent in the Middle East, Latin America, and Africa.Cryptomining malware is also showing incredible diversity for such a relatively new threat. Cybercriminals are creating stealthier fileless malware to inject infected code into browsers with less detection. Miners are also targeting multiple operating systems as well as different cryptocurrencies, including Bitcoin, Dash, and Monero. They are also fine-tuning and adopting delivery and propagation techniques from other threats based on what was successful or unsuccessful to improve future success rates.
Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet, said, “We face a troubling convergence of trends across the cybersecurity landscape. Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximizing the accessibility of malware for bad intent.
In addition, ITand OT teams often don’t have the resources necessary to keep systems appropriately hardened or protected. However, implementing a security fabric which prioritizes speed, integration, advanced analytics, and risk-based decision making can enable comprehensive protection at machine speed and scale.”
Gavin Chow, Network and Security Strategist, Fortinet Asia Pacific, said, “In India exploits targeting known vulnerabilities in enterprise web systems running Apache Struts (CVE-2017-5638), Oracle WebLogic Server (CVE-2017-10271, CVE-2017-3506) and older IIS 6.0 web servers (CVE-2017-7269) were the most prevalent in Q1 2018. This is followed closely by exploits targeting vulnerabilities in Red Hat JBoss Application Server (CVE-2017-12149) and IoT devices such as Linksys and D-Link home routers.
JavaScript based cryptojacking malware was also the most prevalent in this region along with the malware leveraging a known Microsoft Office exploit (CVE 2017-11882) that is used to gain control of a victim’s system to perform other malicious activity. Even though the Andromeda Botnet infrastructure was already taken down in Q4 2017 in continued to be the most prevalent BOT. The key takeaway here is that attackers are targeting known vulnerabilities that already have fixes available and system owners who are not aware of these risks would continue to be exposed to these attacks.”
