For CISOs, the fact that cybercriminals are developing attacks more quickly and using advanced persistent cybercrime strategies that are more destructive and unpredictable should be cause for concern. As attacks continue to become more sophisticated and expand to cover the entire attack surface, it has become even more apparent that organizations need to strengthen their security with solutions designed to interoperate rather than function in isolation.
According to the latest semiannual FortiGuard Labs Global Threat Landscape Report, the automation and speed of attacks is increasing. The report covers the cyber threat landscape for the second half of 2021 based on intelligence drawn from billions of threat events each day. Based on our findings, these are a few of the threats CISOs should be watching.
Up until recently, Linux systems haven't been heavily targeted by cybercriminals. Not that long ago, Linux was one of the least attacked platforms in IT, but now we're seeing malware that is designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. Because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications, it is becoming a more popular target for attackers, and CISOs can't ignore it anymore.
The rate of new Linux malware signatures in the fourth quarter of 2021 quadrupled that of the first quarter. Examples of threats that target Linux include an ELF variant called Muhstik, RedXOR malware, and Log4j. Malware detections of ELF files doubled during 2021, and this growth in variants and volume suggests that Linux malware is increasingly included in the cybercrime portfolio. Linux needs to be secured, monitored, and managed just like any other endpoint in the network. Organizations should have advanced and automated endpoint protection, detection, and response. Security hygiene should be prioritized to provide active threat protection for systems that may be affected by low-lying threats.
The Log4j vulnerabilities that occurred in late 2021 got a lot of attention because they demonstrated the rapidly increasing speed of exploits that cybercriminals are using. Despite emerging in the second week of December, exploitation activity escalated in less than a month to make it the most prevalent IPS detection of the entire second half of 2021. In addition, Log4j had nearly 50 times the activity volume compared to ProxyLogon, the well-known outbreak that happened earlier in 2021. Given the speed that cybercriminals are working to maximize opportunities, organizations often have little time to react or patch systems. To reduce their risk, organizations need intrusion prevention systems powered by artificial intelligence and machine learning. They should also employ aggressive patch management strategies and take advantage of threat intelligence visibility to prioritize the threats propagating most quickly.
By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques.
FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries’ goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware’s methods for attack entirely in some situations.
Securing against today's ever-evolving attack techniques requires smarter solutions that can ingest real-time threat intelligence, detect threat patterns and fingerprints, correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response. Organizations can no longer take a piecemeal approach to cybersecurity. To protect against fast-moving, sophisticated attacks, point products need to be replaced with a cybersecurity mesh platform that provides centralized management, automation, and integrated solutions that work in concert.