Q4 Threat Report: 2018 Attacks Highlighted the Need for Advanced Threat Intelligence

In any situation where security or defense is the goal, lack of visibility into the techniques and tactics of your adversaries makes it is nearly impossible to enact the right precautions. Professional athletes and sports teams address this by watching game tapes of their opponents to better understand their strategy, and then tailor their own plans around their findings. While the process of taking the same sort of approach with cybersecurity requires much more research and analysis, the same basic principle applies when looking to defend your network from cybercriminals.

Time and time again, we have learned that it’s not enough just to have a strategy. And as networks and the potential attack surface continues to expand, that has never been more true than today. To stay ahead of cybercriminals, cybersecurity strategies must be built around a deep understanding of the evolving tactics being used and the range of entryways commonly being targeted by cybercriminals.

The Importance of Threat Research in an Expanding Attack Surface

Mapping, monitoring, and tracking the evolving threat landscape is fundamental to any security strategy. That’s why FortiGuard Labs is constantly evaluating and analyzing the security incidents recorded by the millions of censors and security devices we have deployed in production environments around the globe. This collected intelligence is comprised of billions of threat events every day. Using advanced AI solutions built around our advanced artificial neural network (ANN) and our global teams of highly skilled threat researchers, we are uniquely able to provide the expertise and advanced threat intelligence cybersecurity teams need to deploy the correct security controls and processes to stay ahead of today’s determined cybercrime community.

Organizations undergoing digital transformation are rapidly introducing a host of new devices and environments into their networks. This might include connected IoT devices, hybrid and multi-cloud environments, third-party applications, etc. Because cyber threats often change and evolve in accordance with the expanding attack surface, subscribing to and leveraging threat research is an essential component of any organization’s security strategy. Each of these deployments represent a new entryway that cybercriminals can exploit, which drives the development of new strains of malware, botnets, and ways to exploit zero-day threats that organizations need to stay on top of. Without using a constant stream of critical threat intelligence and assessment to keep systems and strategies updated, those effective security protocols deployed a year ago will quickly lose their ability to protect your organization.

3 Key Threat Findings from Q4 and 2018

Unlike Fortinet’s weekly threat update that provides immediate insight into the latest threats, Fortinet’s Threat Landscape Report rolls up the major security events of the quarter to provide a bigger view into threat trends and security challenges. This information empowers IT and cybersecurity teams to adopt more effective security strategies to protect their networks. For full context and a better understanding of the major threats organizations currently face, the Threat Landscape Report also reflects on the major threat trends of 2018. These include:

1. IoT Devices Remain a Focus: Cybercriminals are persistently targeting IoT devices. Despite the fact that IoT device exploit detections declined by 5% in Q4, half of the top 12 global exploits targeted IoT devices, with IP Cameras, printers, TVs, telephony equipment, and routers some of the most commonly targeted devices. Security cameras have been increasingly targeted, while cybercriminals continue to spend resources developing IoT-focused malwares and botnets. VPNFilter was another IoT malware seen in 2018, which was able to steal website credentials, monitor traffic, and enabled crossover infection to other endpoint devices. The key takeaway here is that internet-facing devices will continue to be aggressively attacked, so security professionals must respond accordingly.
2. Increasingly Evasive Malware: Another trend we saw in Q4, a microcosm of a larger trend for 2018, was increasingly agile and evasive malware that is able to detect vulnerabilities and evade detection with greater ease. Shared opensource code has been a valuable resource for cybersecurity teams to test defenses or develop new ones. The challenge is that this malware, which is primarily designed for testing purposes, is publicly available and can readily be weaponized. Open source security tools can also be studied by cybercriminals in order to learn how to evade popular detection methods. Additionally, throughout the course of 2018, cybercriminals adopted an agile development strategy, much like those being adopted by legitimate businesses, to more quickly release updates to malware in order to quickly counter anti-malware and updated security products.
3. Discovering Zero-Days Exploits: 2018 started off with the release of the Meltdown and Spectre, vulnerabilities found in most microprocessors, bringing with them the potential for disaster. A key reason that these vulnerabilities and zero-day threats like them are so dangerous is that security teams cannot see them coming. This is another reason that threat research is so important to an effective security strategy – to ensure security teams are not entirely blindsided. To this end, FortiGuard Labs has honed in on research to discover zero-day exploits, leading the industry with over 650 such exploits and vulnerabilities being discovered over the last several years.

Need for Threat Intelligence Services

If 2018 taught us anything, it’s that as cybercriminals discover new and more profitable ways to target networks, cyberattacks can change in an instant. To address the unpredictability of this challenge, we have long advocated a learn, segment, protect approach to minimize the efficacy of these threats. This goes beyond just learning about your own network, but taking a global approach to threat analysis and then rethinking security in order to defend against threats that haven’t even been created yet.

The biggest challenge many organizations face today is that they do not have the security infrastructure in place needed to conduct, consume, and implement the advanced threat research needed to alert them to new trends in cyberattacks or to zero-day vulnerabilities that must be patched. These organizations need to invest in threat intelligence services to help them focus on the most pressing security matters of the day, along with new security controls and processes that enable them to share, correlate, and respond to threats in a coordinated fashion and at digital speeds..

A FortiGuard Security Subscription enables IT teams to leverage in-depth global and local threat intelligence to secure their networks, with a comprehensive understanding of the threat landscape and the ability to respond quickly across network layers. When couple with a security fabric framework, organizations can automate threat discovery and response, thereby freeing up critical personnel resources to focus on strategic planning and threat analysis.

Final Thoughts

As the attack surface expands, cybercriminals are developing new threats to leverage additional entryways. To effectively secure networks, security teams must understand these tactics through advanced threat intelligence.

View the full report or the Fortinet Threat Landscape Indices for botnets, malware, and exploits for Q4, 2018.

Learn more about the FortiGuard Security Services portfolio or the FortiGuard Security Rating Service, which provides security audits and best practices.

Sign up for the weekly FortiGuard Threat Intelligence Briefs.