Industry Trends

Security’s Reactive Response to the Cycle of Threats

By Bill McGee | October 07, 2016

We’re into the final quarter of the year, and the cyberthreat landscape continues to be interesting. This week in the Fortinet Threat Intelligence Brief we looked at a number of interesting trends around IoT botnets, continued ransomware problems – both through directed attacks and infected websites, and the spoofing of the Navy Federal US Credit Union.

One interesting thing to note is how attacks tend to move from target to target and region to region in waves. This week, for example, we saw a near quadrupaling in attempts to deliver a malicious Excel file to deliver the Odin ransomware variant, primarily directed at users in Japan. We also saw a series of attacks aimed at an older vulnerability in some home routers begin to taper off as attackers started to look for something new to exploit.

This is actually a rather effective way to conduct attacks. A new threat vector is identified, attacks spike to unprecedented levels, security vendors and news outlets respond, and then attackers move on to some other unpredictable vulnerability to exploit. These sorts of attacks tend to keep vendors and security teams in a reactive mode, either putting out a raging fire, or trying to figure out where the next attack is going to come from. They also drive the development and deployment of one-off security devices. Plus, they provide misdirection so that other, subtler attacks can slip past more easily.

The result is that organizations, and many security vendors, are so busy with responding tactically to the constantly shifting threat environment that few of them ever have the luxury to sit back and think about security from a more holistic and strategic perspective. This is probably not something planned by the cybercriminal community, as they tend to be opportunistic bottom feeders. But the result is the same – we are constantly on pins and needles waiting for the next unexpected sucker punch, even though, ironically, we all already know it is coming.

What we need to do instead is adopt the sort of integrated and adaptive cyber defense strategy provided by the Fortinet Security Fabric, combined with, as we have emphasized repeatedly here, an aggressive patching strategy. Integrated tools that can segment the network, sense threats, share intelligence, and automatically synchronize a response will always be more effective than a collection of isolated security devices, regardless of whatever features they provide.

Subscribe to the Report

For more details on the threats and analysis discussed in this blog, we recommend subscribing to our FortiGuard Threat Intelligence Brief, which provides a weekly breakdown of our extensive global threat research, “Top Five” lists of the week’s most detected threats, and links to more information.