Over the past year, major ransomware attacks such as WannaCry, NotPetya, and SamSam have been carried out, affecting thousands of networks across verticals. While these attacks caused major damage as networks slowed to a halt and IT teams attempted to recover compromised data, there was one beneficial takeaway from this onslaught – the knowledge that this was a high-priority attack vector for cybercriminals.
IT teams that realize that cybercriminals are spending time developing ransomware that could impact their organizations are able to take precautionary measures. Data can be backed up to ensure access to uncompromised records in the event of an attack, vulnerabilities can be patched to ensure no known exploits could be targeted, and employees can be educated on best practices such as avoiding phishing scams and malicious attachments.
Knowledge of the ransomware threat trend allows IT teams to fortify their networks against these attacks, demonstrating the crucial role that threat intelligence plays in effective security. Our recent Threat Landscape Report for Q2 of 2018 is a key resource for this sort of intelligence as targeted attack vectors become more distributed and diverse.
Q2 Threat Trends Facing Organizations
Unlike threat trends of the recent past, the Threat Landscape Report for Q2 of 2018 did not point to one single attack style that criminals are focusing on. Critically, the report instead pointed to several threats growing in sophistication and prevalence that IT teams need to defend against. This wider swath of attack methods means organizations must distribute security resources more broadly to maintain visibility into looming threats.
Without the ability to collect critical threat data in real time and then analyze it in the larger context of the global threat landscape, it’s easy for teams to fall behind in security best practices or misallocate resources to focus on less pressing risks.
Recent threat trends include:
Focus on IoT Devices: IoT devices were among the top technologies targeted by exploits in Q2 2018 – specifically for cryptojacking. Criminals have taken to leveraging the continuous connection of networked devices (phones, printers, smart televisions) and their powerful processors to install malware that’s constantly mining for cryptocurrency. Furthermore, attackers are building new botnets based on successful exploits such as Mirai to target unpatched IoT devices.
Agile Development: Agile development and DevOps have become popular methods to keep up with consumer demands for regularly-updated applications and features. However, cybercriminals have now also started to use this mode of delivery as a way to evade detection. In Q2, we saw the GandCrab ransomware utilize agile development to administer updates that would allow it to evade security measures. The use of agile development in cyberattacks will require IT teams to regularly monitor threat trends to update defenses.
Botnets: We detected 265 unique botnets this quarter, with established botnets such as Gh0st, Pushdo, and Andromeda continuing to have a presence in the threat landscape. The report also shows that botnet prevalence is lesser in Europe, North America, and Oceania, implying the need for improved remediation response in other targeted regions. Looking at botnet epidemiology like this, including infection rates and timelines, gives IT teams a better understanding of the threat landscape.
BankBots: This type of banking trojan has also recently begun to re-emerge. From its currently low prevalence, it does not appear a particularly strong threat at the moment. However, that could all change, as one new variant – Anubis, which targets Android devices to steal credentials – demonstrates several innovations that make it more effective at stealing banking information.
Attacks on Known Vulnerabilities: Looking at which known vulnerabilities have been exploited in the wild allows teams to prioritize patching efforts. Only 5.7 percent of all known vulnerabilities were exploited in Q2. This means security teams must focus on determining which vulnerabilities were exploited, rather than exhausting resources to remediate all vulnerabilities.
The intelligence uncovered in the Q2 Threat Report demonstrates the degree of granularity organizations must maintain in their threat intelligence. The data that informs these insights is integral to updating security solutions and policies to stay a step ahead of malicious actors. As a result, organizations must devote resources to aggregating and analyzing this data to determine which entryways pose the biggest threats to their unique networked environments.
Subscription Security Services
With the continuing cybersecurity skills gap, many organizations do not have the manpower to devote personnel to detailed threat analysis on a regular basis. This is where Fortinet’s Security Subscriptions provide additional critical value.
This subscription-based service provides organizations with near real-time intelligence into threats that are gaining traction, allowing them to update solutions and take preemptive measures.
This data is provided by FortiGuard Labs, which conducts over 450,00 hours of global threat research per year, collecting data from security sensors around the world to analyze and process over 65 trillion security events per year to extract timely and relevant threat intelligence. This allows organizations to base security practices off of global and local threat data in real time. With Security Services in place, organizations have the necessary resources to maintain visibility into threats across the network and various entryways.
Furthermore, Fortinet’s Security Services offer Advanced Malware Protection services to identify zero-day threats and advanced attacks using evasion techniques. Enterprises can also leverage new ICS/SCADA protocols protections to secure IT and OT convergence as OT-focused attacks become more common.
Security programs are only as strong as the data and threat intelligence that inform them. When ransomware was sweeping across networks, savvy organizations used this insight to add protective measures against it. However, recent threat trends are more varied across vectors. To maintain visibility into the threat landscape and understand where efforts should be focused, organizations should leverage security services that offer the support and granularity needed to take a proactive approach to network security.