Wikipedia defines steganography as “the practice of concealing a file, message, image, or video within another file, message, image, or video.” At this point, security professionals will immediately recognize the potential for steganography to act as vehicle for surreptitiously delivering malicious code into systems targeted for cybersecurity exploit, and subsequently exfiltrating purloined data from compromised devices. Given the ingenuity of the adversary community, it will be no surprise that the frequency of steganographically-based attacks has increased over the last couple of years.
FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.
Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies.
There is an incredible urgency for organizations, especially those undergoing digital transformation, to reprioritize security hygiene and identify emerging risks. However, as the volume, velocity, and automation of attacks continues to increase, it is also becoming increasingly important to align patching prioritization to what is happening in the wild so you can better focus your limited resources on the most critical and emerging risks.
2017 was another landmark year for cybersecurity. In reviewing our quarterly Threat Landscape reports, it is clear that 2017 has been notable primarily for three things: the rapid digital transformation and expansion of the potential attack surface, the increasing sophistication of cyber attacks, and a lapse in basic cybersecurity hygiene, largely being driven by digital transformation coupled with the growing cybersecurity skills gap.
The entire security arms race between IT professionals and cybercriminals is really about one side constantly trying to outsmart the other. Security isn’t just about tools. It’s also about the intelligence that powers them. Which is why when we started Fortinet 16 years ago we were every bit as committed to developing security intelligence and research solutions that were as innovative as the technology we were developing.
Fortinet today announced the findings of its latest Global Threat Landscape Report. The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale.
A look back and forward for our 2017 Cybersecurity Predictions. Threats are compounding at digital speeds, while resolutions, like manufacturers building security safeguards into their products, are proceeding at a snail’s pace. We need to start building security into tools and systems on day zero. We need alignment on ways to effectively see and combat new cybercrime. And we need to adopt integrated, collaborative, and automated procedures and technologies end to end to help us see and protect resources.
This blog post is a summary of SSTIC, a major infosec conference held in France. As usual, this year’s conference came with excellent presentations. The sessions have been recorded, and the papers are available on the website, although most of the content is in French. For a detailed wrap-up of SSTIC, please read @xme: Day 1 Day 2 Day 3 SSTIC is one of the few IT conferences which (1) ask authors to submit full papers, (2) from which you return with information or tools to work on, and (3) whose presentations are mostly...