FortiGuard Labs Threat Research
2016 saw continued cybercrime growth, including hackers breaking into government agencies, ransomware hijacking healthcare networks, high profile data theft, and massive global malware epidemics. Just one quarter into 2017, and things haven’t slowed down at all according to our Threat Landscape report.
The WannaCry ransomware outbreak, which was a direct result of the Shadow Brokers leak, had the world in tears for several days. Daily FortiGuard IPS hits peaked at 22 million globally for the DoublePulsar tool that WannaCry used as its primary attack vector. The secondary exploit leveraged in the attack, CVE-2017-0144, spiked to over 7 million attempts blocked by Fortinet on May 13, before trailing off as security firms tightened their defenses and organizations updated their software.
But this wasn’t the only issue. WannaCry aside, nearly 10% of organizations recorded ransomware activity during Q1. In fact, on any given day, an average of 1.2% of organizations worldwide were dealing with ransomware botnets running somewhere in their environment. In addition, 80% reported high or critical-severity exploits against their infrastructure. Even more concerning is that the vast majority of these cyberattacks successfully targeted vulnerabilities that were five years old, with some that predate the year 2000.
First, while the more high profile attacks have dominated the headlines, the reality is that the majority of threats faced by most organizations are opportunistic in nature. Criminals tend to target low hanging fruit, so it is critical that you minimize your visible and accessible attack surface.
Second, you need to up your game regarding network hygiene. Identify, patch, update, and replace vulnerable devices and systems on your network. Far too often, routine and complexity combine to allow overlooked systems that fall out of the patch cycle persist in your network. If you can’t secure it, get rid of it. If you can’t get rid of it, segment it and protect it.
Finally, your security strategy needs to meet the demands of your current network. You need to build advanced malware defenses into (what’s left of) the perimeter, across the network, and into endpoints, whether user-based or IoT, that can detect both known and unknown threats. Defenses should be spread along the entire kill chain, from IoT to the cloud. We recommend reviewing your current security posture to assess capabilities at each phase.