Of the 103,786 vulnerabilities published on the CVE List since it began, 5,898 (5.7%) were exploited in the wild according to research from our recently released Threat Landscape Report. With over 100,000 known exploits, most organizations cannot patch vulnerabilities fast enough to keep up. This indicates that cybercriminals are not only developing new technologies and strategies to exploit potential victims, but they are also becoming more selective in the way they leverage those exploits, focusing on those that will generate the biggest bang for the buck.
Such information can be extremely valuable when it comes to prioritizing patching vulnerabilities. If criminals aren't exploiting the vast majority of vulnerabilities, then fixing everything—beyond being impossible—is not the right approach. Instead, it is essential to incorporate the knowledge of what they are exploiting through threat intelligence services such as the ones provided by FortiGuard Labs into the decision-making process. Organizations can then couple such threat intelligence with Security Rating Services that provide real-time insights on security preparedness across all security elements to take a much more proactive and strategic approach to vulnerability remediation.
This conclusion is just one of the highlights taken from the latest Fortinet Threat Landscape Report. The FortiGuard Labs team processes over 65 trillion security events per year using advanced techniques and patented technologies—including one of the most advanced self-learning systems in the world—to extract timely and relevant threat intelligence, seek out avenues of attack and discover emerging threats. Fortinet then collects and publishes those finding quarterly, highlighting critical takeaways for organizations of all sizes and industries.
Other notable takeaways from this quarter's report include:
Virtually No Firm is Immune from Severe Exploits: Almost no firm is immune to the evolving attack trends of cybercriminals. FortiGuard Labs detected 96% of firms experiencing at least one severe exploit. In addition, nearly a quarter of companies saw cryptomining malware, and just six malware variants spread to over 10% of all organizations. FortiGuard Labs also found 30 new zero-day attacks during the quarter.
Cryptomining Moves to IoT Devices in the Home: Cybercriminals added IoT devices to their arsenal of tools used for mining for cryptocurrency, including home media devices. They are an especially attractive target because of their rich source of computational horsepower, which can be used for malicious purposes. Another critical factor is the fact that these devices tend to always be on and connected, enabling attackers to load them with malware that is continually engaged in cryptomining.
Botnet Trends Demonstrate Cybercriminal Creativity: Cybercriminals are maximizing the impact of botnets by loading them with multiple malicious actions. WICKED, a new Mirai botnet variant, added at least three exploits to its toolkit to better target unpatched IoT devices. VPNFilter, the advanced nation-state-sponsored attack that targets SCADA/ICS environments, emerged as a significant threat because it not only performs data exfiltration but can also render devices completely inoperable, either individually or simultaneously as a group. And the Anubis variant from the Bankbot family introduced several innovations, including ransomware, a keylogger, RAT functions, SMS interception, lock screen, and call forwarding.
Malware Developers Leverage Agile Development: Recent attack trends show that malware authors are turning to agile development practices to make their malware even more challenging to detect, as well as to counter the latest tactics of anti-malware products. GandCrab has had many new releases this year, and its developers continue to update this malware at a rapid pace. Along with automation, agile development helps malware authors roll out new highly evasive attacks, requiring organizations do adopt increasingly advanced threat detection and protection capabilities to help them pinpoint these exploits.
Education and Government Sectors use SaaS: Of all sectors analyzed, government leads the pack when it comes to the use of SaaS applications (108% higher than the mean) and is second to education in the total number of apps used daily (22.5% and 69% higher than the mean, respectively.) A broader diversity of applications, as well as a possibly higher number of SaaS applications deployed as part of Shadow IT, are the likely causes of these results. Such organizations require a security approach that breaks down silos between each application, especially in multi-cloud environments, to enable transparent visibility and security controls to be applied consistently across the distributed network.
Attacks against SCADA devices aren't the most common but could be the most critical: IT and OT networks are converging. If your organization uses SCADA or other ICS solutions, especially if they are exposed to internal or external networks, the first step is to assess business and operational risks thoroughly. Resulting strategies should include defining zones, conduits, boundaries, and security levels to limit and secure communications between OT and non-OT environments.
Addressing these challenges requires organizations to rely on advanced threat detection and prevention capabilities such as sandboxing and machine learning to ferret out previously unknown exploits. This approach is even more critical as malware developers adopt best-in-class agile development practices to quickly and easily pivot resources to address new vulnerabilities or thwart new security patches. Finally, a fully integrated security approach that spans the attack surface—as well as between each security element—as a single, holistic fabric is nonnegotiable. Such an approach allows threat intelligence to be shared in virtual real time to stop polymorphic and multi-vector exploits by shrinking the windows of detection, prevention, and remediation.
Other approaches include:
Use Threat Intelligence as Your Navigational Dashboard: In the face of the threat trends identified in this latest Threat Report, a vital element of any successful strategy is threat intelligence. As it is virtually impossible to patch every vulnerability and keep up with every exploit, security teams need a navigational dashboard to help them prioritize their focus on those elements that will make the most significant difference regarding mitigating threats. The Security Rating Service built into the Fortinet Security Fabric is a great supplemental tool that organizations can leverage in concert with this threat intelligence data.
Unlock Advanced Threat Prevention and Detection: With the rapid growth of severe exploits combined with attackers increasingly leveraging agile development to create new, unknown threats rapidly, organizations must embrace advanced threat prevention and detection capabilities. These include machine learning and artificial intelligence technologies and strategies that IT teams can integrate across the entire security architecture. This approach allows security teams to automate processes to shrink the window for detection, prevention, and remediation.
Extend Segmentation to the Home Network: Much has been written on the importance of segmentation across the corporate network. As more workers opt for flexible work schedules and locations, they increasingly work—at least a portion of the time—from their home offices. Because of the growing number of new attack vectors that target IoT devices in the home, security organizations need to extend their segmentation strategy from the corporate network to employee home networks.
Security risks continue to grow, and understanding the risks you face and the tactics your cyber enemies are using is critical to developing and implementing an effective and adaptive security strategy. Fortinet’s Threat Report for Q2 2018 is a valuable resource for any organization looking to stay ahead of today’s latest threat challenges.