Fortinet, a global leader in cyber-security solutions, recently announced the findings of their latest Global Threat Landscape Report. The report revealed that poor cybersecurity hygiene and risky application usage are two of the prime enablers of destructive worm-like attacks that leverage hot exploits at records speeds. Similarly, the research revealed that cybercriminals are lessening efforts on malicious break-ins, but are instead highly investing on automated and intent-based tools that massively obstruct business continuity.
“The technology innovation that powers our digital economy creates opportunity for good and bad in cybersecurity. Yet, something we don’t talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene. Cybercriminals aren’t breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities. This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal’,” said Phil Quade, Fortinet chief information security officer.
Here are Fortinet’s research highlights:
Cyber hygiene is essential in combating worm-like attacks.
Cybercriminals are operating on a global scale with Crime-as-a-Service infrastructures and autonomous attack tools. Notorious threats, such as WannaCry, that quickly spread and targeted a vast majority of industries, Fortinet says, could have been prevented through consistent cyber hygiene across organizations. Unfortunately, Fortinet’s research reveals that there is still a high rate of success in using hot exploits for attacks that have yet to be patched. Fortinet further notes that once automation occurs, industry barriers are broken, and attackers are able to gain leverage and greater impact that only increase over time.
- Ransomworms on the Rise: Both WannaCry and NotPetya targeted a vulnerability that only had a patch available for a couple of months. Organizations who were spared from these attacks tended to have one of two things in common. They had either deployed security tools that had been updated to detect attacks targeting this vulnerability, and/or they applied the patch when it became available. Prior to WannaCry and NotPetya, network worms had taken a hiatus over the last decade.
- Critical-severity of Attacks: More than two-thirds of firms experienced high or critical exploits in Q2 2017. Ninety percent of organizations recorded exploits for vulnerabilities that were three or more years old. Even 10 or more years after a flaw’s release, 60% of firms still experienced related attacks. Q2 data overall quantified 184 billion total exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts.
- Active During Downtime: Automated threats do not take weekends or nights off. Nearly 44% of all exploit attempts occurred on either Saturday or Sunday. The average daily volume on weekends was twice that of weekdays.
With rapid technology use comes greater threat risks
Coinciding with the evolution of technology that foresees rapid speed and efficiency upgrades, at a time where digital economy is crucial, is also the growth of exploits, malwares, and tactics of cybercriminals. It was observed that cybercriminals are able to keep up the pace, especially in attacking newer technologies and services. Fortinet notes that business questionable software usage and vulnerable IoT devices of hyperconnected networks particularly increase the risk since they are not consistently managed, updated, or replaced. Their research likewise revealed that encrypted Web traffic comes as a double-edged sword—while beneficiary for Internet privacy and security, it unfortunately poses a challenge to several defensive tools that have poor visibility into encrypted communications.
- Application Usage: Risky applications create risk vectors, which open the door for threats. Organizations allowing a large amount of peer-to- peer (P2P) applications report seven times as many botnets and malware as those that don’t allow P2P applications. Similarly, organizations allowing a lot of proxy applications report almost nine times as many botnets and malware as those that don’t allow proxy applications. Surprisingly, there was no evidence that higher usage of cloud-based or social media applications leads to increased numbers of malware and botnet infections.
- Sector Analysis: The education sector led in nearly every measure of infrastructure and application usage when grouped by element type and industry. The energy sector exhibited the most conservative approach with all others falling in between.
- IoT Devices: Almost one in five organizations reported malware targeting mobile devices. IoT devices continue to present a challenge because they don’t have the level of control, visibility, and protection that traditional systems receive.
- Encrypted Web Traffic: Data shows the second straight record high this quarter for encrypted communications on the web. The percentage of HTTPS traffic increased over HTTP to 57%. This continues to be an important trend because threats are known to use encrypted communications for cover.
Report methodology
The Fortinet Global Threat Landscape report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of network devices and sensors within production environments during Q2 2017. Research data covers global, regional, industry sector, and organizational perspectives. It also focuses on three central and complementary aspects of the threat landscape: application exploits, malicious software, and botnets. In addition, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to that week’s most valuable Fortinet research.