TRENDING
Cryptocurrency mining on the rise:
cryptomining malware increased, which
seems to be intertwined with the changing
price of Bitcoin. Cybercriminals recognise
the growth in digital currencies and are
using a trick called cryptojacking to mine
cryptocurrencies on computers using CPU
resources in the background without a user
knowing. Cryptojacking involves loading a
script into a web browser, nothing is installed
or stored on the computer.
business, cybercriminals are leveraging the
expanding attack surface it creates for new
disruptive opportunities to attack. They are
implementing newer swarm-like capabilities
while simultaneously targeting multiple
vulnerabilities, devices and access points. The
combination of rapid threat development
combined with the increased propagation of
new variants is increasingly difficult for many
organisations to combat.
Unprecedented volume: an average of
274 exploit detections per firm were found,
which is a significant increase of 82%
over the previous quarter. The number of
malware families also increased by 25%
and unique variants grew by 19%. The data
not only indicates growth in volume, but
also an evolution of the malware as well. In
addition, encrypted traffic using HTTPS and
SSL grew as a percentage of total network
traffic to a high of nearly 60% on average.
While encryption can certainly help protect
data in motion as it moves between core,
cloud and endpoint environments, it also
represents a real challenge for traditional
security solutions.
IoT attack intensity: three of the top 20
attacks identified targeted IoT devices and
exploit activity quadrupled against devices
like Wi-Fi cameras. None of these detections
were associated with a known or named
CVE, which is one of the troubling aspects
of vulnerable IoT devices. In addition, unlike
previous attacks, which focused on exploiting
a single vulnerability, new IoT botnets such
as Reaper and Hajime can target multiple
vulnerabilities simultaneously. This multi-
vector approach is much harder to combat.
Reaper’s flexible framework means that,
rather than the static, pre-programmed
attacks of previous IoT exploits, Reaper’s
code is easily updated to swarm faster by
running new and more malicious attacks as
they become available. Demonstrating its
swarm abilities, exploit volume associated
with Reaper exhibited a jump from 50K to
2.7 million over a few days before dropping
back to normal.
Ransomware still prevalent: several strains
of ransomware topped the list of malware
variants. Locky was the most widespread
malware variant and GlobeImposter
followed as the second. A new strain of
Locky emerged, tricking recipients with spam
before requesting a ransom. In addition,
28
INTELLIGENTCIO
Phil Quade, Chief Information Security
Officer, Fortinet
“
AUTOMATED AND
SOPHISTICATED
SWARM
ATTACKS ARE
ACCELERATING,
MAKING IT
INCREASINGLY
DIFFICULT FOR
ORGANISATIONS
TO PROTECT
USERS,
APPLICATIONS
AND DEVICES.
there was a shift on the darknet from only
accepting Bitcoin for payment to other forms
of digital currency such as Monero.
Sophisticated industrial malware:
an uptick in exploit activity against
industrial control systems (ICS) and safety
instrumental systems (SIS) suggests these
under-the-radar attacks might be climbing
higher on attackers’ radar. An example is an
attack code-named Triton. It is sophisticated
in nature and has the ability to cover its
tracks by overwriting the malware itself
with garbage data to thwart forensic
analysis. Because these platforms affect vital
critical infrastructures, they are enticing for
threat actors. Successful attacks can cause
significant damage with far-reaching impact.
Attack variety: steganography is an attack
that embeds malicious code in images. It’s
an attack vector that has not had much
visibility over the past several years, but
it appears to be on the resurgence. The
Sundown exploit kit uses steganography
to steal information and while it has been
around for some time, it was reported
by more organisations than any other
exploit kit. It was found dropping multiple
ransomware variants.
Fighting swarm attacks requires
integrated security
The threat data in this quarter’s report
reinforces many of the predictions
unveiled by the Fortinet FortiGuard Labs
global research team for 2018, which
predicted the rise of self-learning hivenets
and swarmbots on the horizon. Over the
next couple of years, the attack surface
will continue to expand while visibility
and control over today’s infrastructures
diminish. To address the problems
of speed and scale by adversaries,
organisations need to adopt strategies
based on automation and integration.
Security should operate at digital speeds
by automating responses as well as
applying intelligence and self-learning
www.intelligentcio.com