2020 saw a surge in malware, ransomware and botnets - report
The COVID-19 pandemic has created an urgency for organisations to adjust their defence strategies more than any other recent event, according to new analysis from Fortinet.
The company yesterday released its Global Threat Landscape Report, with research into three central aspects: exploits, malware and botnets. The report was drawn from its array of sensors collecting billions of threat events around the world during the first six months of 2020.
“The first six months of 2020 witnessed an unprecedented cyber threat landscape,” says FortiGuard Labs chief of security insights and global threat alliances Derek Manky.
“There has never been a clearer picture than now, of why organisations need to adjust their defence strategies going forward to fully take into account the network perimeter extending into the home.
“It is critical for organisations to take measures to protect their remote workers and help them secure their devices and home networks for the long term.”
Here are some of the highlights from the report:
The perimeter gets more personal
With lockdowns put into place across the world came an unprecedented surge in remote working – and this created a particularly ripe opportunity for cyber-attackers.
According to the report, the first half of 2020 saw many exploit attempts against multiple consumer-grade routers and IoT devices.
Mirai and Gh0st dominated the list of botnets by detections. According to Fortinet, the growth of such threats was driven by a growing interest in the targeting of fresh vulnerabilities in IoT products.
The surge in popularity of BYOD has exacerbated attackers’ attempts to gain access to enterprise networks, with the extension of network perimeters into the home. Criminals used this vulnerability to exploit personal devices that workers use to connect to their organisations’ networks.
Browsers are targets too
According to Fortinet’s research, phishing campaigns utilising web-based malware were more prominent in the early months of 2020 than the more traditional email vector.
This may demonstrate the attempt of cyber-criminals to target their attacks when individuals are the most vulnerable and gullible – browsing the web at home.
This vulnerability means that browsers continue to be a popular vector of attack, particularly as cyber-attackers show no sign of ending their assault on remote workers.
While phishing and malware have gained significant notoriety as being particularly successful in the wake of COVID-19, ransomware has not been far behind.
Fortinet’s research found that ransomware utilising pandemic-themed messages and attachments were used as lures in much the same way that phishing campaigns used them. Another method of attack included rewriting an infected computer’s master boot record (MBR) before encrypting data.
Many ransomware attempts go only so far as to encrypt and prevent an organisation from accessing its data, but in 2020 there was an increase in incidents whereby attackers went further by stealing it. Criminals can then hold this above the organisation’s head by threatening to release it, in an attempt to leverage a higher ransom payment.
Fortinet researchers found that this trend heightened the risk of losing troves of invaluable and sensitive data.
The report further identified that the most heavily targeted sectors for ransomware attacks were telcos, MSSPs, education, government, and technology.
“The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximise the current events cantered around the COVID-19 pandemic across the globe,” says Manky.
“It is wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognising risks and keeping our distance.”