SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Fortinet cyber threat report paints bleak picture
Thu, 27th Feb 2020
FYI, this story is more than a year old

Fortinet has today announced the findings of its latest Global Threat Landscape Report, which has highlighted the fact that attacks are becoming more nuanced and subtle by the day, as IT infrastructures struggle to keep up.

The report reveals cybercriminals are maximising global economic and political realities to further enable their goal, and detection of threats may differ by geography, but the sophistication of attacks remains consistent throughout the world.

Highlights of the report:
A not so Charming Kitten

An advanced persistent threat (APT) linked with Iran called Charming Kitten has been making waves in Q4, the study finds.

Active since around 2014, the threat actor has been associated with numerous cyberespionage campaigns.

The threat actor has been linked to attacks on several email accounts associated with a presidential election campaign, indicating a foray into an arena that has become more relevant and recognisable in recent years: election disruption.

Security risks for IoT devices magnify

IoT devices continue to be challenged with exploitable software, according to the study.

This situation is magnified when components and software are embedded into different devices sold under a variety of brand names, sometimes by different vendors.

Many of these components and software are often programmed using pre-written code.

The combination of common components and pre-written code can mean devices become vulnerable to exploit.

The scale of the issue combined with the inability to easily patch these devices is a growing challenge, and underscores the difficulties of supply chain security.

Senior threats help junior threats

As new technology breeds new threats and organisations grapple to deal with them, some can be prone to forget that older attack styles can be as destructive as newer ones.

Research shows that if attacks have worked in the past, and continue to work, they will not be retired, and most likely do not have an expiration date.

Trends demonstrate a new perspective on global spam trade

Spam continues to be one of the top issues for organisations and individuals to deal with.

This quarter's report combines the volume of spam flow between nations with data showing the ratios of spam sent versus spam received, visually revealing a new perspective on an old problem.

In addition, in terms of exported spam volumes from geographic regions, Eastern Europe is the largest net producer of spam in the world.

Tracking the footprints of cybercriminals to see what is next

Looking at IPS triggers detected in a region can indicate what cybercriminals might focus on in the future, the report finds.
Security teams can foresee future moves if enough attacks of the same type in a region were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions.

Assuming that companies patch their software at about the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC.

However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find.

When looking at malware detections, the majority of threats targeting organisations are Visual Basic for Applications (VBA) macros.

The need for broad, integrated, and automated security

As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected.

Organisations are also facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning.

To effectively secure their distributed networks, organisations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications.

Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire attack surface can secure today's rapidly evolving networks driven by digital innovation.