Bad actors are attempting to exploit any possible opportunity throughout the digital infrastructure and are maximising global economic and political realities to achieve their goals.
Global trends demonstrate that while the prevalence and detection of threats may differ from country to country, the sophistication and automation of attacks remain consistent across the board.
These were two of the findings of Fortinet’s FortiGuard Labs Global Threat Landscape Report.
Derek Manky, chief, Security Insights & Global Threat Alliances at FortiGuard Labs, says inthe cyber arms race, the criminal community has often had a distinct advantage due to the growing cyber skills gap, the expanding digital attack surface, and by leveraging the element of surprise with tactics such as social engineering to take advantage of unsuspecting individuals.
“To get out ahead of the cycle of increasingly sophisticated and automated threats, organisations need to use the same sorts of technologies and strategies to defend their networks that criminals are using to attack them. That means adopting integrated platforms that leverage the power and resources of AI-driven threat intelligence and playbooks to enable protection and visibility across the digital infrastructure,” he adds.
A not so Charming Kitten
The research revealed significant levels of activity across regions associated with Charming Kitten, an Iranian-linked advanced persistent threat (APT) group in Q4. Active since approximately 2014, the malefactors have been associated with numerous cyber espionage campaigns.
Recent activity suggests that the group has expanded into the election disruption business, having been linked to a series of attacks on targeted email accounts associated with a presidential election campaign.
IOT in the crosshairs
In addition, the reserach showed that IOT devices remain a challenge due to theirexploitable software and that these threats can affect unexpected devices such as wireless IP cameras.
This vulnerability of these devices is exacerbated when components and software are embedded into various commercial devices sold under a slew of brand names, often by different vendors. Moreover, these components and services are often programmed using bits and pieces of pre-written code from a variety of common sources, and are vulnerable to exploit, which is why many of the same vulnerabilities crop up repeatedly across a wide range of devices. The scale combined with the inability to easily patch these devices is a growing challenge, and spotlights the difficulties of supply chain security, the research showed.
Old dogs, new tricks
While there is constant pressure to keep ahead of new threats, businesses sometimes forget that older threats and vulnerabilities have no expiration date, and bad actors will continue to exploit them as long as they work. “A case in point is EternalBlue. The malware has been adapted over time to exploit common and major vulnerabilities. It has been used in numerous campaigns, including, most notably, the WannaCry and NotPetya ransomware attacks,” says Fortinet.
Looking into the future
Examining IPS triggers detected in a region not only shows what resources are being targeted, but may also indicate what threat actors could focus on in the future, either because enough of those attacks were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions – but this isn’t always the case.
Assuming that organisations patch their software at roughly the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC. However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find. In addition, when taking a similar look at malware detections, the majority of threats targeting organisations are Visual Basic for Applications (VBA) macros
Integrated, automated security
As the number of applications skyrockt, and more and more connected devices widen the perimeter, billions of new edges are being created that have to be managed and protected.
At the same time, companies are facing attacks that are increasingly sophisticated, and target the expanding digital infrastructure, including ones being driven by artificial intelligence and machine learning.
“To effectively secure their distributed networks, organisations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications,” the company says.